1 / 28

Telecommuncation problems?

Telecommuncation problems?. Steven Branigan District Manager, Corporate Computer and Network Security 2 march 1999. It can’t be that difficult! Just a bunch of LATAs. Courtesy of US WATS from the fcc.gov web page. Telephony issues. Frauds wireless coin landline Recent exploits.

lucio
Download Presentation

Telecommuncation problems?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Telecommuncation problems? Steven Branigan District Manager, Corporate Computer and Network Security 2 march 1999

  2. It can’t be that difficult!Just a bunch of LATAs Courtesy of US WATS from the fcc.gov web page

  3. Telephony issues • Frauds • wireless • coin • landline • Recent exploits

  4. Let’s start with General Billing • Coin phone: pay as you go. • Prepaid: pay in advance. • Calling credit: credit • Residence/business line: credit

  5. Traditional fraudsI make the call, you pay the bill • Clip on fraud. • Cordless phone fraud. • Calling card fraud • Boxes. (red, blue…) • Cloning • Subscriber fraud

  6. Coin phone • coin phone • Network controlled pay phones. • Customer owned payphones • Pay as you go, and you know exactly how much the call costs. • Carrier is selected by the coin phone. • Of course the red box was a common coin fraud.

  7. Of interest • Incoming payphones in certain LATAs must allow incoming calls. • The calling party controls the connection until a timeout in the US.

  8. Calling card • Can be used from a residential or coin phone. • In this cases, the user has no idea how much the call costs. • Calling cards and pins are compromised frequently.

  9. Exploit #1 • Insider at a telco gained access to an SS7 network element • Crafted SS7 messages that issues C.C. queries to SS7 database. • Automated process rotated calling card number, kept the pin constant. • Avoiding fraud detection mechanisms.

  10. Exploit #2 • A potential payphone user would hear a ringing payphone at a busy location. • The user would pickup and hangup. • Then the user would place a calling card call, and the calling card was compromised.

  11. Exploit #2 Hypothetical • Payphone located in Chicago. • Fraudster located in NYC. • Fraudster calls payphone in Chicago. When the call is answered, the fraudster plays dialtone (from NYC) into the payphone. • Person in chicago believes the dialtone is from chicago, and places a calling card call. • The NYC fraudster completes the call, and collects the calling card number.

  12. What about toll free calls • Calls to specific number may be toll free. • In this call model, the party called actually pays for the call. • Currently, 800, 888 and 877 are toll free numbers in the US

  13. An old toll-free case • The “stolen” 800 number.

  14. It could happen to anyone… • It started with a book on Internet security being recovered on a drug raid…

  15. Using a tapped phone line for profit. • A phone line was tapped that was used for credit card validations. • The rest, as we say, is history. • (and people worry about using their credit card on the Internet?)

  16. Investigative tools • Dialed Number Recorder (DNR) • Trap & trace • Wiretap • Billing records • Caller id?

  17. CO SwitchLine history block < op:ilhb,dn=7329491999; PF S570-15073350 95-11-12 15:45:15 075603 MTCE M OP ILHB DN=7329491999 DATE=11/12 TIME=15:42 LICDN=7326241024 MULT_CALL=YES PRIV_INC=NO TRACE=NO IDP=YES SCREENING=NP ADDR_TYPE=NATL NUM_PLAN=ISDN UNIQ=YES CNPR_INC=NOP

  18. Trap and TraceExample output < op:clid; PF S570-15073350 95-11-12 15:45:22 075605 TRCE XXX M OP CLID LIST CONTAINS 2 NUMBERS SECTION 1 OF 1 5550101 7329491999

  19. links links The CCS/SS7 network SCP SCP SCP STP STP CO/SSP CO/SSP trunks

  20. CCS/SS7 networkIssues • SS7 messages obtainable (think pins) • Remote maintenance of switches • Remote maintenance of databases • Many telephone lines rely on a single system

  21. PBX • A great target for the call sell operation. • In order to save money, some corporations allow for dial-out capability in their PBX. • A user can call into the PBX using a toll free number, than call any number in the world.

  22. CellularHello, you’re on the air! • Wireless telephone communication. • Phone number doesn’t determine physical location! • Conversation broadcast within cell.

  23. Cellular tracking?

  24. The future • Local number portability. • Voice/video over the Internet.

  25. Local number portability • A user will be able to keep their phone number forever, (as long as they are in the US) • This will remove geographical issues from wire-line telephone numbers just as it has been removed from cellular. • 10 digit dialing will become much more common.

  26. Area code splits • dividing a specific area code into two area codes. • Increases the available telephone numbers in the network • Two mechanisms, geographical splits or overlays. • Makes the concept of a long distance call more confusing.

  27. Geographic split • Neighboring call can still be dialed with only 7 digits. • NJ’s 908/732 area code split is an example of a geographic split.

  28. Area code overlay • Requires that all calls are dialed with 10 digits. • NYC’s 212 area code split is an example of an area code split overlay.

More Related