VoIP Security Best Practices

As VoIP has become more accessible and popular, security threats have become a serious problem for service providers. A single fraud event can easily cost a company between three and fifty thousand dollars. In many cases, this number can be even larger. Most experts agree that total loss from VoIP fraud is somewhere between 3 [...]

wires wires

We’re on Going Social

You may have noticed that TransNexus has been Tweeting for a few months now (@Trans_Nexus), and we’re having so much fun we’ve decided to expand our social presence onto Facebook as well. We’ve started our Facebook page to share company news, industry updates, and other helpful information. “Like” us on Facebook to keep up with [...]

facebook facebook

Twitter: The Next Tool for VoIP Fraud?

At TransNexus, we talk a lot about VoIP fraud, especially traffic pumping. (Read this recent article from Jim that explains traffic pumping in detail.) The key with traffic pumping is to find some way to artificially inflate traffic to your own extra profitable destination. Blogger, Mark Collier, has recently suggested that Twitter could be the [...]

twitterhack twitterhack

VoIP Fraud: The Cleanest Form of Money Laundering?

You’ve heard us writing about revenue sharing VoIP fraud on this blog before. But here’s a new application we’ve been hearing about: Money Laundering. Money laundering is, of course, the process of concealing the source of money obtained by illicit means, often by moving the money across international borders. Reports are now surfacing that money [...]

money_laundering money_laundering

SDReporter 5 Takes Fraud Protection Seriously

Fraud is not something to be taken lightly, which is why the latest version of call reporting software, SDReporter, has included extra anti-fraud features. SDReporter 5.0 from TransNexus is a call detail record (CDR) reporting and analysis solution for Acme Packet Session Border Controllers, BroadWorks and Cisco Call Manager. It is designed to be simple [...]

VoIP Security VoIP Security

Chinese Police Trojan Fraud

May 20th, 2013 Valerie_Bradford

A recent article in Infosecurity explains a new Chinese variation on the police trojan fraud. According to the article, fraud is big business in China. Last year there were more than 170,000 cases causing losses of more than $12.5 billion. New evidence suggests this might be getting worse with increasingly sophisticated cyber fraud.

The Dongcheng sub-branch of Beijing’s Public Security Bureau called in Kaspersky Lab to investigate a telecom fraud case. What Kaspersky found was the evolution of China’s traditional fraud into something altogether more sophisticated. Traditionally, fraud in China has involved a phone call that tricks the victim into transferring cash to criminals via an ATM. Now, however, a combination of social engineering, phishing, a data stealing trojan, and the fear factor of a police investigation have taken telecom fraud in China to a new level.

It still starts with a phone call. The targets are informed that they have been implicated in a financial crime and must co-operate with the investigation. They are told to check the website of the ‘Supreme Procuratorate of the People’s Republic of China’ to see if they are official suspects. Once there, they are asked to check the ‘online finance crime database’ – but to do this, the victims must download a plug-in.

“That alleged plugin,” Kaspersky found, “is, in fact, a customized teamviewer application. Once launched, it puts your computer under their complete control. They can use your machine for any operation, just like it was their own.”

But that’s not yet enough – the fraudsters still need the victims’ bank account details. This is done under the continued guise of getting the victims to check the database to find out if they are official suspects – but to get into the database they need to enter their bank account details. The hope, clearly, is that the victims will consider it not unreasonable that their financial details are required for a financial investigation.

This is where the fear factor comes in. It is unlikely that Chinese citizens are less concerned about their own financial investigators than Americans are about IRS investigations – so it is not surprising that the demand for bank details under these circumstances is compelling. “But all of that sensitive data is immediately harvested by the fraudsters. With account numbers, passwords, USB keys and that teamviewer ‘plugin’ tool, the gang now has everything it needs to steal your money.”

And stealing your money just takes a few seconds. “By the time you realize you’ve been tricked, the criminals have already said their farewells and jumped into their virtual getaway car.”

