Tech Focus: Time to make a call on telco fraud

Pro

20 April 2006

In 2003 hackers from Belgium, Holland and Italy gained access to a PBX (Private Branch Exchange) at the Department of Social and Family Affairs and used it to make thousands of international and premium rate calls. In the two months before the breach was discovered, they had racked up almost EUR*300,000 in call charges, including EUR*12,000 in one weekend.
While breaches of this magnitude are rarely publicised, businesses of all sizes from across the country have been hit by telecoms fraud.
Telecoms fraud is exceedingly common in Ireland and businesses of virtually any size can be at risk. From sophisticated teams of outside hackers routing expensive international calls through a target company’s PBX, to staff using work phones for costly personal calls, telecoms fraud is a EUR*60 billion annual problem worldwide.

High volume
The Garda Bureau of Fraud Investigation estimates telecoms fraud has cost Irish companies millions over the years and high volume telecoms users are especially vulnerable.
Experts estimate that more than 200 variants of telecom fraud exist, and this number is growing by 15% per annum, with the advent of new telecoms technology (such as VoIP).
Whilst hacking is not new, its increasing prevalence is primarily due to a number of reasons (see inset panel Fraud Prevalence).

Fraud Prevalence

The increasing prevalence of telecoms fraud is due to:

  • the availability and use of advanced PBX systems
  • an increase in trunk-to-trunk transfer (calls automatically forwarded by a PBX to another number)
  • a growing reliance on remote maintenance
  • Direct Inwards System Access (DISA)

Hackers, as in other cases, commit telecoms fraud by targeting a system’s inherent vulnerabilities. All PBX systems have a maintenance port with a silent number that allows a technician to connect to it remotely. By accessing the PBX through this port, a hacker can reconfigure it to allow incoming calls to be redirected to outside numbers. Extensive tools exist on the Internet to assist hackers with port access, passwords and remotely reconfiguring exchanges.

 

Feature hole

A recently released product designed to enhance voice-mail attributes of PBX systems included a feature that allowed external users to call the PBX and then dial anywhere. Usually the feature is turned off, but the enhancement reactivated it without any strong warning. Hackers gained access and made substantial volumes of international calls.

Denial-of-service attacks on PBXs – designed more to frustrate rather than financially hurt companies – are also common.

The other major cause of telecoms fraud is staff. Staff make premium charge calls to competitions and chat lines, out-of-hours phone use – long distance or long duration, and out-of-sight calls – i.e. expensive calls from the boiler room.

Response
Fortunately, there are a number of steps IT managers can take to protect their systems and monitor phone usage.
As always, awareness and common sense are the first lines of defence. Know your system and enlist measures to minimise your exposure to risk. Password-protect your PBXs maintenance port and change this regularly. Limit international or premium calls with your telecoms provider.
Call management companies can also provide audit services that monitor and identify security holes in PBX and voice-mail systems. These extensive audits include checks of system configuration, administrative access, automatic call distribution, restriction/permission lists, call routing, voice services, and mailbox passwords.
All PBX systems can produce a call detail record (CDR), which lists dialled numbers, call durations, and times of calls. In some cases of fraud (i.e. the calls from the boiler room at midnight) this can provide enough information. The PBX CDRs tell you nothing about call costs, however, and can be tedious to examine, especially when your business makes a large volume of calls.

For greater functionality, call analysis software monitors PBX activity and can be used to produce a wide variety of associated reports. The advantage of these systems is that call costs can be factored in, allowing unusual spikes in costs (such as those incurred when a PBX is hacked) to be identified more quickly.

Reports
Examples of reports that can be produced using the browser-based software include excessive numbers of calls in a given period, calls to unexpected destinations, calls at unexpected times, unexpected trunk-to-trunk calls (calls forwarded), calls to emergency services, call patterns over a given period, diverts to mobiles or other destinations and calls to the PBX maintenance port.

Apart from fraud recognition, this information can also be useful for allocating charges to internal cost centres or external clients, as well as assessing staff productivity, time to answer calls, and line unavailability etc.
Modern call accounting systems have excellent features, but still require someone to analyse them. Businesses must decide whether to do this themselves, or use an outside managed monitoring service company. A key factor is response time. With fraudsters able to rack up thousands of euro in call charges in a single day, monthly or even weekly analysis can be too slow.

Ongoing monitoring enables alerts highlighting unusual activity to be sent in near real-time to a nominated person in the company by SMS or e-mail.
A managed service has numerous advantages – ongoing analysis by specialists, freeing up of internal resources, and the capacity to extend usage or cost monitoring to other activity such as mobile calls, e-mail and internet use.

 

Bottom line

The bottom line is that telecoms fraud is something all businesses need to think about. Communications costs are already a major operating expense for many companies and a do-nothing attitude to the issue could leave them critically exposed.

Read More:


Back to Top ↑

TechCentral.ie