VoIP fraud is very sophisticated and it's not just about toll fraud. The author uses a small snapshot and tries to suggest scenarios. However, that's like the one-shot case study that shows all clover have 4 leaves and are sometimes green. You need much more data (and investigation) to make any proper conclusions.
Often the multiple calls a denial of service - frequent numbers are often large companies being subject to a denial of service (the US embassy is a popular target) or they are test calls to verify a server works (i.e. call their own number and listen for audio) before pimping it out for toll fraud.
The PA ones could be a mix of that plus the more sinister DoS block on targets about to be attacked to prevent them calling for help.
There's a list of hack attempts over a much longer period available at https://network-systems-solutions.ca/voipblocklist.php That gives a bit more meat for anyone interested in looking for patterns (or protecting their server I suppose)
I ran a VoIP server for an application. It received daily attack attempts in various formats. The only reason it never got abused was that I tightly bound it to the application logic, so essentially no call outside the application could be placed. You can secure it without doing that, but it's very easy to get it wrong - there's a lot of horror stories out there. I definitely would've been pwned if I didn't write direct application code into the server from the get-go. I only learned of the various attacks over time from inspecting the logs.
Quite often those numbers will be another hacked service, which is set to forward the calls. Perhaps eventually to a premium service. This is done to better hide the origination.
Another common fraud is to provide cheap calls to a certain area/country. (often named black/grey routes).
Basically the telco or state regulators might have a very expensive price to call a certain country/network. You set up your own telephony service in country A, route incoming calls over the internet to country B where you set up a similar service that can terminate the calls in country B.
Your call the phone number in country A , that phone is just a bot/pbx, which routes the call over to country B, but using the cheap internet, instead of the expensive price your telco would charge you to do. Seen from the telco in both in country A and B, it's just two local calls.
What's even cheaper than doing this ? Hack an existing PBX tp do the same, to incur all costs to the PBX owner.
They are almost certainly test numbers, to see if they can get calls through to a country where calling is expensive. Often if you attempt to set up a call & not SIP 403 reject, they won't accept the audio media, so call setup cannot complete.
I wonder if the author had considered more closely replicating a 'real call'? Most of the fraudsters use automated dialers that anticipate the 200OK as a successful call ... etc.
I did something like that, and was surprised to learn both the lack of media, and predictable media (white noise, or a particular pre-recording) were themselves indicative of 'artificial traffic' (and therefore, likely fraud).
Actually, the honeypot system is slightly smarter than that. Some of the honeypots are actually based up a SIPP UAS scenario, which will accept any traffic and will play back an audio file of 5 minutes. Those servers normally yield slightly different results, that normally look like a scan, then followed by a media test then followed by something that looks almost manual - and after the manual test, they go away, after realizing they hit a honey pot.
Yeah, often fraudsters using Sipvicious won't complete the call and connect to media, I've seen this when routing all unauthorized traffic to 800 numbers.
I see attempts to push fraudulent traffic constantly on my SIP servers, recently I've taken to putting recordings on for them or routing to a random 800 number.
Is calling Palestine Mobile Phones not possible over VOIP currently? I kinda want to let a few calls complete, cause that is often a destination fraudulent call attempts try to call. I see the prefix in my ratedeck, anyone know of a less expensive provider?
Israel,Palestine,97292,0.189,1,1
Israel,Palestine,97282,0.189,1,1
Israel,Palestine,97242,0.189,1,1
Israel,Palestine,97222,0.189,1,1
Israel,Palestine Mobile Other,97259,0.219,1,1
Israel,Palestine Mobile Other,97256,0.219,1,1
actually, people don't really know the following: The PA is identified by both the 972 (Israel) country code and the 970 (PA) country code.
When calling Israel on 97259, or 97222, or 97242, or 972502, or 972522 or 972542 - in some specific number ranges, you actually reach the PA. This is why many Israeli and worldwide PBX owners have routing mistakes on them, and you can basically get a minute of PA traffic, that normally costs around $0.19 for - wait for it - $0.008.
The main issue is that when the ITU assigned 970 to the PA, they never made them drop the 972 prefix - resulting in the world's longest arbitrage wholesale game.
