Olivier
2014-Oct-01 09:40 UTC
[asterisk-users] PBX hacked: why hundred of calls to the same number ?
Hi, Someone reported me that from a PBX on which someone gained fraudulent access, he could observe hundreds of calls to the same destination number. For curiosity's sake, I'm wondering why would this happen (dialing the same number over and over) ? Some special numbers generate here and there revenues for callees (and not for callers). Beside sharing interests with the callee that get those revenues, why a hacker would like to dial the same numbers over and over ? In other words, in this case, is looking at callee number a promising path to find hackers ? Regards
Administrator TOOTAI
2014-Oct-01 13:36 UTC
[asterisk-users] PBX hacked: why hundred of calls to the same number ?
Le 01/10/2014 11:40, Olivier a ?crit :> Hi,Hi> > Someone reported me that from a PBX on which someone gained fraudulent > access, he could observe hundreds of calls to the same destination > number. > > For curiosity's sake, I'm wondering why would this happen (dialing the > same number over and over) ? > > Some special numbers generate here and there revenues for callees (and > not for callers). > Beside sharing interests with the callee that get those revenues, why > a hacker would like to dial the same numbers over and over ?callee is also the bad men. Go and buy an 899 number in France, hack PBXS and call your number :-) [...] -- Daniel
Markus
2014-Oct-01 16:19 UTC
[asterisk-users] PBX hacked: why hundred of calls to the same number ?
Am 01.10.2014 11:40, schrieb Olivier:> Some special numbers generate here and there revenues for callees (and > not for callers).Not just some, but ALL numbers generate revenue for the receiving telecom. (Ok ok, a few exceptions, in the US for example) This is how telecoms have been earning money, ever have been and will for a while longer until interconnection fees for incoming traffic will be dropped completely, it's a work in progress, especially in the EU. (Unfortunately) There are 2 schemes: 1) Not so popular, but it's on the rise in the last 1-2 years: get landline numbers in country xyz, strike a deal with the telco that owns these numbers so that they'll pass a bit of their revenue on to you, and find a way to call yourself for free or at a lower rate than these numbers pay (= abuse your unlimited subscriber plan). The revenue is usually in the area of 0.00x or even 0.000x per minute, depending on the country. 2) Just google International Premium Numbers, or short, IPRN. It's a whole world of its own. Revenue is much higher. These are not "real" numbers and they never have full worldwide connectivity. So the fraudster has 2 tasks: 1) find a carrier through which he can reach these numbers and 2) find a way to call these numbers at a lower rate than they pay out. 2) is usually accomplished by hacking PBXes (= free calls), fraudulent apps etc. There are tons of stories of abuse regarding IPRN out on the web, just research a bit (quite interesting actually). Some technical background information on 1) How does it work? Where does the revenue come from you might wonder? First to be said, it can never work without a fraudulent telecom operator that is part of the scheme. Imagine you are calling from France to Latvia. Let's say the call passes France, Switzerland, Czech Republic and then goes to Latvia. Each carrier on the path passes the call on to the next carrier. Now, let's say the carrier in the Czech Republic is the evil one. The call comes in, and they simply say: well, this Latvian number that you just called belongs to us, we terminate the call here and pick it up. Billing time starts. Now, they charge the Swiss telco for the incoming call to Latvia, of course. And the Swiss telco charges the French telecom. The French telecom charges their subscriber (e.g. hacked PBX). The call never makes it to Latvia! Now, the Czech Republic telco works together with an IPRN provider (or they run an evil IPRN service by themselves kind of anonymously). They pass a bit of the money they get from the Swiss telecom on to the IPRN "owner" (the fraudster) and keep the remaining money for themselves. Easy money! This is why IPRNs don't have worldwide connectivity and can usually never get called from within a country (path is too short, no fraudulent telecom in between). They can even be real numbers that belong to someone, in this case, in Latvia, it doesn't matter. All you need to be is an evil telco where calls transit through and you have it. How much do you pay to your normal landline telco for a call to Latvia? To a Latvian mobile number? Let it be 0.25 EUR per minute. Thats what the subscriber pays, the Swiss telecom gets 0.22 of that, the Czech telco 0.20 and the fraudster 0.11. Just an example - margins are always high with IPRNs. Now you can simply do the same not with Latvia but with faaar away countries, islands (!) where calling to is even more expensive and your margins will go waaay up. Just to be clear: it's totally legit to earn money on incoming calls, this is the main income source for telcos all over the world. But abusing your unlimited plan and running IPRNs is not "that" legit I'd say. :)> Beside sharing interests with the callee that get those revenues, why > a hacker would like to dial the same numbers over and over ?I don't see another reason.> In other words, in this case, is looking at callee number a promising > path to find hackers ?Not in my experience. Since the fraudulent telcos work together with the IPRN "owners" you won't succeed. Must be a large-scale fraud scheme with millions of EURs lost for some authority to investigate properly. Plus, the IPRN owners even can get paid via Western Union etc. from the IPRN service, so all they need is a stolen/fake passport... so you are not left with much except maybe their IP address which, of course, if they are not totally dumb, isn't theirs. Gotta get in touch with some law enforcement agency and then catch them when they pick up the money at the Western Union counter. I should write a book about that. :P Cheers Markus