<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif";color:black'>>>>>I
seem to recall a method of manipulating a call like this by having a
number on the originating switch forward it's incoming calls to another number
that can deliver a dial tone and pass the calls through that way.
something like that.....<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif";color:black'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>DISA or voice portal dialing compromise possibly but you should
still see the call origination.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
voiceops-bounces@voiceops.org [mailto:voiceops-bounces@voiceops.org] <b>On
Behalf Of </b>cololiberty@comcast.net<br>
<b>Sent:</b> Friday, April 16, 2010 10:18 PM<br>
<b>To:</b> voiceops@voiceops.org<br>
<b>Subject:</b> Re: [VoiceOps] A question about some international calling
fraud to Eritrea<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif";color:black'>Most
carriers should have a call analyzing software that they use for finding calls.<br>
<br>
empirix hammer, agilient etc.<br>
<br>
We use them for putting together situations like these.<br>
<br>
I seem to recall a method of manipulating a call like this by having a
number on the originating switch forward it's incoming calls to another number
that can deliver a dial tone and pass the calls through that way.
something like that.....<br>
<br>
do you have a calling pattern that you are able to share? I might be
interested to scan it past my switches to see if anything is going on as well.<br>
<br>
<br>
Any suggestions what I should be asking the long distance carrier who<br>
>> warned us about this?<br>
<br>
I would be asking for any call details they may be able to give you, call times
etc. they may or may not share, it may be proprietary for them.<br>
<br>
<br>
thanks, <br>
<br>
joel<br>
<br>
<br>
<br>
----- Original Message -----<br>
From: "Matt Yaklin" <myaklin@g4.net><br>
To: "Paul Timmins" <paul@timmins.net><br>
Cc: VoiceOps@voiceops.org<br>
Sent: Friday, April 16, 2010 5:50:29 PM GMT -07:00 US/Canada Mountain<br>
Subject: Re: [VoiceOps] A question about some international calling fraud to
Eritrea<br>
<br>
<br>
<br>
On Fri, 16 Apr 2010, Paul Timmins wrote:<br>
<br>
> Can Fairpoint take the originating trunk group information and date from
the <br>
> LD carrier and correlate them in their cabs records to determine the <br>
> originating trunk group / line?<br>
><br>
<br>
That is exactly what we plan to do as the next step. We are asking our<br>
long distance carrier for more information. As in the raw CDRs and a<br>
bit of assistance from them on what value the trunk number matches up<br>
to their circuits from Fairpoint, etc...<br>
<br>
I am not sure if any of you have worked with Fairpoint since they bought<br>
out some of Verizon but it is not very much fun to say the least. An ILEC<br>
is a beast to begin with but then add in a buy out that did not go very<br>
smoothly... sigh.<br>
<br>
Thanks Paul for the advice.<br>
<br>
matt@G4.net<br>
<br>
<br>
> -Paul<br>
><br>
><br>
> Matt Yaklin wrote:<br>
>> <br>
>> Hey all,<br>
>> <br>
>> I will try to explain this the best I can.<br>
>> <br>
>> We got a call from one of our long distance carriers today telling us<br>
>> that we had a spike of long distance international calls going through<br>
>> their switch. These calls were to Africa and the country name is
Eritrea.<br>
>> <br>
>> The originating number is a customer of ours. The trick is that this<br>
>> customer uses resold ILEC POTs lines that has their long distance
calls<br>
>> PIC'd to the carrier who called to warn us about the spike of odd call<br>
>> traffic.<br>
>> <br>
>> This customer of ours happens to be a large agency in NH who has the<br>
>> ability to look at CDRs directly from the 5ESS in Concord, NH. A
rather<br>
>> special situation to say the least.<br>
>> <br>
>> They can state, with quite a bit of assurance, that these calls were
not<br>
>> generated from their PBX/network as they cannot see any records for
them.<br>
>> <br>
>> Also, as I checked earlier, these calls did not go through any of my<br>
>> switches/asterisk servers.<br>
>> <br>
>> So the customer and I are left wondering how these calls managed to
get<br>
>> to this long distance carrier who warned us about the spike. The calls<br>
>> came into this long distance carrier from the Manchester, NH Fairpoint<br>
>> tandem.<br>
>> <br>
>> Naturally we will try to contact Fairpoint for assistance but I am not<br>
>> very hopeful at this point they will be much help.<br>
>> <br>
>> The long distance carrier who warned us tends to think that the calls<br>
>> were generated by our customer who has something SIP/PBX insecure but
when<br>
>> the customer has a link to look at CDR records right from the 5ESS he<br>
>> is rather sure that is not the case.<br>
>> <br>
>> I am trying to figure out creative ways this fraud can be happening if<br>
>> the customer is not at fault. One way is for a person who
owns/operates<br>
>> a full blown switch to generate this type of fraud but it does seem<br>
>> unlikely.<br>
>> <br>
>> Any suggestions what I should be asking the long distance carrier who<br>
>> warned us about this?<br>
>> <br>
>> Any suggestions on how this type of fraud can be committed without<br>
>> the customer being the cause?<br>
>> <br>
>> Should I be grilling our customer one more time stating that since<br>
>> the originating number was theirs AND that it was PIC'd to the right<br>
>> long distance carrier... it is hard to imagine that someone could<br>
>> duplicate this fraud that easily?<br>
>> <br>
>> Thank you for your time. I hope I was clear enough to give you an<br>
>> idea of what is going on.<br>
>> <br>
>> matt@g4.net<br>
>> _______________________________________________<br>
>> VoiceOps mailing list<br>
>> VoiceOps@voiceops.org<br>
>> https://puck.nether.net/mailman/listinfo/voiceops<br>
>> <br>
><br>
_______________________________________________<br>
VoiceOps mailing list<br>
VoiceOps@voiceops.org<br>
https://puck.nether.net/mailman/listinfo/voiceops<o:p></o:p></span></p>
</div>
</div>
</body>
</html>