Download
telecommuncation problems n.
Skip this Video
Loading SlideShow in 5 Seconds..
Telecommuncation problems? PowerPoint Presentation
Download Presentation
Telecommuncation problems?

Telecommuncation problems?

101 Vues Download Presentation
Télécharger la présentation

Telecommuncation problems?

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Telecommuncation problems? Steven Branigan District Manager, Corporate Computer and Network Security 2 march 1999

  2. It can’t be that difficult!Just a bunch of LATAs Courtesy of US WATS from the fcc.gov web page

  3. Telephony issues • Frauds • wireless • coin • landline • Recent exploits

  4. Let’s start with General Billing • Coin phone: pay as you go. • Prepaid: pay in advance. • Calling credit: credit • Residence/business line: credit

  5. Traditional fraudsI make the call, you pay the bill • Clip on fraud. • Cordless phone fraud. • Calling card fraud • Boxes. (red, blue…) • Cloning • Subscriber fraud

  6. Coin phone • coin phone • Network controlled pay phones. • Customer owned payphones • Pay as you go, and you know exactly how much the call costs. • Carrier is selected by the coin phone. • Of course the red box was a common coin fraud.

  7. Of interest • Incoming payphones in certain LATAs must allow incoming calls. • The calling party controls the connection until a timeout in the US.

  8. Calling card • Can be used from a residential or coin phone. • In this cases, the user has no idea how much the call costs. • Calling cards and pins are compromised frequently.

  9. Exploit #1 • Insider at a telco gained access to an SS7 network element • Crafted SS7 messages that issues C.C. queries to SS7 database. • Automated process rotated calling card number, kept the pin constant. • Avoiding fraud detection mechanisms.

  10. Exploit #2 • A potential payphone user would hear a ringing payphone at a busy location. • The user would pickup and hangup. • Then the user would place a calling card call, and the calling card was compromised.

  11. Exploit #2 Hypothetical • Payphone located in Chicago. • Fraudster located in NYC. • Fraudster calls payphone in Chicago. When the call is answered, the fraudster plays dialtone (from NYC) into the payphone. • Person in chicago believes the dialtone is from chicago, and places a calling card call. • The NYC fraudster completes the call, and collects the calling card number.

  12. What about toll free calls • Calls to specific number may be toll free. • In this call model, the party called actually pays for the call. • Currently, 800, 888 and 877 are toll free numbers in the US

  13. An old toll-free case • The “stolen” 800 number.

  14. It could happen to anyone… • It started with a book on Internet security being recovered on a drug raid…

  15. Using a tapped phone line for profit. • A phone line was tapped that was used for credit card validations. • The rest, as we say, is history. • (and people worry about using their credit card on the Internet?)

  16. Investigative tools • Dialed Number Recorder (DNR) • Trap & trace • Wiretap • Billing records • Caller id?

  17. CO SwitchLine history block < op:ilhb,dn=7329491999; PF S570-15073350 95-11-12 15:45:15 075603 MTCE M OP ILHB DN=7329491999 DATE=11/12 TIME=15:42 LICDN=7326241024 MULT_CALL=YES PRIV_INC=NO TRACE=NO IDP=YES SCREENING=NP ADDR_TYPE=NATL NUM_PLAN=ISDN UNIQ=YES CNPR_INC=NOP

  18. Trap and TraceExample output < op:clid; PF S570-15073350 95-11-12 15:45:22 075605 TRCE XXX M OP CLID LIST CONTAINS 2 NUMBERS SECTION 1 OF 1 5550101 7329491999

  19. links links The CCS/SS7 network SCP SCP SCP STP STP CO/SSP CO/SSP trunks

  20. CCS/SS7 networkIssues • SS7 messages obtainable (think pins) • Remote maintenance of switches • Remote maintenance of databases • Many telephone lines rely on a single system

  21. PBX • A great target for the call sell operation. • In order to save money, some corporations allow for dial-out capability in their PBX. • A user can call into the PBX using a toll free number, than call any number in the world.

  22. CellularHello, you’re on the air! • Wireless telephone communication. • Phone number doesn’t determine physical location! • Conversation broadcast within cell.

  23. Cellular tracking?

  24. The future • Local number portability. • Voice/video over the Internet.

  25. Local number portability • A user will be able to keep their phone number forever, (as long as they are in the US) • This will remove geographical issues from wire-line telephone numbers just as it has been removed from cellular. • 10 digit dialing will become much more common.

  26. Area code splits • dividing a specific area code into two area codes. • Increases the available telephone numbers in the network • Two mechanisms, geographical splits or overlays. • Makes the concept of a long distance call more confusing.

  27. Geographic split • Neighboring call can still be dialed with only 7 digits. • NJ’s 908/732 area code split is an example of a geographic split.

  28. Area code overlay • Requires that all calls are dialed with 10 digits. • NYC’s 212 area code split is an example of an area code split overlay.