Read More »

Save the date for Comptel Plus

May 17th, 2013 Valerie_Bradford

Mark your calendar to join TransNexus at the 2013 Fall COMPTEL PLUS Convention & EXPO.

The COMPTEL PLUS Convention & EXPO is the preeminent networking event for innovative communications companies and their supplier partners. Held twice a year, COMPTEL PLUS attracted almost 202 exhibitors and more than 4,137 attendees to our 2012 events.

COMPTEL PLUS provides you with the opportunity to learn about new products, services and industry trends; meet potential customers and do business. During the Spring and Fall 2012 conventions, they welcomed 42 new companies to the EXPO hall, giving you great opportunities to meet with a growing universe of vendors and suppliers.

In addition to our EXPO, COMPTEL PLUS offers comprehensive educational programming led by experienced industry speakers. Our educational sessions will provide you with what you need to know about current business, technology and regulatory trends that could impact your business.

COMPTEL PLUS is produced by COMPTEL, the leading industry association representing competitive communications service providers and their supplier partners. COMPTEL members are entrepreneurial companies driving technological innovation and creating economic growth through competitive voice, video, and data offerings, as well as the development and deployment of next-generation IP-based networks and advanced services utilizing fiber, copper and wireless facilities. COMPTEL advances its members’ interests through trade shows, networking, education, and policy advocacy before Congress, the Federal Communications Commission, and the courts. COMPTEL works to ensure that competitive communications providers can continue to offer value pricing, better service, and greater innovation to consumers. COMPTEL’s members create economic growth and improve the quality of life of all Americans through technological innovation, new services and affordable prices so customers have a choice.

Read More »

FCC Plans Transition to All-IP Infrastructure

May 16th, 2013 Valerie_Bradford

The FCC’s Technology Transitions Policy Task Force (Task Force) authorized a 6-month trial to examine providing interconnected VoIP providers direct access to telephone numbers. The goal is to speed the transition away from TDM to all-IP infrastructure while ensuring resiliency.

The FCC is seeking comment and data on several issues. First, the FCC is seeking comment on a VoIP interconnection trial that would gather data to determine whether there are technical issues that need to be addressed and gather information relevant to the appropriate policy framework. Second, regarding migration of the nation’s emergency calling (911) system to Next Generation 9-1-1 (NG911), the FCC is seeking comment on a trial that will assist the Commission, state, local and Tribal governments, and Public Safety Answering Points (PSAPs) in a few geographic areas to answer important technical and policy questions to accelerate the transition. Beyond NG911, the FCC is also seeking comment on how a trial could elicit data on the impact of network resiliency and public safety more broadly as consumers migrate to wireless and IP-based services that are dependent on commercial power. Third, because at least one provider has proposed serving consumers with wireless service in place of wireline service in certain geographic areas, the FCC is seeking comment on a trial that would analyze the impact of doing so and, in particular, focus on the consumer experience and ensure that consumers have the ability to move back to a wireline product during the trial.

“Trials are a smart approach that we have deployed before. Transitions to modern fiber and IP-based broadband networks, and the increased deployment of wireless technology, have the potential to unleash substantial economic benefits for our country, and advance national priorities like education and health care. The ongoing transitions must be handled in a way that advances the Commission’s vital longstanding goals of competition, universal service, consumer protection and public safety,” stated outgoing FCC chairman Julius Genachowski.

Jerry James, CEO of COMPTEL, stated: “The most critical aspect of the transition of the PSTN to IP technology that needs to be addressed is interconnection between competitors and the ILEC on an IP basis for the purpose of exchanging managed voice traffic. COMPTEL believes Commission affirmation of competitors’ interconnection rights on an IP basis under the Act, which we initially asked to be addressed in 2008, would achieve the new, innovative services it wishes to unleash at a faster pace than a trial. Nonetheless, COMPTEL believes the outcome of any trial on the transition to IP should include an IP-to-IP interconnection arrangement that complies with the standards set forth in the Act and will be available for opt-in as part of interconnection agreements.”

