Here is an article summarizing telecom/toll fraud in 2011:
http://www.channelpartnersonline.com/blogs/peertopeer/2011/12/2011-s-biggest-frauds-and-phreaks.aspx
Search Blog
- Search Blog
Become a Fan
Books
- SecureLogix State of Voice Security Report
- Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions: David Endler,Mark Collier: 9780072263640: Amazon.com: Books
- Securing Cisco IP Telephony Networks (Networking Technology: IP Communications): Akhil Behl: 9781587142956: Amazon.com: Books
- Amazon.com: Seven Deadliest Unified Communications Attacks
- Hacking VoIP: Protocols, Attacks, and Countermeasures: Himanshu Dwivedi: Books
- Securing VoIP Networks
- Voice over Internet Protocol (VoIP) Security
- Practical VoIP Security
- Understanding Voice over Ip Security
Conferences
Recent Posts
- Lots of Press on Telephony Denial of Service (TDoS)
- Dial Through Fraud (DTF)/Toll Fraud Attack Using Robocalls
- SecureLogix White Paper on Telephony Denial of Service (TDoS)
- Additional Bulletins Warning of Telephony Denial of Service (TDoS) Attacks on 911 Centers
- Automated Telephony Denial of Service (TDoS) Attack Basics
- VoIP/UC Security Article In Connect Converge
- 2013 SecureLogix State of Voice Security Report
- Bulletin on TDoS Attacks Against 911 Services
- Harassing Call and SWAT Attack
- Article About Toll Fraud And Its Impact on Small Businesses
General Articles
- Mark Collier Article on VoIP/UC Security, 3/2013
- VoIP Security Issues, 1/2013
- Security Researcher Demonstrates Enterprise VoIP Phone Hack at Recent Amphion Forum - Yahoo! Finance, 12/2012
- 8 Most Common VoIP Internet Security Threats | ICCIEV, 11/2012
- How to get Water Tight VOIP Security, 10/2012
- Strong VoIP Security Starts with Careful Planning, 2012
- Strong VoIP Security Starts with Careful Planning, 9/2012
- VoIP Security Recommendations, 8/2012
- Attackers Divert Bank Phone Calls to Cover Tracks - Dark Reading, 2/2012
- FCC Passes Law Allowing Consumers to Block Automatically Generated Calls, 2/2012
- Hiding messages in VoIP packets, 10/2011
- Skype Security Flaw Potential Terrorist Threat, NYU Professor Says | Fox News, 10/2011
- Courthouse News Service, 8/2011
- VoIP Security Threats Explained, 8/2011
- VoIP Security: Sweat It, at Least a Little Bit | Blogs | ITBusinessEdge.com, 1/2011
- Master of Unified Communications: Addressing UC Security Concerns | Network World, 10/2010
- Cisco Community Central: Innovators Forum, VoIP Security, 11/2010
- NoJitter Article on Vunneling, 6/2010
- NoJitter Article on UC Security, 8/2010
- Security Issues in VoIP, 7/2010
Interesting Documents
- State of Voice Security Report 2013
- Toll Fraud Slides - Old but Decent
- PBX Hacking and Telephony Fraud Notice by Ireland’s Commission for Communications Regulations, 5/2009
- Cisco White Paper on VoIP Security
- Emerging Cyber Threats for 2009, 10/2008
- Paper on General VoIP Security, x/2007
- SANS Institute - VoIP Security Vulnerabilities, 12/2007
- NIST VoIP Security Guidelines
- VoIP Security: A Layered Approach
- VoIP Security Threat Taxonomy
Interesting Presentations
- CFCA Fraud Report for 2011
- Toll Fraud Presentation
- SIP Trunking and Security in an Enterprise Network, 9/2008
- ICE Tutorial
- Presentation on Nortel Unistim Vulnerabilities, xx/2007
- Hacking and Attacking VoIP Systems” - Slides from my Astricon 2007 presentation about Asterisk and VoIP security, 1/2008
- RTP Stenography
- Dustin Trammells Presentation on VoIP Security
- Third Annual VoIP Security Workshop
Interesting Videos
- Hacking Cisco Phones [29C3] - YouTube, 1/2013
- TMCnet Videos - Found in the wild: Telecom Fraud and Security Problems, 12/2012
- Cisco IP Communicator Web Server - Ton of Information Revealed - YouTube, 11/2012
- TMCnet Videos - 9 Sins of VOIP Security (and How to Fix Them)-Part 1, 10/2012
- AstriCon VoIP Security - $400,000 fraud. Yikes! - YouTube, 10/2011
- DTMF Hacking - Europe 2012 // Home, 3/2012
- #HITB2012AMS D2T2 - Rahul Sasi - CXML VXML IVR Pentesting for Auditors - YouTube, 10/2011
« TDoS/Harassing Call/Phone Bombing Attack on MI6 | Main | British Telecom (BT) Reports Toll Fraud Happens Along with 98% of Data Attacks »
April 14, 2012
Comments
Verify your Comment
Previewing your Comment
This is only a preview. Your comment has not yet been posted.
