SlideShare a Scribd company logo

Hacking PBXs for international revenue share fraud

cVidya Networks
cVidya Networks

PBX Fraud is still ranked as a top emerging fraud method globally and is a big concern in all telecom operators. In the last CFCA Educational Event in Seattle, Mr. Tal Eisner, cVidya's Senior Director Product Strategy, presented a case study on the topic of “Hacking PBXs for international revenue share fraud".

TechnologyNews & Politics
1 of 20
Download to read offline
Hacking PBXs for International Revenue Share Fraud Tal Eisner CFCA Winter Educational event Seattle, WA October 2013 © 2013 – PROPRIETARY AND CONFIDENTIAL INFORMATION OF CVIDYA
Content  The PBX Hacking challenge – questions to be asked, answers to be given  Case study from A European operator – What happened? – How was it detected? – Action items and measures taken  Lessons learned 2
PBX Hacking
PBX Hacking  Global annual damages of over $ 4B  Reported incidents have increased dramatically since the introduction and penetration of IP-based PBXs  Mode of operation has became sophisticated & professional  IP-based PBX security layers are relatively thin and vulnerable  Consequences of hacking are extensive and its financial implications must be addressed 4
Frequently Asked Questions Who’s liable for the calls What is the incentive to commit PBX hacking How does such hacking take place What protective measures can be taken against such hacking 5 How is a PBX being accessed What kind of preventive measurements can be taken
Case Study Tier 2 operator in Europe detects an organized, sophisticated hacking scheme 6
Case Study  FMS started alerting on high volumes of calls within short time periods to Hot listed risky ranges  Primary investigation concluded the following: – Calls had long duration – All destinations were PRS/IRSF – Abnormal accumulated volumes in overlapping time frames (e.g., total of 5 hours in 45 minutetime frame) – All CDRs had CFW indicators, and optional numbers were present 7
FraudView Alerts on Abnormal Traffic 8
Mode of Operation  Calls come in over IP and port scanning takes place  Hackers seek an “open port” to use as an international gateway  In order to check whether the gate is “open” – hackers use test numbers to make sure the line has international access  Known test numbers circulate as hot lists in the hacker community  Once an open gate is established and verified, an immediate surge of calls follows  Calls are forwarded from the PBX extension to PRS numbers  ALL calls are transferred to PRS destinations 9
Forwarding All Calls to PRS Destinations 10
Online Publications of Test Numbers 11
Gathering Intelligence on Test Numbers 12
Detection Process  Controls on : – Calls forwarded to international destinations – Calls by optional numbers to known risky/PRS ranges – Aggregation of calls to international calls (mainly PRS) – Accumulation of calls within a short time frame (e.g., 5 Hours in 1 hour) – Detection of series of calls with similar duration (indication of automatic dialer) 13
Observations  Modus Operandi: ”Attack” CFW Hacking  Manipulation of a number/originating number for disguise  Relating attempt to forward calls straight after option is blocked  Significant volumes of calls - such acts are not designed for “small change”  Dominant motivation for hacking is inflation of PRS traffic 14
Detecting via Optional Number (CFW) 15
Scanning via Test Numbers for Open Ports 16
From Reaction to Prevention  Core of the attack lies in CFW to international traffic  Action taken: – Process of CFW INTL deletion on provisioning level – Request for cancelation of feature for existing and new customers – Response for exceptions  Hacker tries any means to disguise his/her identity, carrier, destinations and optional number – Quick analysis and response are therefore key!  ALL calls to known test numbers are being monitored and analyzed  Restriction of accumulated traffic simultaneously over PBX 17
CFW Provisioning by Hacker 18
Lessons Learned  Maximum visibility of customer details is must  Old methods of simply calling to PBX extensions are gone…  Controls must be updated constantly – Thresholds to be tuned – Destinations to be changed  SS7 info provides flexible switching info that might be key  Real-time alerting via email/SMS can prevent large-scale financial impacts  Cross-company cooperation is essential for profound investigations and deeper understanding of phenomena 19
THANK YOU! www.cvidya.com