Read More »

Paypal predicts the end of passwords

May 15th, 2013 Valerie_Bradford

Michael Barrett, chief information security officer (CISO) at PayPal predicted the end of the password during his Thursday keynote speech at the Interop conference.

“Passwords, when used everywhere with no Internet-scale management system on top of them, are starting to fail us… They are not working any longer for users, they are not working for organizations, and they are not working at the ecosystem level either,” Barrett observed.

Users tend to pick poor passwords and then reuse them on multiple sites, Barrett noted. But users do not want to do anything that increases “friction”; they want their user experience to be “as simple as possible and safe,” he added.

PayPal, along with a group of other high-tech companies, has formed the FIDO Alliance to develop an authentication approach to replace passwords, Barrett explained.

“If we are going to tackle information security, we are going to have to build an open standard that allows us to get to better authentication. That is what the FIDO Alliance is about,” Barrett said. “Our intention is to obliterate user IDs, passwords and PINs from the face of the planet,” Barrett concluded.

Read More »

TransNexus Exhibiting at ITW in Chicago

May 14th, 2013 Valerie_Bradford

TransNexus, the leading provider of VoIP telecom routing and reporting solutions will be exhibiting at the International Telecoms Week (ITW) 2013 held on 13th – 15th May in Chicago, IL. Look for us in booth 1032.

ITW is the key annual event for the wholesale community including carriers, mobile/wireless operators, ISPs and VoIP providers. It comprehensively examines industry challenges and the latest technologies that are presented through information sessions and panels. The event attracts over 5,000 delegates from over 1,700 companies and more than 140 countries.

Delegates can speak to the TransNexus team on any of the three days, or set up meetings to discuss any queries or requirements here.

Read More »

Dial2Win Traffic Pumping Scam

May 13th, 2013 Jim_Dalton

Ever wondered how traffic pumpers create so much bogus telecom traffic without getting shutdown?  They perform this scam by by getting suckers to do the traffic pumping for them.  For an example, go to www.dial2win.com.  This website promises big prizes if you dial one of their lucky numbers and hold the line to keep the call up for long as possible.

Join our game and get ready to win valuable prizes every week. You can win mobile phones, watches, toys, computers, MP3s, iphones, cameras, game consoles and much more. We give away many prizes every week! …

The simple principle of Dial2win is that “the more you play – the more you dial – the more you can win”.

just call one of our lucky numbers to receive your PIN code and hold the line for as many minutes you like. Remember that you receive one Lucky Hit for every minute you hold! The longer you hold, the higher are your chances to win!

The site also says that winners are posted on the Home page.  Needless to say, there are no winners posted.

Read More »

Fraud Update from Allworx

May 13th, 2013 Jim_Dalton

Allworx made the following post to the VoiceOps mailing list after discussion about recent fraud events involving Allworx PBXs.

The recent round of fraudulent calls were almost all the result of systems being installed in a manner that would leave the administrative interface open to the internet (not a system default configuration) and with either weak or default admin passwords.

Some were the result of registering to the server using SIP credentials for third party (non Allworx) devices with weak, and sometimes matching, username and passwords.

Some others occurred because Allworx handsets had been placed directly on the internet and either had the password for the phones administrative interface set to null, or the default.

And lastly, there were a few cases with older phone software, if the handset was accessible from the internet, where copying part of a URI could allow access to the config file stored on the phone, and get the SIP registration parameters in the clear.

Read More »

Unified Communications Creates Security Holes

May 13th, 2013 Valerie_Bradford

Today’s VoIP-enabled phones combine the features of a computer and a network router in one. The power and accessibility of these phones can be turned against them. Researchers have found that an unprotected IP phone gateway will be found and broken into by hackers located anywhere in the world within a week. Research shows you can expect hackers to use your corporate network to rack up about $2,000 worth of fraudulent calls in just 8 hours–or half the time between the end of one workday and the start of the next one.