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Toll Fraud
- Ofcom warns firms about rising levels of ‘dial-through fraud’ | Mobile News Online, 5/2013
- Guest Blog - VoIP Fraud: What to Expect & How to Stop It | GetVoIP.com, 4/2013
- Beware the fraudsters as phone jacking rises | Bdaily Business News, 4/2013
- Toll fraud challenges and prevention in a VoIP environment | PandoDaily, 4/2013
- Businesses losing tens of thousands of euro over hacked phone calls, 4/2013
- BBC Radio 4 - You and Yours, Hijacked phone lines, 4/2013
- Toll fraud can put SMEs out of business in minutes | Company Press Releases, 3/2013
- Sen. Schumer: Al Qaeda-linked phone hackers costing NY small businesses | Government Security News, 1/2013
- ComReg warns businesses of increase in phone hacking · Business ETC, 12/2012
- Hackers Hit DeSoto Phone System, Run Up $23K Bill | Memphis Breaking News, Weather and Sports | WPTY-TV | ABC24, abc24.com, 9/2012
- CFCA Fraud Report for 2011
- The Associated Press: AT&T drops lawsuit, Mass. man says he has issues, 7/2012
- 98% of hackers also hit businesses with Dial Through Fraud, 5/2012
- 1000 scam calls hit WA business - Networks - SC Magazine Australia - Secure Business Intelligence, 3/2012
- Security Manager's Journal: Hackers Call Home, on Our Dime - Computerworld, 2/2012
- Man From Maryland Sentenced for $4 Million Payphone Fraud Scheme | LoanSafe, 1/2012
- AstriCon VoIP Security - $400,000 toll fraud - YIKES!, 10/2011
- North West Evening Mail | News | Furness firm targeted by Somalian fraudsters, 4/2011
- BBC News - The other kind of phone hacking, 2/2011
- BBC News - Hackers target NI Department of Finance phone network, 2/2011
Harassing Calls/TDoS
- Targeted ‘phone ring flooding’ attacks as a service going mainstream | Webroot Threat Blog - Internet Security Threat Updates from Around the World, 2/2013
- DHS, FBI warn over TDoS attacks on emergency centers - CSO Online - Security and Risk, 4/2013
- Telephony Denial-of-Service Attacks Prompt Federal Attention | threatpost, 4/2013
- DHS Warns of ‘TDos’ Extortion Attacks on Public Emergency Networks — Krebs on Security, 4/2013
- Telephony Denial of Services (TDOS) to Public Safety Communications Phone Service | Public Safety Communications, 3/2013
- DHS NCCIC Bulletin on TDoS Attacks Against 911, 3/2013
- The World Has No Room For Cowards — Krebs on Security, 3/2013
- Who can stop robocalls? FTC tries to crowdsource a solution but falls flat | The Verge, 1/2003
- FBI: Dirty deedsters are tweaking telephony attacks; coercion, 1/2013
- Phonetic attack commands crash bank phone lines - Networks - SC Magazine Australia - Secure Business Intelligence, 9/2012
- Firm Sees More DDoS Attacks Aimed at Telecom Systems | threatpost, 7/2012
- Massive DDoS attacks a growing threat to VoIP services - networking, security, Telecommunication, unified communications, VoIP - CIO, 10/2011
- Walmart Bomb Threats Rattle Kansas, Missouri - Yahoo!, 7/2012
- DDoS crooks: Do you want us to blitz those phone lines too? ⢠The Register, 7/2012