Recommended

FraudStrike
FraudStrike FraudStrike
FraudStrike
XINTEC
 
International Revenue Share Fraud webinar
International Revenue Share Fraud webinarInternational Revenue Share Fraud webinar
International Revenue Share Fraud webinar
XINTEC
 
IRSF Protection with PRISM
IRSF Protection with PRISMIRSF Protection with PRISM
IRSF Protection with PRISM
XINTEC
 
FraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlFraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under Control
Richard Hickson
 
IRSF
IRSFIRSF
IRSF
Akhil Singh Rawat
 
Frauds in telecom sector
Frauds in telecom sectorFrauds in telecom sector
Frauds in telecom sector
sksahu099
 
Pabx fraud
Pabx fraudPabx fraud
Pabx fraud
Neadus Callus Fire & Security
 
VoIP Threat and Security - I
VoIP Threat and Security - IVoIP Threat and Security - I
VoIP Threat and Security - I
Mithilesh Kumar - AWS, VCP,ITIL,SSCA
 

Recommended

FraudStrike
FraudStrike FraudStrike
FraudStrike
XINTEC
 
International Revenue Share Fraud webinar
International Revenue Share Fraud webinarInternational Revenue Share Fraud webinar
International Revenue Share Fraud webinar
XINTEC
 
IRSF Protection with PRISM
IRSF Protection with PRISMIRSF Protection with PRISM
IRSF Protection with PRISM
XINTEC
 
FraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlFraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under Control
Richard Hickson
 
IRSF
IRSFIRSF
IRSF
Akhil Singh Rawat
 
Frauds in telecom sector
Frauds in telecom sectorFrauds in telecom sector
Frauds in telecom sector
sksahu099
 
Pabx fraud
Pabx fraudPabx fraud
Pabx fraud
Neadus Callus Fire & Security
 
VoIP Threat and Security - I
VoIP Threat and Security - IVoIP Threat and Security - I
VoIP Threat and Security - I
Mithilesh Kumar - AWS, VCP,ITIL,SSCA
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days
 
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
Fatih Ozavci
 
The Great Unknown - How can operators leverage big data to prevent future rev...
The Great Unknown - How can operators leverage big data to prevent future rev...The Great Unknown - How can operators leverage big data to prevent future rev...
The Great Unknown - How can operators leverage big data to prevent future rev...
cVidya Networks
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
Network Intelligence India
 
Training Report at Mobitel
Training Report at MobitelTraining Report at Mobitel
Training Report at Mobitel
Dinusha Dilanka
 
Revenue assurance in telecom
Revenue assurance in telecomRevenue assurance in telecom
Revenue assurance in telecom
cVidya Networks
 
Fraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidyaFraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidya
cVidya Networks
 
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk" "The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
cVidya Networks
 
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue AssuranceHow to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
cVidya Networks
 
Big Data Monetization - The Path From Internal to External
Big Data Monetization - The Path From Internal to ExternalBig Data Monetization - The Path From Internal to External
Big Data Monetization - The Path From Internal to External
cVidya Networks
 
Dialog telekom limite1
Dialog telekom limite1Dialog telekom limite1
Dialog telekom limite1
niroshiniz
 
Marketing report mobile service industry (1)
Marketing report mobile service industry (1)Marketing report mobile service industry (1)
Marketing report mobile service industry (1)
cherath
 
SWOT Analysis on Dialog PLC
SWOT Analysis on Dialog PLCSWOT Analysis on Dialog PLC
SWOT Analysis on Dialog PLC
Jetwing Travels
 
Top 16 ways to make money online forever
Top 16 ways to make money online foreverTop 16 ways to make money online forever
Top 16 ways to make money online forever
jobguide247
 
Fraud Management Industry Update Webinar
Fraud Management Industry Update WebinarFraud Management Industry Update Webinar
Fraud Management Industry Update Webinar
cVidya Networks
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
MarketingArrowECS_CZ
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
Eric Klein
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999
TomParker
 
