<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Am 01.10.2014 um 18:19 schrieb Markus:<br>
</div>
<blockquote cite="mid:542C299B.3070706@truemetal.org" type="cite">Am
01.10.2014 11:40, schrieb Olivier:
<br>
<blockquote type="cite">Some special numbers generate here and
there revenues for callees (and
<br>
not for callers).
<br>
</blockquote>
<br>
Not just some, but ALL numbers generate revenue for the receiving
telecom. (Ok ok, a few exceptions, in the US for example)
<br>
<br>
This is how telecoms have been earning money, ever have been and
will for a while longer until interconnection fees for incoming
traffic will be dropped completely, it's a work in progress,
especially in the EU. (Unfortunately)
<br>
<br>
There are 2 schemes:
<br>
<br>
1) Not so popular, but it's on the rise in the last 1-2 years: get
landline numbers in country xyz, strike a deal with the telco that
owns these numbers so that they'll pass a bit of their revenue on
to you, and find a way to call yourself for free or at a lower
rate than these numbers pay (= abuse your unlimited subscriber
plan). The revenue is usually in the area of 0.00x or even 0.000x
per minute, depending on the country.
<br>
<br>
2) Just google International Premium Numbers, or short, IPRN. It's
a whole world of its own. Revenue is much higher. These are not
"real" numbers and they never have full worldwide connectivity. So
the fraudster has 2 tasks: 1) find a carrier through which he can
reach these numbers and 2) find a way to call these numbers at a
lower rate than they pay out. 2) is usually accomplished by
hacking PBXes (= free calls), fraudulent apps etc. There are tons
of stories of abuse regarding IPRN out on the web, just research a
bit (quite interesting actually). Some technical background
information on 1) How does it work? Where does the revenue come
from you might wonder? First to be said, it can never work without
a fraudulent telecom operator that is part of the scheme. Imagine
you are calling from France to Latvia. Let's say the call passes
France, Switzerland, Czech Republic and then goes to Latvia. Each
carrier on the path passes the call on to the next carrier. Now,
let's say the carrier in the Czech Republic is the evil one. The
call comes in, and they simply say: well, this Latvian number that
you just called belongs to us, we terminate the call here and pick
it up. Billing time starts. Now, they charge the Swiss telco for
the incoming call to Latvia, of course. And the Swiss telco
charges the French telecom. The French telecom charges their
subscriber (e.g. hacked PBX). The call never makes it to Latvia!
Now, the Czech Republic telco works together with an IPRN provider
(or they run an evil IPRN service by themselves kind of
anonymously). They pass a bit of the money they get from the Swiss
telecom on to the IPRN "owner" (the fraudster) and keep the
remaining money for themselves. Easy money! This is why IPRNs
don't have worldwide connectivity and can usually never get called
from within a country (path is too short, no fraudulent telecom in
between). They can even be real numbers that belong to someone, in
this case, in Latvia, it doesn't matter. All you need to be is an
evil telco where calls transit through and you have it. How much
do you pay to your normal landline telco for a call to Latvia? To
a Latvian mobile number? Let it be 0.25 EUR per minute. Thats what
the subscriber pays, the Swiss telecom gets 0.22 of that, the
Czech telco 0.20 and the fraudster 0.11. Just an example - margins
are always high with IPRNs. Now you can simply do the same not
with Latvia but with faaar away countries, islands (!) where
calling to is even more expensive and your margins will go waaay
up.
<br>
<br>
Just to be clear: it's totally legit to earn money on incoming
calls, this is the main income source for telcos all over the
world. But abusing your unlimited plan and running IPRNs is not
"that" legit I'd say. :)
<br>
<br>
<br>
<blockquote type="cite">Beside sharing interests with the callee
that get those revenues, why
<br>
a hacker would like to dial the same numbers over and over ?
<br>
</blockquote>
<br>
I don't see another reason.
<br>
<br>
<br>
<blockquote type="cite">In other words, in this case, is looking
at callee number a promising
<br>
path to find hackers ?
<br>
</blockquote>
<br>
Not in my experience. Since the fraudulent telcos work together
with the IPRN "owners" you won't succeed. Must be a large-scale
fraud scheme with millions of EURs lost for some authority to
investigate properly. Plus, the IPRN owners even can get paid via
Western Union etc. from the IPRN service, so all they need is a
stolen/fake passport... so you are not left with much except maybe
their IP address which, of course, if they are not totally dumb,
isn't theirs. Gotta get in touch with some law enforcement agency
and then catch them when they pick up the money at the Western
Union counter.
<br>
<br>
I should write a book about that. :P
<br>
<br>
Cheers
<br>
Markus
<br>
<br>
<br>
</blockquote>
Is the destination Number like Country Code +972?<br>
<pre>+972 59 xxxxxx(x) mobile - Jawall [moving to 7-digit subscriber numbers]</pre>
source - <a class="moz-txt-link-freetext" href="http://www.wtng.info/wtng-972-il.html">http://www.wtng.info/wtng-972-il.html</a><br>
<br>
My SIP Proxy logs all the unauth. INVITEs and I found the a lot
calls go to the Country code +972 xxxxxxxxxxx<br>
<br>
This is my log from this morning.:<br>
Oct 2 07:32:15 server /sbin/kamailio[29866]: NOTICE: <script>:
blocking IP 69.30.254.234 sipcli/v1.8 rm=INVITE aU=<null> rU=<a
href="callto:00972597613940" nr="00972597613940" class="telified"
title="Als Telefonnummer verwenden"
style="color:#00001f;background-color:#ffffdf;-moz-border-radius:3px;cursor:pointer">00972597613940</a><br>
<div class="moz-signature"><br>
-- <br>
<b>Rainer Piper</b>
<br>
Integration engineer
<br>
Koeslinstr. 56
<br>
53123 BONN <br>
GERMANY
<br>
Phone: +49 228 97167161
<br>
P2P: <a class="moz-txt-link-freetext" href="sip:rainer@sip.soho-piper.de:5072">sip:rainer@sip.soho-piper.de:5072</a> (pjsip-test)
<br>
XMPP: <a class="moz-txt-link-abbreviated" href="mailto:rainer@xmpp.soho-piper.de">rainer@xmpp.soho-piper.de</a></div>
</body>
</html>