[asterisk-users] Is there a public blacklist of hackers'IPaddresses?

[Wilton Helm]

Interesting thread.  I am not doing this commercially, so I don't know all of the issues at stake.  My initial reaction was, "what problem"?   But, subsequent posts have clarified that some.

I do see some mitigating factors though, particularly re the banking model.  First, telecom providers aren't generally dealing with large amounts of material susceptible to identity theft the way many other businesses are, nor are hackers generally looking there for such.  The main potential loss I am aware of, and that has been discussed here is provided services.

The impact of that depends on the model a particular company is working on.  The worst case is a re-seller who has to explicitly pay for each minute used/billed.  Other providers are paying for bandwidth, but that is more nebulous.  Sure, a provider makes money by selling minutes.  But the guy in China that hacked his way in isn't going to buy minutes of his hacking is denied, so there is no loss of potential revenue, only loss of available bandwidth.  If that bandwidth is significant it should raise an alarm, which one would hope would cast light on the "leak" and cause it to be discovered, rather than the available bandwidth increased.  If the loss is not significant enough to draw attention to itself it may well be a minor cost of doing business.

The OP mentioned insurance.  I'm not sure, at least in many cases, if the amount of potential hard cash liability exposure is sufficient to warrant insuring.  If someone is getting hacked to the tune of 10% of their bandwidth or revenue, and doesn't have any way of noticing the problem, they probably aren't qualified to be running such an operation.

One relevant example from the banking industry.  About once a year I get a call from one of my credit card providers wanting to know if I indeed made such and such a purchase at such an such a location.  Their potential exposure is very large and they do continuous, fine tuned profiling.  They know I don't live in Australia and if they start getting charged from companies in Australia, they want to know why!  They have it a bit easier, because they have more information to work with, but there are certainly things that can be profiled.  Most users are going to originate from one or a small number of IPs.  Some may originate from every Starbucks in the state, but that's a recognizable pattern.  Fortunately most hackers don't know that profile and won't necessarily steal the account information of someone who has a profile like they do.  Also, they tend to "call their girlfriend in Mexico 50 times in two weeks", which is hugely different that the real user does.  If nothing else, identity thieves (this is a form of identity theft) tend to use the stolen identity as much as possible before it gets discovered and stopped.  That alone is a major profile difference from a typical user.

Wilton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090326/06e1464f/attachment.htm