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Carl Blume
 
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
ForgeRock
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System Secure
Digium
 

More Related Content

Viewers also liked

Training Report at Mobitel
Training Report at MobitelTraining Report at Mobitel
Training Report at Mobitel
Dinusha Dilanka
 
Fraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidyaFraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidya
cVidya Networks
 
Dialog telekom limite1
Dialog telekom limite1Dialog telekom limite1
Dialog telekom limite1
niroshiniz
 
Marketing report mobile service industry (1)
Marketing report mobile service industry (1)Marketing report mobile service industry (1)
Marketing report mobile service industry (1)
cherath
 
SWOT Analysis on Dialog PLC
SWOT Analysis on Dialog PLCSWOT Analysis on Dialog PLC
SWOT Analysis on Dialog PLC
Jetwing Travels
 

Viewers also liked (15)

Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshop
 
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
 
The Great Unknown - How can operators leverage big data to prevent future rev...
The Great Unknown - How can operators leverage big data to prevent future rev...The Great Unknown - How can operators leverage big data to prevent future rev...
The Great Unknown - How can operators leverage big data to prevent future rev...
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Training Report at Mobitel
Training Report at MobitelTraining Report at Mobitel
Training Report at Mobitel
 
Revenue assurance in telecom
Revenue assurance in telecomRevenue assurance in telecom
Revenue assurance in telecom
 
Fraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidyaFraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidya
 
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk" "The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
 
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue AssuranceHow to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
 
Big Data Monetization - The Path From Internal to External
Big Data Monetization - The Path From Internal to ExternalBig Data Monetization - The Path From Internal to External
Big Data Monetization - The Path From Internal to External
 
Dialog telekom limite1
Dialog telekom limite1Dialog telekom limite1
Dialog telekom limite1
 
Marketing report mobile service industry (1)
Marketing report mobile service industry (1)Marketing report mobile service industry (1)
Marketing report mobile service industry (1)
 
SWOT Analysis on Dialog PLC
SWOT Analysis on Dialog PLCSWOT Analysis on Dialog PLC
SWOT Analysis on Dialog PLC
 
Top 16 ways to make money online forever
Top 16 ways to make money online foreverTop 16 ways to make money online forever
Top 16 ways to make money online forever
 

Similar to Hacking PBXs for international revenue share fraud

conf2014_PeterLam_Splunk_Security
conf2014_PeterLam_Splunk_Securityconf2014_PeterLam_Splunk_Security
conf2014_PeterLam_Splunk_Security
peter lam
 

Similar to Hacking PBXs for international revenue share fraud (20)

Fraud Management Industry Update Webinar
Fraud Management Industry Update WebinarFraud Management Industry Update Webinar
Fraud Management Industry Update Webinar
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999
 
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
 
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System Secure
 
CMIT 321 QUIZ 1
CMIT 321 QUIZ 1CMIT 321 QUIZ 1
CMIT 321 QUIZ 1
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
 
Voice communication security
Voice communication securityVoice communication security
Voice communication security
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking security
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
 
conf2014_PeterLam_Splunk_Security
conf2014_PeterLam_Splunk_Securityconf2014_PeterLam_Splunk_Security
conf2014_PeterLam_Splunk_Security
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-Time
 
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
 
How to Prevent Telecom Fraud
How to Prevent Telecom FraudHow to Prevent Telecom Fraud
How to Prevent Telecom Fraud
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-Time
 

More from cVidya Networks

More from cVidya Networks (20)

Revenue Assurance Industry Update - Webinar by Dr. Gadi Solotorevsky, cVidya'...
Revenue Assurance Industry Update - Webinar by Dr. Gadi Solotorevsky, cVidya'...Revenue Assurance Industry Update - Webinar by Dr. Gadi Solotorevsky, cVidya'...
Revenue Assurance Industry Update - Webinar by Dr. Gadi Solotorevsky, cVidya'...
 
