168 lines
9.4 KiB
Plaintext
168 lines
9.4 KiB
Plaintext
|
|
|
|
The following article was transcribed from Tele Mgr, a magazine for, you
|
|
guessed it, managers of telecommunications systems. I thought everyone
|
|
would like to get an idea of how the people on the other side see them. When
|
|
reading over the article, be sure to take note of the methods that are not
|
|
mentioned. And like any other writing on phreaks, this article is filled with
|
|
over generaliztions and unfounded connections between p/hacking and
|
|
organized crime. But despite the standard lies, the article is fairly
|
|
informative. Feedback or comments can be directed to me at:
|
|
|
|
CybernetI [504] 272-1710, Johnny Rotten <Sysop>
|
|
>>>>>>>>>Ratfink
|
|
|
|
|
|
|
|
By now the stories are all too familiar. Your PBX/CPE customer receives a
|
|
long distance telephone bill in a huge box, rather than an envelope.
|
|
Throughout the bill are pages of calls from international locations and
|
|
locations your customer doesn't do business with: The Dominican Republic,
|
|
Mexico, Pakistan or Colombia. A total of $50,000 in international calls.
|
|
Another victim of PBX/CPE fraud.
|
|
|
|
For as long as there has been direct dial long distance service, there have
|
|
been ways to steal it. Methods have constantly evolved over the years. First,
|
|
the "boxes" fraud. Blueboxes, Redboxes, Silverboxes. With the advent of
|
|
competitive long distance service, a new avenue became available, Feature
|
|
Group.
|
|
|
|
A FGA offers access to the interexchange carriers' network through a
|
|
subscriber-type line connection rather than through a trunk. Thus the birth
|
|
of "hackers" and "phreakers". Phreakers are aspiring hackers sharpening
|
|
their skills by uncovering long distance authority codes.(auth codes). This is
|
|
accomplished by breaking in to a company's telecommunications computer
|
|
and uncovering the auth code identifying long distance customers to which
|
|
phone calls are billed. The more experienced hackers are skilled in breaking
|
|
into modem ports, including PBX/CPE.
|
|
|
|
With divestitures and advancements in monitoring systems, FGA became
|
|
less of a problem. Carrier calling cards became the favorite method for
|
|
stealing service. Calling cards were wonderfully easy to steal. You didn't
|
|
need to hack. All you needed was to hang around the payphone banks at any
|
|
major transportation facility, watch the legitimate users dial their code or
|
|
listen to them repeat it to an operator, and you were in business. All the
|
|
carriers eventually developed advance monitoring systems to detect calling
|
|
card abuse. Now fraudulently used calling cards are good for a few hours at
|
|
most before the card is deactivated.
|
|
|
|
The migration continued to the PBX/CPE environment, and extremely fertile
|
|
area of attack. Many PBX/CPE owners were unaware of fraud potential.
|
|
Systems were not in place to detect this fraud in a short time frame. The
|
|
abuse could often continue unabated until the PBX/CPE owner received the
|
|
aforementioned bill.
|
|
|
|
As the years have passed, fraud migrated from one product to the next. What
|
|
started as a problem with college students trying to call friends and family
|
|
for free, or businesses trying to reduce their phone bill, has turned into a
|
|
very lucrative market. The "call sellers" stealing phone service are
|
|
professionals. The resale of lang distance service at very low rates is their
|
|
full time job. While the problem was once confined to domestic calls, it has
|
|
evolved almost totally to international calls. These professionals work from
|
|
their homes or from payphones on the street. For as little as $5, they will
|
|
sell you a 15-minute telephone call to anywhere in the world.
|
|
|
|
Phreakers are still uncovering authcodes; however, this is no longer the only
|
|
method employed to garner information . The migration has moved to
|
|
technical expertise. Now, hackers no longer attack only dialtones, they
|
|
attack modems that are the maintenance ports on PBX/CPE equipment. Once
|
|
inside the equipment, the hackers reprogram features. They turn on function,
|
|
such as Direct Inward System Access (DISA), that owners have turned off.
|
|
They reprogram certain call processing features allowing outbound dialing
|
|
from voice mail boxes or call attendants.
|
|
|
|
Previously, these two communities (call sellers and hackers) worked
|
|
individually. Hockers posted codes on bulletin boards or pirated voice mail
|
|
boxes, and call sell operators accessed for the information. Recent
|
|
activities indicate this relationship has changed to one of direct
|
|
cooperation. As PBX/CPE owners have become more aware of the fraud
|
|
issues over the last two or three years, they have taken steps to protect
|
|
their systems. EISAs have been removed, and international calling has been
|
|
blocked. The PBX/CPE equipment can no longer be abused with simple keypad
|
|
manipulation. This places call sell operators in a bind. They have customers
|
|
to support and cannot provide the service those customers desire. As a
|
|
result, hackers and call sell operators have joined forces. A call sell
|
|
operator puts a hacker on the payroll. The hacker, armed with PBX/CPE
|
|
manuals, accesses the equipment and modifies it to allow a fraudulent call
|
|
to be placed.
