Telecom fraud hits VoIP, measures available to counteract it

Phone companies know about fraud, from the old Captain Crunch whistle hack -- people discovered that the whistles given away free in Captain Crunch cereal boxes were the same frequency, exactly 2600 hertz, as the phone company used to authorize open lines for calls -- and VoIP is a victim of it.

Check out this video which explains a $400,000 hack.

Revector, a U.K.-based fraud management company, recently reported that some telcos are losing up to $150 million per year in fraudulent calls through a relatively simple scheme where, for example, a fraudster will set up a conference server in a third-world country, and strike an agreement with the local state-owned phone company for fees for any calls terminated to their conference server: “The fraudster will then gain access into a non-secure IP PBX (News - Alert) or SIP phone and use a software hack to continuously generate multiple calls to their foreign conference server. The conference server answers the calls and maintains them in progress indefinitely, generating tens of thousands of dollars in international phone calls.”

The fraudster collects termination fees from the telco, which bills the international long distance vendor, which bills the SIP service provider serving the hacked enterprise customer. And we’re talking a single fraud event can cost a SIP service provider “anywhere from $3-50 thousand dollars,” according to TransNexus.

Almost elegant in its simplicity—phone phreaker John Draper would be proud—yet costly for the unsuspecting fraud target—nominally an enterprise, but really the SIP provider serving the enterprise customer.

One way to combat this is with TransNexus SIP Analytics, software that can get rid of such traffic-pumping fraud by detecting unusual spikes in call traffic to high-cost destinations and automatically putting a temporary block on the call.