Utilizing Big Data to Optimize Customer Value Management Strategies
Utilizing Big Data to Optimize Customer Value Management StrategiesUtilizing Big Data to Optimize Customer Value Management Strategies
Utilizing Big Data to Optimize Customer Value Management Strategies
 
“Full Strike – using your data to hit targeting, proposition and strategic in...
“Full Strike – using your data to hit targeting, proposition and strategic in...“Full Strike – using your data to hit targeting, proposition and strategic in...
“Full Strike – using your data to hit targeting, proposition and strategic in...
 
Why should RA & Fraud Managers rethink the way they manage their business?
Why should RA & Fraud Managers rethink the way they manage their business?Why should RA & Fraud Managers rethink the way they manage their business?
Why should RA & Fraud Managers rethink the way they manage their business?
 
How to monetize and generate revenues from data services in a competitive market
How to monetize and generate revenues from data services in a competitive marketHow to monetize and generate revenues from data services in a competitive market
How to monetize and generate revenues from data services in a competitive market
 
cVidya RA for Electric Utilities - RA Forum Conference
cVidya RA for Electric Utilities - RA Forum ConferencecVidya RA for Electric Utilities - RA Forum Conference
cVidya RA for Electric Utilities - RA Forum Conference
 
Shift at work of fraud management
Shift at work of fraud managementShift at work of fraud management
Shift at work of fraud management
 
Smart Margin Analytics: Adding Margin Assurance Capability to Revenue Assurance
Smart Margin Analytics: Adding Margin Assurance Capability to Revenue AssuranceSmart Margin Analytics: Adding Margin Assurance Capability to Revenue Assurance
Smart Margin Analytics: Adding Margin Assurance Capability to Revenue Assurance
 
TM Forum Presentation with cVidya and Alltel
TM Forum Presentation with cVidya and AlltelTM Forum Presentation with cVidya and Alltel
TM Forum Presentation with cVidya and Alltel
 
TM Forum #MWA12 Catalyst Presentation with cVidya
TM Forum #MWA12 Catalyst Presentation with cVidyaTM Forum #MWA12 Catalyst Presentation with cVidya
TM Forum #MWA12 Catalyst Presentation with cVidya
 
Wholesale Fraud - Jason Lane-Sellers of cVidya
Wholesale Fraud - Jason Lane-Sellers of cVidyaWholesale Fraud - Jason Lane-Sellers of cVidya
Wholesale Fraud - Jason Lane-Sellers of cVidya
 
Telco’s change in Climate Brings new opportunities for growth
Telco’s change in Climate Brings new opportunities for growthTelco’s change in Climate Brings new opportunities for growth
Telco’s change in Climate Brings new opportunities for growth
 
The Impact Data Traffic Explosion and LTE on Revenue Assurance
The Impact Data Traffic Explosion and LTE on Revenue AssuranceThe Impact Data Traffic Explosion and LTE on Revenue Assurance
The Impact Data Traffic Explosion and LTE on Revenue Assurance
 
Enterprise Fraud Management - Challenges Brings New Opportunities
Enterprise Fraud Management - Challenges Brings New OpportunitiesEnterprise Fraud Management - Challenges Brings New Opportunities
Enterprise Fraud Management - Challenges Brings New Opportunities
 
Pricing Analytics - Pricing Mobile Data, London 2012
Pricing Analytics - Pricing Mobile Data, London 2012Pricing Analytics - Pricing Mobile Data, London 2012
Pricing Analytics - Pricing Mobile Data, London 2012
 
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & OpportunitiesJoint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
 
Cloud based fraud detection and management solution – alaska communications c...
Cloud based fraud detection and management solution – alaska communications c...Cloud based fraud detection and management solution – alaska communications c...
Cloud based fraud detection and management solution – alaska communications c...
 