|
|
|
|
These crimes require total industry cooperation to be combated. It's no
|
|
something that can be solved without a combined effort by the
|
|
interexchange carriers (IXCs), PBX/CPE manufacturers and distributors, and
|
|
end users.
|
|
|
|
EDUCATION AND AWARENESS
|
|
|
|
This is the area that has produced the best results to date. Over the last two
|
|
years there have been many articles published in trade journals and the
|
|
general media highlighting the problem. Seminars have been conducted by
|
|
the Communications Fraud Control Association, American Society of
|
|
industrial Security, and other organizations, highlighting potential exposure.
|
|
The IXDs have all developed some form of customer awareness training,
|
|
forcing the hackers call sell operators to resort to drastic measures. It's
|
|
not as east to beat a PBX as it was two years ago.
|
|
|
|
Despite the advances made, however, the efforts need to be refocuses.
|
|
Resources should be directed at law enforcement and the judicial system.
|
|
Many believe telecommunications fraud is still a victimless crime being
|
|
perpetrated against the "deep pockets" of the local and interexchange
|
|
carriers. But as many PBX?CPE owners unfortunately know, industry tariffs
|
|
hold the owner responsible for this type of fraud.
|
|
|
|
Law enforcers need to know the carriers will assist them in any way
|
|
possible to put a case together. They must know that many times there is a
|
|
connection between telecommunications fraud and everyday street crimes,
|
|
including the drug trade.
|
|
|
|
Likewise, prosecutors and judges need to understand the impact of these
|
|
crimes and to hand out appropriate sentences when a suspect has been
|
|
convicted. In a recent case in New York City, a fraud suspect was convicted
|
|
and sentenced to 300 hours of community service for over $375,000 of
|
|
documented fraudulent phone calls attributed to this individual. That
|
|
equates to over $1,000 stolen for each hour of community service, or
|
|
something far less than an effective deterrent.
|
|
|
|
BETTER LAWS
|
|
|
|
The federal laws most often used against hackers are Title XVIII Sections
|
|
1029 and 1030. These laws offer reasonable penalties for the criminal. Many
|
|
state laws lack teeth, however. In many states the best that can be done
|
|
under existing laws is to charge the hacker with a misdemeanor offense.
|
|
|
|
The time for change is now. Hackers don't believe they are doing anything
|
|
wrong. They think confidential and marketable information should be
|
|
accessible and free. They rant and rave about their First and Fourth
|
|
Amendment rights. Mitch Kapor, creator of LOTUS 1-2-3 has even started a
|
|
fund to help arrested hackers defend themselves. The industry needs to
|
|
regain the upper hand. These hackers are nothing less than thieves stealing
|
|
information and services.
|
|
|
|
SECURITY
|
|
|
|
Security for PBX/CBE equipment must be developed. The first area to
|
|
approach is the maintenance modem port. Dial-up access to a bare modem
|
|
protected by only user IDs and passwords does not offer security. PBX/CBE
|
|
manufacturers should assist their customers in finding a suitable security
|
|
Access Unit (SAU) to protect the dial-up port or offer such a product
|
|
themselves. These SAUs work with multiple authentication schemes and can
|
|
cost anywhere from $200 to $1,000 per line. All these products provide an
|
|
additional layer of security. The cost differences stem from additional
|
|
features such as real time alarms and audit trails.
|
|
|
|
Manufacturers, suppliers and vendors must fully explain to equipment
|
|
owners the existing security features of their systems. These include call
|
|
restriction capabilities, event logging, traffic reporting, and auth code
|
|
management features, to name a few.
|
|
|
|
Emphasize to your customers that the key to protection against fraud is
|
|
diligence. Customers are battling a very resourceful and tenacious enemy.
|
|
Letting one's guard down for a minute could cost one's company literally
|
|
thousands of dollars a day. Remember, we're up against a professional
|
|
industry stealing $1 to $1.5 billion annually. It is unlikely the hackers/call
|
|
sell operators will go away any time soon. They will uncover and develop
|
|
methods we have yet to imagine. However, by addressing the legal issues
|
|
and putting more teeth in our laws and sentences, we may be able to turn
|
|
the corner on toll fraud. Until then, you must offer your customers not only
|
|
great products and services, but advice on how to prevent the wrong hands
|
|
from using them as well.
|