- SMS, Email and Phone Call Floods Used by Fraudsters to Hide Illegal Money Transfers - Softpedia, 7/2012
- Team Poison hacker jailed over Tony Blair security breach | Naked Security, 7/2012
- Team Poison hacks MI6 —then calls to boast - Technology & science - Security - msnbc.com, 4/2012
- BBC News - Cyber-attack on BBC leads to suspicion of Iran's involvement, 3/2012
- FBI — Cyber Security: Threats to the Financial Sector, 9/2011
- FBI — Phony Phone Calls Distract Consumers from Genuine Theft, 5/2010
Voice SPAM/Voice Phishing
- Protect Yourself from Vishing Scams, 3/2012
- Phishing scam targets hotel guests in the middle of the night, 10/2012
- More con artists try phone scams – USATODAY.com, 9/2012
- FBI: Pa. man stole Microsoft co-founder's identity - Yahoo! News, March 27, 2012
- Fake Caller ID Attacks On The Rise - Dark Reading, 3/2012
- Cybercriminals use "computer security" phone scam to grab credit card details, 6/2011
- VoIP Phishing in the Salt Lake Area, 7/2010
- Internet phone systems become the fraudster's tool, 10/2009
- Its only a matter of time until IP telephony is hit by spam and malware experts say, 6/2008
- [0806.1610] SPAM over Internet Telephony and how to deal with it
- The Anatomy of a Vishing Scam - Security Fix, Security Fix, 3/2008
- Vishing: The Latest, and Greatest, Security Concern | Security | bMighty.com, 2/2008
VoIP Security Blogs/Links
- Telecom Fraud and Technologies
- A Unified Communications / IP Telephony Security Blog
- VoIP Security | Telecom
- blog | TrustID | Automatic Caller Authentication
- SecVoipSecVoip » VoIP/VVoIP/UC Security Blog
- VOIP Security Resources - The Security Skeptic
- Voice over IP Security Alliance (VOIPSA)
- Seven Deadliest Unified Communications Attacks
- Blue Box: The VoIP Security Podcast
- VoIP security - Network World
Thank you for the link on the 2011's fraud! By this we can learn from last year and eventually prevent this from reoccuring agarin!
Posted by: Travis Koch | April 22, 2012 at 08:53 AM
Thanks for the cross link, 2011 was a busy year to write about and 2012 is starting off just as bad.
Please everyone protect yourselves, keep the basics of:
- Change from default passwords
- Remove excess or unneeded voice mailboxes
- Only give dial-out abilities to those who really need it (a phone card is a better option)
- Monitor your phone bills for unusual activity
- Read Mark's and other blogs to keep up to date
Eric
Posted by: Eric Klein | April 25, 2012 at 04:22 AM
They have a nice Cisco CUCM deployment (CUCMCUBEITSP), SIP all the way from CUCM to ITSP, they could not understand how they fell victim of a hacker burning traffic at their expense.
Posted by: gaylordsecurity.com | June 20, 2012 at 07:08 AM
It's amazing what a lot of people will do just to earn a quick buck. They sometimes don't care who they inconvenience. That's why it's best to be extra vigilant against scammers.
Posted by: alarm systems Bristol | July 17, 2012 at 01:22 AM
The Cisco equipment is certainly very secure, but some customers deploy it in its default configuration, which can be non-secure.
Posted by: Mark Collier | July 30, 2012 at 10:28 AM