A coffee shop just because it's Amsterdam? That's interesting prejudice right there. Everybody would be losing their shit if it was a black country and it mentioned something typical of there...
Dude, calm down, if you don't live in the Netherlands, coffee shop refers to a place like Starbucks that usually has free wifi, which makes sense in the context he's describing. That's what he meant. I moved here 3 months ago and I still accidentally ask people if they want to stop by a coffee shop when I meant I wanted to stop and get coffee.
[+] [-] voip23|9 years ago|reply
Often the multiple calls a denial of service - frequent numbers are often large companies being subject to a denial of service (the US embassy is a popular target) or they are test calls to verify a server works (i.e. call their own number and listen for audio) before pimping it out for toll fraud.
The PA ones could be a mix of that plus the more sinister DoS block on targets about to be attacked to prevent them calling for help.
There's a list of hack attempts over a much longer period available at https://network-systems-solutions.ca/voipblocklist.php That gives a bit more meat for anyone interested in looking for patterns (or protecting their server I suppose)
[+] [-] kimi|9 years ago|reply
[+] [-] kimi|9 years ago|reply
[+] [-] falsedan|9 years ago|reply
[+] [-] emerongi|9 years ago|reply
[+] [-] cixin|9 years ago|reply
What's the pay off? The numbers listed in the article are not premium rate. Are they just test numbers or is there another pay off?
[+] [-] noselasd|9 years ago|reply
Another common fraud is to provide cheap calls to a certain area/country. (often named black/grey routes).
Basically the telco or state regulators might have a very expensive price to call a certain country/network. You set up your own telephony service in country A, route incoming calls over the internet to country B where you set up a similar service that can terminate the calls in country B.
Your call the phone number in country A , that phone is just a bot/pbx, which routes the call over to country B, but using the cheap internet, instead of the expensive price your telco would charge you to do. Seen from the telco in both in country A and B, it's just two local calls.
What's even cheaper than doing this ? Hack an existing PBX tp do the same, to incur all costs to the PBX owner.
[+] [-] telebone_man|9 years ago|reply
I suspect this fraudster would 'resell' the route to a wholesaler.
[+] [-] trome|9 years ago|reply
[+] [-] telebone_man|9 years ago|reply
I did something like that, and was surprised to learn both the lack of media, and predictable media (white noise, or a particular pre-recording) were themselves indicative of 'artificial traffic' (and therefore, likely fraud).
[+] [-] nirsimionovich|9 years ago|reply
[+] [-] trome|9 years ago|reply
[+] [-] trome|9 years ago|reply
Is calling Palestine Mobile Phones not possible over VOIP currently? I kinda want to let a few calls complete, cause that is often a destination fraudulent call attempts try to call. I see the prefix in my ratedeck, anyone know of a less expensive provider?
Israel,Palestine,97292,0.189,1,1 Israel,Palestine,97282,0.189,1,1 Israel,Palestine,97242,0.189,1,1 Israel,Palestine,97222,0.189,1,1 Israel,Palestine Mobile Other,97259,0.219,1,1 Israel,Palestine Mobile Other,97256,0.219,1,1
[+] [-] mbrookes|9 years ago|reply
800 numbers aren't free - the recipient pays. It may even be illegal to forward your fraud traffic to them (but IANAL).
[+] [-] nirsimionovich|9 years ago|reply
When calling Israel on 97259, or 97222, or 97242, or 972502, or 972522 or 972542 - in some specific number ranges, you actually reach the PA. This is why many Israeli and worldwide PBX owners have routing mistakes on them, and you can basically get a minute of PA traffic, that normally costs around $0.19 for - wait for it - $0.008.
The main issue is that when the ITU assigned 970 to the PA, they never made them drop the 972 prefix - resulting in the world's longest arbitrage wholesale game.
[+] [-] tehaugmenter|9 years ago|reply
http://webcache.googleusercontent.com/search?q=cache:94_ZVFM...
[+] [-] nirsimionovich|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] akjainaj|9 years ago|reply
[+] [-] p94ka|9 years ago|reply
[+] [-] baldeagle|9 years ago|reply