<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Arial; font-size: 12pt; color: #000000'>Most carriers should have a call analyzing software that they use for finding calls.<br><br>empirix hammer, agilient etc.<br><br>We use them for putting together situations like these.<br><br>I seem to recall a method of manipulating a call like this by having a number on the originating switch forward it's incoming calls to another number that can deliver a dial tone and pass the calls through that way. something like that.....<br><br>do you have a calling pattern that you are able to share? I might be interested to scan it past my switches to see if anything is going on as well.<br><br><br>Any suggestions what I should be asking the long distance carrier who<br>>>
warned us about this?<br><br>I would be asking for any call details they may be able to give you, call times etc. they may or may not share, it may be proprietary for them.<br><br><br>thanks, <br><br>joel<br><br><br><br>----- Original Message -----<br>From: "Matt Yaklin" <myaklin@g4.net><br>To: "Paul Timmins" <paul@timmins.net><br>Cc: VoiceOps@voiceops.org<br>Sent: Friday, April 16, 2010 5:50:29 PM GMT -07:00 US/Canada Mountain<br>Subject: Re: [VoiceOps] A question about some international calling fraud to Eritrea<br><br><br><br>On Fri, 16 Apr 2010, Paul Timmins wrote:<br><br>> Can Fairpoint take the originating trunk group information and date from the <br>> LD carrier and correlate them in their cabs records to determine the <br>> originating trunk group / line?<br>><br><br>That is exactly what we plan to do as the next step. We are asking our<br>long distance carrier for more information. As in the raw CDRs and a<br>bit of assistance from them on what value the trunk number matches up<br>to their circuits from Fairpoint, etc...<br><br>I am not sure if any of you have worked with Fairpoint since they bought<br>out some of Verizon but it is not very much fun to say the least. An ILEC<br>is a beast to begin with but then add in a buy out that did not go very<br>smoothly... sigh.<br><br>Thanks Paul for the advice.<br><br>matt@G4.net<br><br><br>> -Paul<br>><br>><br>> Matt Yaklin wrote:<br>>> <br>>> Hey all,<br>>> <br>>> I will try to explain this the best I can.<br>>> <br>>> We got a call from one of our long distance carriers today telling us<br>>> that we had a spike of long distance international calls going through<br>>> their switch. These calls were to Africa and the country name is Eritrea.<br>>> <br>>> The originating number is a customer of ours. The trick is that this<br>>> customer uses resold ILEC POTs lines that has their long distance calls<br>>> PIC'd to the carrier who called to warn us about the spike of odd call<br>>> traffic.<br>>> <br>>> This customer of ours happens to be a large agency in NH who has the<br>>> ability to look at CDRs directly from the 5ESS in Concord, NH. A rather<br>>> special situation to say the least.<br>>> <br>>> They can state, with quite a bit of assurance, that these calls were not<br>>> generated from their PBX/network as they cannot see any records for them.<br>>> <br>>> Also, as I checked earlier, these calls did not go through any of my<br>>> switches/asterisk servers.<br>>> <br>>> So the customer and I are left wondering how these calls managed to get<br>>> to this long distance carrier who warned us about the spike. The calls<br>>> came into this long distance carrier from the Manchester, NH Fairpoint<br>>> tandem.<br>>> <br>>> Naturally we will try to contact Fairpoint for assistance but I am not<br>>> very hopeful at this point they will be much help.<br>>> <br>>> The long distance carrier who warned us tends to think that the calls<br>>> were generated by our customer who has something SIP/PBX insecure but when<br>>> the customer has a link to look at CDR records right from the 5ESS he<br>>> is rather sure that is not the case.<br>>> <br>>> I am trying to figure out creative ways this fraud can be happening if<br>>> the customer is not at fault. One way is for a person who owns/operates<br>>> a full blown switch to generate this type of fraud but it does seem<br>>> unlikely.<br>>> <br>>> Any suggestions what I should be asking the long distance carrier who<br>>> warned us about this?<br>>> <br>>> Any suggestions on how this type of fraud can be committed without<br>>> the customer being the cause?<br>>> <br>>> Should I be grilling our customer one more time stating that since<br>>> the originating number was theirs AND that it was PIC'd to the right<br>>> long distance carrier... it is hard to imagine that someone could<br>>> duplicate this fraud that easily?<br>>> <br>>> Thank you for your time. I hope I was clear enough to give you an<br>>> idea of what is going on.<br>>> <br>>> matt@g4.net<br>>> _______________________________________________<br>>> VoiceOps mailing list<br>>> VoiceOps@voiceops.org<br>>> https://puck.nether.net/mailman/listinfo/voiceops<br>>> <br>><br>_______________________________________________<br>VoiceOps mailing list<br>VoiceOps@voiceops.org<br>https://puck.nether.net/mailman/listinfo/voiceops<br></div></body></html>