[VoiceOps] Interesting lead on international fraud

J. Oquendo joquendo at e-fensive.net
Mon May 13 12:57:48 EDT 2013


A while back, when I started streaming to Twitter
(https://twitter.com/efensive) I had wanted to post the
numbers being dialed by fraudsters so that others would
be able to see these numbers and block them. Difficult
to get a list of numbers called, in fact, I would hope
that no one would have a number to add, as that would mean
one was compromised. However, if anyone wants to share
#'s being dialed fraudulently, I will add them to the
Twitter stream and perhaps make an all inclusive list
freely available.

I added a few here and there, but I have also taken a lot
of proactive steps to reduce fraud. (Hello Jim and others
at Transnexus ;)) This is what I (we were I work) have
done.

I parse the logs on my SBCs on an hourly basis. The log
parsing does two distinct things, 1) tallies the volume
of calls, and two dissects which calls are going to
high rated areas.

STEP 1)
Download SBC logs
Perform a count against client trunks
Compare that count against a 90 day baseline
Report anomalies

This allows me to see when a trunk is generating a lot of
calls. Period

STEP 2)
Parse through SBC logs
Parse out DESTINATION (country code area code)
Check DESTINATIONS against a rate deck where price exceeds
N amount per minute (I have this set to about .21 (USD) per
minute. Report which trunk is making that call.
The reporting is automated and if anomalies are detected,
emails are sent and ALSO a call is generated to a group so
that we will know ASAP that something has happened.

We use Transnexus in ONE of our facilities, but have legacy
Netrakes in another. So we had to improvise. 

-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

42B0 5A53 6505 6638 44BB  3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF


More information about the VoiceOps mailing list