That’s not just theory; it’s reality. Enterprise customers hit by “toll fraud” tell experts that they lost on average between $10,000 and $20,000 per month. One company lost $200,000 in a single month due to unauthorized international calls, usually to premium 1-900 numbers such as phone sex lines that charge hefty per-minute fees and from which the hackers directly or indirectly earn a cut.

Today’s unified communications (UC) networks mean that VoIP and SIP traffic runs over the same networks as your corporate data. That means that if you don’t take steps to secure your VoIP/SIP networks, you can make the latter vulnerable to malware and the hackers who create them. For example, using a VoIP phone in a company lobby or public area, a hacker with the right skills and knowledge of open- source tools can gain entrance into the corporate data network. Exploiting all-too-common weak passwords, the hacker can gain access to confidential company information and customer information in a matter of several hours.

Again, all of this can be avoided if enterprises take common-sense steps to secure their VoIP/SIP networks. But fail to do so and you expose other potential gaps. Just as hackers have extorted online retailers by threatening to disrupt their Web servers using mass denial of service (DoS) attacks, hackers can extort businesses by threatening to launch worker-crippling DoS attacks against UC networks. Or they can easily steal corporate information, either by eavesdropping on unencrypted VoIP conversations or by breaking into corporate servers.

The number of potentially unprotected pathways into your network is also growing, for two reasons:
1) the rise of telecommuting and home-based workers (and their often-insecure home Wi-Fi networks), and
2) the explosion in employees using tablets and smartphones at work, especially personally owned mobile devices.

To satisfy workers, companies are extending their VoIP and UC networks out to these endpoints. But in their rush, even healthcare and financial services organizations that operate under heavy security and privacy rules such as PCI DSS or HIPAA are often failing to create or enforce strong security policies protecting these remote outposts.

For example, a company may deploy a VoIP phone to a home office worker without forcing him or her to change the default “1234″ access password. In that state, a hacker can easily take control of your phone, either to break into your main corporate network or use it for social engineering purposes. For example, the hacker could change your caller ID to “IT Support” and use it to start calling employees and asking for their login and password details.

Read More »

Beware of fraud from Allworx PBXs

May 13th, 2013 Jim_Dalton

Click Here to Read an update on this issue from Allworks.

One of our customers reports that they are getting hit by a lot of fraudulent calls from their SIP trunking customers who have Allworx PBXs.  Their understanding is that the password used by Allworx technical support has been compromised.   The enterprises that own the PBXs are unaware that their PBX has been hacked.  Fortunately for our customer, their NexOSS system caught the fraudulent calls very quickly and prevented any material financial loss.

Read More »

NexOSS Least Cost Routing for Metaswitch Perimeta

May 10th, 2013 Valerie_Bradford

TransNexus is pleased to announce that intelligent LCR routing can now be deployed at the edge of your Metaswitch network. NexOSS, the leading VoIP Routing, Operations, and Billing Support System can now communicate directly with your Metaswitch Perimeta Session Border Controller. Controlling your routing from the edge of the network at the session border controller saves money and allows greater operating efficiencies.

NexOSS provides VoIP operators with an easy to use web interface for provisioning routes, rates, number translation rules and monitoring traffic analysis and billing reports. NexOSS includes no-loss Least Cost Routing that supports up to 100,000 translations, as well as routing by Quality of Service, time of day, day of week, and customer specific routing.

Click here to learn more about NexOSS and to request a free 90 day trial.

Read More »
« Older Entries
Twitter Delicious Facebook Digg Stumbleupon Favorites More
RSS FeedSubscribe to Our RSS feed!
FOLLOW US ON TWITTERFOLLOW US ON TWITTER

  • Featured Video