[asterisk-users] fraud advice

Cary Fitch caryf at usawide.net
Thu Oct 14 21:43:45 CDT 2010 

As a practical matter, on anything that can generate endless billings, there
should be a dumb trap that compares current usage to history (last month)
and if usage exceeds 2/1 or 3/1 for instance then usage is choked or denied
enough to cause the user to complain or perhaps generate a message to call
customer support, (or call your cell phone!)

Then if it is valid, raise last month's reference enough to let current
calling continue.  If it isn't valid you have found a problem and saved your
or your customer's caboose.

As to who to complain to, gather all info possible and report to everyone
you can find.  Someone may investigate, but there isn't likely anyone who
will absolve the problem.  Some will just take the report and ... as far as
you are concerned, do nothing.  There isn't much a local police dept. can do
about a hacker in Western Slobovia cracking your server.

Generally the FBI doesn't take matters of less than $10,000.  But it sounds
like you may meet that test.

But they could take months or years or never finding the culprit and finding
the culprit will likely net you nothing financial for you will be 1/10,000
of the fraud they did.

This is a problem like spam in email.  But this has cash costs to the server
operator/customer.  Passwords need to be un-crack-able, and there should be
usage alarms, as described above.

Depending on the situation even a single counter to your upstream billable
sip server for all usage would likely trip on excessive usage and save your
bacon. 


Cary Fitch





-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Jeff
LaCoursiere
Sent: Thursday, October 14, 2010 8:11 PM
To: asterisk-users at lists.digium.com
Subject: [asterisk-users] fraud advice


Hi,

Embarrassed as I am to write this, I am hoping for some advice.  One of 
our very first PBX installs, now six years old, was "taken advantage of" 
over the past few weeks.  A victim of sipvicious, I assume, that managed 
to guess one of the SIP passwords.  4000 calls to various middle eastern 
destinations have been placed, which ended up being sent over our 
customer's PSTN trunk, and of course there was no warning until the bill 
came today.  Unfortunately the bill only covered the first few days of 
this fiasco, and was only $700.  I am afraid the one that is on the way 
will be tens of thousands.  ONE CALL on the bill that just arrived was 
$200 (80 minutes to Sierra Leone).

I'm sure this started out as a single scan.  It must have been posted, 
because I have at least ten IP addresses now that were placing calls via 
the same peer.  They are from all over the world.

So what is the accepted procedure?  I'm in the US Virgin Islands, so do I 
go to the FBI?  Police?  Is their some telecom fraud body to report such 
things to?  Does any one ever get any relief from such events?

I'm basically sick to my stomach right now.

j

-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list