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
 
Cloud Services: Resolving the Trust vs. Uptake Paradox
Cloud Services: Resolving the Trust vs. Uptake ParadoxCloud Services: Resolving the Trust vs. Uptake Paradox
Cloud Services: Resolving the Trust vs. Uptake Paradox
 
Bringing Shadow IT into the Light with a Centralized IT Cloud Migration Strategy
Bringing Shadow IT into the Light with a Centralized IT Cloud Migration StrategyBringing Shadow IT into the Light with a Centralized IT Cloud Migration Strategy
Bringing Shadow IT into the Light with a Centralized IT Cloud Migration Strategy
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Hacking PBXs for international revenue share fraud

  • 1. Hacking PBXs for International Revenue Share Fraud Tal Eisner CFCA Winter Educational event Seattle, WA October 2013 © 2013 – PROPRIETARY AND CONFIDENTIAL INFORMATION OF CVIDYA
  • 2. Content  The PBX Hacking challenge – questions to be asked, answers to be given  Case study from A European operator – What happened? – How was it detected? – Action items and measures taken  Lessons learned 2
  • 4. PBX Hacking  Global annual damages of over $ 4B  Reported incidents have increased dramatically since the introduction and penetration of IP-based PBXs  Mode of operation has became sophisticated & professional  IP-based PBX security layers are relatively thin and vulnerable  Consequences of hacking are extensive and its financial implications must be addressed 4
  • 5. Frequently Asked Questions Who’s liable for the calls What is the incentive to commit PBX hacking How does such hacking take place What protective measures can be taken against such hacking 5 How is a PBX being accessed What kind of preventive measurements can be taken
  • 6. Case Study Tier 2 operator in Europe detects an organized, sophisticated hacking scheme 6
  • 7. Case Study  FMS started alerting on high volumes of calls within short time periods to Hot listed risky ranges  Primary investigation concluded the following: – Calls had long duration – All destinations were PRS/IRSF – Abnormal accumulated volumes in overlapping time frames (e.g., total of 5 hours in 45 minutetime frame) – All CDRs had CFW indicators, and optional numbers were present 7
  • 8. FraudView Alerts on Abnormal Traffic 8
  • 9. Mode of Operation  Calls come in over IP and port scanning takes place  Hackers seek an “open port” to use as an international gateway  In order to check whether the gate is “open” – hackers use test numbers to make sure the line has international access  Known test numbers circulate as hot lists in the hacker community  Once an open gate is established and verified, an immediate surge of calls follows  Calls are forwarded from the PBX extension to PRS numbers  ALL calls are transferred to PRS destinations 9
  • 10. Forwarding All Calls to PRS Destinations 10
  • 11. Online Publications of Test Numbers 11
  • 12. Gathering Intelligence on Test Numbers 12
  • 13. Detection Process  Controls on : – Calls forwarded to international destinations – Calls by optional numbers to known risky/PRS ranges – Aggregation of calls to international calls (mainly PRS) – Accumulation of calls within a short time frame (e.g., 5 Hours in 1 hour) – Detection of series of calls with similar duration (indication of automatic dialer) 13
  • 14. Observations  Modus Operandi: ”Attack” CFW Hacking  Manipulation of a number/originating number for disguise  Relating attempt to forward calls straight after option is blocked  Significant volumes of calls - such acts are not designed for “small change”  Dominant motivation for hacking is inflation of PRS traffic 14
  • 15. Detecting via Optional Number (CFW) 15
  • 16. Scanning via Test Numbers for Open Ports 16
  • 17. From Reaction to Prevention  Core of the attack lies in CFW to international traffic  Action taken: – Process of CFW INTL deletion on provisioning level – Request for cancelation of feature for existing and new customers – Response for exceptions  Hacker tries any means to disguise his/her identity, carrier, destinations and optional number – Quick analysis and response are therefore key!  ALL calls to known test numbers are being monitored and analyzed  Restriction of accumulated traffic simultaneously over PBX 17
  • 18. CFW Provisioning by Hacker 18
  • 19. Lessons Learned  Maximum visibility of customer details is must  Old methods of simply calling to PBX extensions are gone…  Controls must be updated constantly – Thresholds to be tuned – Destinations to be changed  SS7 info provides flexible switching info that might be key  Real-time alerting via email/SMS can prevent large-scale financial impacts  Cross-company cooperation is essential for profound investigations and deeper understanding of phenomena 19