Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Gordy7

1145 posts

Uber Geek

Lifetime subscriber

#21150 17-Apr-2008 10:12
Send private message


I read that Testra custommers in Aussie have been hit by phone scams and big bills.

Can the VFX system be subject to scam systems?

What protection exists?

Can a user be protected from scamming bills?

Can a user set a cap with VFX to prevent a phone bill run-away?

Cheers





Gordy

 

My first ever network connection was a 1MHz AM crystal(OA91) radio receiver.


Create new topic
Gordy7

1145 posts

Uber Geek

Lifetime subscriber

  #124318 17-Apr-2008 10:42
Send private message

Read Telstra...




Gordy

 

My first ever network connection was a 1MHz AM crystal(OA91) radio receiver.


freitasm
BDFL - Memuneh
68881 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

#124320 17-Apr-2008 10:47
Send private message

What kind of scams? the VFX service uses certified hardware, locked to their MAC addresses and other configuration settings. Pretty hard for the usual scammer who problably wants a fast buck on stolen calls - it would be a lot more effort than the return I guess.




 

 

These links are referral codes

 

Geekzone broadband switch | Eletcricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


 
 
 
 


Gordy7

1145 posts

Uber Geek

Lifetime subscriber

  #124350 17-Apr-2008 11:43
Send private message


Hacking into phone systems... and it is to do with cards.

Probably news media inflation...

Link to NZ Herald item:

http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10504614





Gordy

 

My first ever network connection was a 1MHz AM crystal(OA91) radio receiver.


joshp
205 posts

Master Geek

Trusted
WorldxChange

  #124358 17-Apr-2008 12:00
Send private message

Security of a customers PABX is solely up to the customer, short of applying toll bars on a customers account there is not much we can do.  We do however set a credit limit on your account at which point if the total bill amount is over this limit your number will be blocked on our system.. if you which to set this limit to a level that you are comfortable with you should be able to ring through to our helpdesk/customer service to have this set for you.

Sorry I should also point out in here.. VFX is locked down for these reasons exactly.. we control the configuration and the auth details to avoid things like this from happening, if you have VFX on your Asterisk box however it is up to you to ensure that it is protected.

Hope this helps.

Cheers

Josh




DribblingBadger
9 posts

Wannabe Geek


  #124403 17-Apr-2008 15:21
Send private message

I spent several years consulting on voice security in the UK for the likes of the Ministry of Defence, UN, local government, law enforcement agencies and private companies.  Although my consultancy covered all aspects of voice security such as call encryption, evesdropping and war-dialling a large section of my work was around discovering, quantifying and preventing toll fraud.  This is exactly the type of scam that has been publicised in this mornings Herald.

In short the fraud is usally achieved by dialling into a pabx that is local to you and then dialling out to an international destination from the PBX.  You pay for a local call and the PBX owner pays for the second leg international call.  The facility to do this is usually called DISA (direct inward subscriber access) and used to be very popular when international calls were still considered expensive.  The legitimate use for such a facility would usually be something like 'company A does alot of business with company B in the UK.  Executives at company A need to call Compnay B a great deal in the middle of the night.  Rather than incur large toll bills on the executives home number we will use DISA.

DISA is not so popular these days as companies freely give mobile phones to their users, plus international calls have come down enormously in the last 10 years.  If DISA is required (as it can be used for other purposes) then as with all these things it needs to be configured correctly.

1. Authentication through CLI
2. password authentication should lock users out after 3 attempts
3. the lock out should reset after X minutes
4. if 3 more failed attempts are made then the lock out time should double i.e. 2 x X
5. regular daily reporting needs to be performed on that DISA number to monitor for fraud
6. thresholds should be applied to the facility so that 1,000's of calls/dollars cannot be racked up in a single night
7. staff such as operators need to educated about transferring external callers to external numbers.

Telstra and WxC are correct when they say it is the customers responsibility to ensure that their PABX is configured correctly against toll fraud.  HOWEVER, I personally believe that all telcos have the responsability to monitor circuit usage and when obvious fraud is occurring the ability to shut that circuit down.  BT resisted this for years, but once one of their competitors offered the service then everyone started to.


Incidentally, the largest fraud I ever discovered was over £1,000,000  that the customer knew nothing about as they didn't report on / check their bills. And that was a police force !!!!


cheers

db


nate
6408 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #124465 17-Apr-2008 18:40
Send private message

Just like having a www/email/ftp server open to the world, keeping a close eye on your logs will keep you out of trouble.


Niel
3267 posts

Uber Geek

Trusted

  #124488 17-Apr-2008 19:12
Send private message

...except that with a "simple" phone line you do not expect customers to know about even the simplest of security measures.  On credit cards they will monitor your purchases and either contact you or block unusual purchases.  I'm sure WxC has thought of this and many other things, but locking down the device and MAC address is probably the most effective/economical way of doing it.




You can never have enough Volvos!


 
 
 
 


Gordy7

1145 posts

Uber Geek

Lifetime subscriber

  #124535 17-Apr-2008 21:10
Send private message


It is good to have the experience of DribblingBadger explain the fraud mechanics.

It is reasuring to know that ordinary users of WxC have no real worries with the security measures that are in place.

Cheers

Gordy






Gordy

 

My first ever network connection was a 1MHz AM crystal(OA91) radio receiver.


Create new topic





News »

Huawei launches IdeaHub Pro in New Zealand
Posted 27-Oct-2020 16:41


Southland-based IT specialist providing virtual services worldwide
Posted 27-Oct-2020 15:55


NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.