[VoiceOps] (no subject)

Matthew Yaklin myaklin at firstlight.net
Fri Apr 24 13:40:31 EDT 2015 

What ticks me off is the lack of the authorities and the largest telephone companies giving a crap about hunting down where these fraud calls are going and getting them shut down. Also are the large telephone companies even paying the terminating telephone company or just pocketing the fraud money themselves? Because they seem to enjoy billing the victims and if the victim does not pay they will turn off their service.


Seems like a telephone number can be tracked right to the telephone company who delivers the call to the end user which means the end user can be questioned to determine what is really going on. Yes I know they go over seas but the worst telephone companies who know fraud is happening can simply be told we will no longer deliver calls to you period. Clean your act up or live in your own little cut off piece of the world.


Or am I naive? This is not like hacking on the internet. These are telephone numbers which can easily be traced to exactly who is paying for the service and the telephone company terminating the call.


Matt



P.S. resending to the list because my new email address was not on the mailing list. my old was. just added it.



________________________________
From: VoiceOps <voiceops-bounces at voiceops.org> on behalf of Mark R Lindsey <lindsey at e-c-group.com>
Sent: Friday, April 24, 2015 1:24 PM
To: Rob Dawson
Cc: voiceops at voiceops.org
Subject: Re: [VoiceOps] (no subject)

I talk to a lot of service providers that are improving their security in the aftermath of fraud. When they're recovering from a fraud event:

-- They're coping with a loss of tens-of-thousands of dollars.

-- The ops teams must answer to senior management about how they let this happen.

-- They're confounded to know how the attacker figured out their password scheme, or their phone config file names.

-- Sometimes they're frustrated to find a silly mistake that was made long ago, and never fixed.

-- Sometimes they're concerned about an insider threat. (Is somebody selling our list of MAC addresses necessary to download all the config files?)

-- They may have legal questions, because in hosted PBX and SIP trunking, knowing exactly who's responsible for the security and who's got to pay for the fraud is unclear.

So for several reasons, you'll find them in poor spirits, and seldom ready to chit-chat.

All that said: good, informal relationships among the engineers and ops folks at different service providers can help a lot. Go to SIPNOC every year and meet your peers at other SP's. And go to your vendors' events, like the BroadSoft and Metaswitch customer meetings. Get to know some other tech folks, and keep in touch.

And of course, we consultants can help too. People from ECG and other consulting firms do promise to keep secrets of our clients, but we also learn the techniques and know-how used by the fraud attackers and the defenders.



              --- mailto:mark at ecg.co
                  tel:+1-229-316-0013
                  http://ecg.co/lindsey




On Apr 24, 2015, at 13:06 , Rob Dawson <rdawson at force3.com<mailto:rdawson at force3.com>> wrote:

I wasn’t necessarily thinking of a commercial solution, something more ad hoc, but they do have some pretty innovative and cool solutions.

Rob

From: Alex Hardie [mailto:ahardie at bellsouth.net]
Sent: Friday, April 24, 2015 11:55 AM
To: Rob Dawson
Cc: voiceops at voiceops.org<mailto:voiceops at voiceops.org>
Subject: Re: [VoiceOps] (no subject)

Have you looked at PinDrop? They specialize in toll fraud for both enterprises and carriers.

Alex Hardie

alex hardie | ahardie at bellsouth.net<mailto:ahardie at bellsouth.net> | +1 404 229 7635

On Apr 24, 2015, at 11:51 AM, Rob Dawson <rdawson at force3.com<mailto:rdawson at force3.com>> wrote:
Anyone aware of a voice fraud mailing list or listing service? Something of a repository of new attack vectors and remediations or something . . . just thinking it would be cool to see what new attacks people are running into.

If not, any thoughts on something like this?

Rob
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org>
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org>
https://puck.nether.net/mailman/listinfo/voiceops

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20150424/26708697/attachment-0001.html>

More information about the VoiceOps mailing list