[VoiceOps] h.323 breech and toll fraud case
Adam Botbyl
adam.botbyl at gmail.com
Tue Feb 8 22:30:03 EST 2011
One of my customers just got hit by the same type of traffic
The TN's dialed were:
+881835211670
+881842011400
+881935211660
+881935211900
+881935211914
+881935211915
+881935211916
+881935211920
+881942011157
+881942011158
+881942011540
Some other insight on these breeches:
Most sat plans (at least that resellers get) include free direct inbound
and only bill if you use a dial-around (i.e. Iridium 2-stage dialing
etc.)
Either way if the owner of the DN was being billed they would just
scream fraud, thus the reseller would be risking a lot to make a few
quick bucks.
I would think someone between the call path would be the one benefiting
from this scheme, it's a weird one at that.
On Wed, Jan 26, 2011 at 18:20, Carlos Alvarez <carlos at televolve.com> wrote:
> A company we work closely with, but is not our customer, had their Cisco
> Call Manager hacked due to some h.323 vulnerability that I don't have full
> details on yet. There were a number of calls placed to:
>
> 881835211540
> 881835211556
> 881835211547
>
> My findings indicate these are Globalstar satellite numbers that cost
> somewhere between $4 and $7/minute to call, depending on carrier. The
> victim's carrier is billing them at $6.50. The total bill for the event is
> around $13k. This is a small company that can't really afford this. I am
> not an interested party in the sense that it wasn't on our network, but it's
> a company we work with a lot and want to help. I also want to learn from
> this to potentially protect our own network.
>
> Some questions...
>
> 1. What is the scam here? The recipient of those calls doesn't gain
> anything, and placing a few calls to three specific satellite phones seems
> to have little purpose. Many of the calls were concurrent. It all happened
> in the span of just a few hours.
>
> 2. Anyone experienced the same thing with those numbers or similar numbers?
>
> 3. About a year ago I attended an FBI presentation on VoIP fraud and there
> was a VoIP specialist who gave his contact info, but I can't find it. What
> is the best way for this company to report this crime?
>
> --
> Carlos Alvarez
> TelEvolve
> 602-889-3003
>
>
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>
More information about the VoiceOps
mailing list