Fighting the New Phone Phreaks

Some of the earliest hackers started out as phone phreaks. They tried to break into “Ma Bell,” the ATT monopoly, to steal long distance calling service. They whistled tones into phone receivers to trick the phone company’s computers. At the time, it was the only way a regular person could even interact with a computer system. They dove into dumpsters looking for MCI calling card numbers.

Forty years later, their techniques have changed, but the goal is still the same: stealing phone service. However, what was once a crew of idealistic misfits engaged in “good clean fun,” trying to take back a few dimes from Ma Bell is now a global criminal enterprise, estimated to cost businesses something in the neighborhood of $30 billion a year.

Toll fraud, also called PBX fraud, is a very serious problem for businesses and telecoms. The essential risk stems from the unstoppable adoption of IP-based Private Branch Exchanges (PBXs). These phone switching systems serve private organizations. They enable the sharing of central office trunks between internal phones and allow access to external lines. Fraudsters who can penetrate the PBX can abuse the SIP-IP protocol to route calls through a private company’s phone system. This was far harder to do with legacy PBXs.

Fraudsters can gain access to IP PBXs through phishing attacks or exploiting weak security. In some cases, insiders are the attackers/fraudsters. The fraud itself usually involves one of two criminal acts: calling out to premium 900-type numbers, known as a “revenue share fraud,” or illegally selling access to long distance service that is routed through an unsuspecting company’s PBX. This is known as a “terminate bypass fraud.”

“We see it all the time. A business manager comes into the office on a Monday morning and discovers that his company has made $20,000 worth of calls over the weekend—calls that no one in the company ever actually dialed. It’s theft two times over. The phone company is also a victim.” – Arnd Baranowski, CEO Oculeus GmbH

“This is unfortunately quite common,” explained Arnd Baranowski, CEO Oculeus GmbH, which produces solutions to mitigate toll fraud. “We see it all the time. A business manager comes into the office on a Monday morning and discovers that his company has made $20,000 worth of calls over the weekend—calls that no one in the company ever actually dialed. It’s theft two times over. The phone company is also a victim.”

What can be done about this? Strong security basics are a good start. Telephone operations continues to work separately from IT in many organizations. This has led to a divergence in security postures between enterprise systems like ERP and IP PBXs. As companies are learning, however, those IP PBXs are vulnerable and need the same kind of access controls and security policies as ERP and other core systems.

Arnd Baranowski, CEO of Oculeus

Companies like Oculeus offer dedicated solutions. Oculeus-Protect, for example, monitors voice communication channels. With artificial intelligence and related technologies, it is able to detect suspicious call patterns in ways that are impossible for a human being to replicate. It isolates irregular call patterns, changes in behavior and non-human behavior. The solution learns a particular PBX and becomes able to spot software-injected calls and other forms of toll fraud.

In order to block fraudulent calls without affecting system performance or the quality of legitimate calls, Oculeus-Protect only monitors the SIP Signaling layer of the message. This is the meta data, the invite, ringing, and so forth. The actual message, known as the RTP Stream or call media, is not monitored. This way, Oculeus-Protect can monitor a large number of calls with minimal impact on network traffic. It runs in real time. Once it has detected a fraudulent call, the solution blocks it. There are methods for users to un-block calls that were actually legitimate.

The company offers versions of its product for telecom companies as well as private businesses. It includes a management and reporting system. The architecture is web-based, so it is relatively easy to set up. There are options for larger, on-site installs as well.

Photo Credit: Markus Alydruk Flickr via Compfight cc