One of my customers just got hit by the same type of traffic The TN's dialed were: +881835211670 +881842011400 +881935211660 +881935211900 +881935211914 +881935211915 +881935211916 +881935211920 +881942011157 +881942011158 +881942011540 Some other insight on these breeches: Most sat plans (at least that resellers get) include free direct inbound and only bill if you use a dial-around (i.e. Iridium 2-stage dialing etc.) Either way if the owner of the DN was being billed they would just scream fraud, thus the reseller would be risking a lot to make a few quick bucks. I would think someone between the call path would be the one benefiting from this scheme, it's a weird one at that. On Wed, Jan 26, 2011 at 18:20, Carlos Alvarez <carlos at televolve.com> wrote:
A company we work closely with, but is not our customer, had their Cisco Call Manager hacked due to some h.323 vulnerability that I don't have full details on yet. ?There were a number of calls placed to:
881835211540 881835211556 881835211547
My findings indicate these are Globalstar satellite numbers that cost somewhere between $4 and $7/minute to call, depending on carrier. ?The victim's carrier is billing them at $6.50. ?The total bill for the event is around $13k. ?This is a small company that can't really afford this. ?I am not an interested party in the sense that it wasn't on our network, but it's a company we work with a lot and want to help. ?I also want to learn from this to potentially protect our own network.
Some questions...
1. ?What is the scam here? ?The recipient of those calls doesn't gain anything, and placing a few calls to three specific satellite phones seems to have little purpose. ?Many of the calls were concurrent. ?It all happened in the span of just a few hours.
2. ?Anyone experienced the same thing with those numbers or similar numbers?
3. ?About a year ago I attended an FBI presentation on VoIP fraud and there was a VoIP specialist who gave his contact info, but I can't find it. ?What is the best way for this company to report this crime?
-- Carlos Alvarez TelEvolve 602-889-3003
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops