2011's Biggest Frauds and Phreaks
By Eric Klein
Inspired by ARN’s article, "2011's biggest security snafus," I am looking to see how telecom fraud has fared in 2011.
So as 2011 begins to fade away, we look back at the biggest Telecom Frauds and Phreaks that made headlines. From the news that Steve Jobs used to commit Blue Box Fraud, to the funding of terror, it has been an eventful year. We might even want to label 2011 the year that telecom fraud went From Fun Phreak to Terrorism.
In the first half of the year, Taiwan was in the news when groups of its citizens were released after being arrested in telecom fraud-related incidents. Taiwan's police on Friday accused Philippine authorities of bungling a cross-border fraud case late last year. Then in May, Chinese mainland authorities will send back 14 Taiwan residents on suspicion of telecom fraud to police in Taiwan upon finishing their investigation.
In September, China and Taiwan were back in the news when police from the Chinese mainland, Taiwan and eight countries of the Association of Southeast Asian Nations (ASEAN) shut down two large transnational telecom fraud groups, arresting over 800 suspects in a transnational telecom fraud bust.
- experts estimate annual fraud losses are $40.1 Billion (USD);
- the top five countries where fraud originates: United States, India, United Kingdom, Pakistan, and the Philippines;
- the top five countries where fraud terminates: Cuba, Somalia, Sierra Leone, Zimbabwe, Latvia;
- the top five fraud loss categories reported by operators were: $4.96 Billion (USD) – Compromised PBX/Voicemail Systems; $4.32 Billion (USD) – Subscription/Identity Theft; $3.84 Billion (USD) – International Revenue Share Fraud; $2.88 Billion (USD) – By-Pass Fraud; $2.40 Billion (USD) – Credit Card Fraud
In November, Shanghai police look to stop the over 9,000 telecom fraud cases that were reported in the first 10 months of the year by limiting the number of bank cards allowed to customers.
Also in November, MTN Uganda admitted that has lost more than $9 million (U.S.) to ripoff artists in just the past six months. That's more than 70 million minutes of calls that appear as local calls on MTN's network. MTN accused its local rival Airtel, saying that "SIM box fraudsters are using that carrier's numbers to terminate inbound international traffic, and that Airtel isn't vigilant enough to keep it from happening." An Airtel spokesman is quoted as responding, “It is true that our SIMs still remain the most attractive to fraudsters due to affordability, but I can tell you that over time the NCA’s detection of Airtel numbers in SIM Boxes has reduced from about 500 a day to 100 day – a clear sign that we are winning against the fraudsters gradually."
AT&T hit the news twice in the last quarter: First, hackers tried using an "auto script" to see if the AT&T phone numbers were tied to an online AT&T account. This led AT&T to announced “that there had been an ‘organized and systematic’ attempt to hack into their personal account information." AT&T spokesman Mark Siegel says that there is no relation between the attempted hack and the three-hour wireless data service outage that hit some customers in the northeastern U.S.
Then they were in the news for reporting to the FBI that some of their customers' PBXs had been hacked to the tune of $2 million and the Philippine National Police – Criminal Investigation and Detection Group (CIDG) and the FBI arrested 4 people who were working on commission hacking PBXs for Al-Qaeda to commit premium rate fraud.
In time for the holiday shopping season there was the warning that people could be using their phones for shoplifting by organizing flash mobs that would distract store staff while people shoplift.
Mobile phones were not safe: Also in October, Symantec warned of problems with mobile devices starting with the discovery of fake NetFlix apps for Android phones. Two weeks later, BBC has an article titled "Smartphone scams: Owners warned over malware apps," which talks about how these apps are made and how they can be used to commit phone fraud. A few weeks later, Bit9 released a report, "The Dirty Dozen of security-vulnerable smartphones."
To end the year we have the debate on Carrier IQ, and the investigations in the US and EU about its use in invasion of privacy on so many mobile devices and carriers.
But 2011 was not without its positive sides too. The CFCA reported that there was a reduction in overall telecom fraud by 33 percent from the its 2008 survey. They attribute this “to improved anti-fraud programs implemented by operators and an increase in collaboration of anti-fraud professionals within the industry."
Surprise video: Although enterprises and communications operators tend to keep their actual loss figures and plans for corrective measures confidential during the fraud roundtable at Astricon in November, we had users get up and tell the group about how they or their customers had been affected by fraud. One user got up and told how his company was hit for $400,000 in fraud over 2 days; another told how a customer requested to reset their PBX password and set it to the default setting. The suspicious vendor decided to watch that server, and it was found and hacked in less than 11 minutes.
Throughout the event, people kept coming up and telling me stories about how they or their customers had been hit. Telecom Fraud Is Alive & Kickin’, so be proactive and protect your company, monitor your phone services, watch for strange activity on your mobile.
Eric Klein is vice president of sales and marketing at Humbug Telecom Labs. He has more than 20 years experience in the telecom industry. In addition to his experience with MCI Communications (now part of Verizon) and Cellcom, he has served as a grant reviewer for the U.S. Department of Commerce Broadband Initiatives (BIP) Program and Broadband Technology Opportunities Program (BTOP).