[VoiceOps] Interesting lead on international fraud
Simon Woodhead
simon.woodhead at simwood.com
Tue May 14 15:26:17 EDT 2013
Hi folks,
Useful feed that J. We publish similar in text file format:
http://mirror.simwood.com/honeypot
Simon
On 14 May 2013 20:07, PE <peeip989 at gmail.com> wrote:
> J,
>
> Is there an easy way to get the data from the twitter feed in a list
> format? This is great info. Thanks
>
>
> On Mon, May 13, 2013 at 12:57 PM, J. Oquendo <joquendo at e-fensive.net>wrote:
>
>> A while back, when I started streaming to Twitter
>> (https://twitter.com/efensive) I had wanted to post the
>> numbers being dialed by fraudsters so that others would
>> be able to see these numbers and block them. Difficult
>> to get a list of numbers called, in fact, I would hope
>> that no one would have a number to add, as that would mean
>> one was compromised. However, if anyone wants to share
>> #'s being dialed fraudulently, I will add them to the
>> Twitter stream and perhaps make an all inclusive list
>> freely available.
>>
>> I added a few here and there, but I have also taken a lot
>> of proactive steps to reduce fraud. (Hello Jim and others
>> at Transnexus ;)) This is what I (we were I work) have
>> done.
>>
>> I parse the logs on my SBCs on an hourly basis. The log
>> parsing does two distinct things, 1) tallies the volume
>> of calls, and two dissects which calls are going to
>> high rated areas.
>>
>> STEP 1)
>> Download SBC logs
>> Perform a count against client trunks
>> Compare that count against a 90 day baseline
>> Report anomalies
>>
>> This allows me to see when a trunk is generating a lot of
>> calls. Period
>>
>> STEP 2)
>> Parse through SBC logs
>> Parse out DESTINATION (country code area code)
>> Check DESTINATIONS against a rate deck where price exceeds
>> N amount per minute (I have this set to about .21 (USD) per
>> minute. Report which trunk is making that call.
>> The reporting is automated and if anomalies are detected,
>> emails are sent and ALSO a call is generated to a group so
>> that we will know ASAP that something has happened.
>>
>> We use Transnexus in ONE of our facilities, but have legacy
>> Netrakes in another. So we had to improvise.
>>
>> --
>> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
>> J. Oquendo
>> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
>>
>> "Where ignorance is our master, there is no possibility of
>> real peace" - Dalai Lama
>>
>> 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
>> _______________________________________________
>> VoiceOps mailing list
>> VoiceOps at voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops
>>
>
>
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>
>
--
***** Email confidentiality notice *****
This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.
Simwood eSMS Limited is a limited company registered in England and Wales. Registered number: 03379831. Registered office: c/o HW Chartered Accountants, Keepers Lane, The Wergs, Wolverhampton, WV6 8UA. Trading address: Falcon Drive, Cardiff Bay, Cardiff, CF10 4RU.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20130514/9d730f97/attachment.html>
More information about the VoiceOps
mailing list