The key is vetting the participants. Even the feds have a hard time with that... David -----Original Message----- From: Voipsec [mailto:voipsec-bounces at voipsa.org] On Behalf Of Mark Collier Sent: Friday, February 21, 2014 12:44 To: J. Oquendo Cc: voiceops at voiceops.org; voipsec at voipsa.org; Peter Beckman Subject: Re: [VOIPSEC] [VoiceOps] Tackling VoIP fraud, new idea I like the idea of the list and will participate Mark D. Collier Chief Technology Officer/VP Engineering Securelogix Corporation 13750 San Pedro San Antonio, Texas 78232 (210) 863-9001 www.SecureLogix.com www.voipsecurityblog.com
On Feb 21, 2014, at 12:23 PM, "J. Oquendo" <sil at infiltrated.net> wrote:
On Fri, 21 Feb 2014, Sergey Kolesnichenko wrote:
Why dont't you want to speak about tactics here openly?
Common sense. This is a public list, and there is no way for me to determine the intentions of anyone who is a subscriber to the list. It is a KNOWN fact, that criminals subscribe to security mailing lists such as Bugtraq, Full Disclosure and others. Not for the sake of lending a helping hand, but for other means. Much similar to malware authors who run their malware through VirusTotal to see if anything is going to detect it.
On a private list, there is the accountability factor to equate. Someone subscribed using a corporate email address. Therefore SOME form of vetting took place.
-- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of real peace" - Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
_______________________________________________ Voipsec mailing list Voipsec at voipsa.org http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
_______________________________________________ Voipsec mailing list Voipsec at voipsa.org http://voipsa.org/mailman/listinfo/voipsec_voipsa.org This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
On Fri, 21 Feb 2014, Hiers, David wrote:
The key is vetting the participants. Even the feds have a hard time with that...
Indeed which is why I stated: 1) Private mailing list - to prevent talks from being seen 2) NON freemail addresses - easier to establish that this individual works for this company, therefore its highly unlikely he is going to throw himself, and or his company, under the bus passing bogus information. The "private mailing list" is not to try to start some secret club, VoIP Gestapo. It is merely to be able to share data, methods, etc., with other peers in an effort to keep our networks from piping out 100s of thousands of dollars in toll fraud. PERIOD. ANYONE is open to participate, with the clause that we want to, and NEED to be able to trust data. Otherwise it will never work. I will re-think this over the weekend and have a take two. I think it could, and would work. I do also believe that there are likely individuals even on this list, that would not like the idea much, so hosting decisions need be met, etc., in order to keep away DDoS attacks, reputation based attacks, and so forth. That's my train of thought though. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
One option maybe to cooperate with the Communications Fraud Control Association (www.cfca.org). They do vet their members, but they do not have a mailing list. The association also has an annual membership fee. Jim Dalton -----Original Message----- From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of J. Oquendo Sent: Friday, February 21, 2014 3:38 PM To: Hiers, David Cc: voiceops at voiceops.org; Mark Collier; voipsec at voipsa.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea On Fri, 21 Feb 2014, Hiers, David wrote:
The key is vetting the participants. Even the feds have a hard time with that...
Indeed which is why I stated: 1) Private mailing list - to prevent talks from being seen 2) NON freemail addresses - easier to establish that this individual works for this company, therefore its highly unlikely he is going to throw himself, and or his company, under the bus passing bogus information. The "private mailing list" is not to try to start some secret club, VoIP Gestapo. It is merely to be able to share data, methods, etc., with other peers in an effort to keep our networks from piping out 100s of thousands of dollars in toll fraud. PERIOD. ANYONE is open to participate, with the clause that we want to, and NEED to be able to trust data. Otherwise it will never work. I will re-think this over the weekend and have a take two. I think it could, and would work. I do also believe that there are likely individuals even on this list, that would not like the idea much, so hosting decisions need be met, etc., in order to keep away DDoS attacks, reputation based attacks, and so forth. That's my train of thought though. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Hi, team - In the early days of Public Key Infrastructure, we had easy ways to solve these trust questions. The list admin creates a public-key / private-key pair called the LIST_CERT. Giving anyone the LIST_CERT gives them both keys in the pair. The list admin creates a public-key / private-key pair called the VoIPSec Certificate Authority key-pair. The public-key becomes publicly available, but the private key is NEVER GIVEN OUT to anyone. The VoIPSec_CA_CERT contains the public-key, but NOT the private-key. To join the list, each participant must prove (once) that the email address they give us is authentic. The new participant creates a personal key pair and gives ONLY the public key to the list administrator as a certificate signing request. The new participant will then be given a CERTificate that signs his personal public key with the VoIPSec_CA key. Legitimate participants to the mailing list are given the LIST_CERT. If someone does not have the LIST_CERT, eavesdroppers will be unable to decrypt emails on the list. All emails to the email list are SIGNED by an personal CERT (that is SIGNED by VoIPSec_CA) and the body of the email is also ENCRYPTED using the LIST_CERT. Since the signature will match, the email could only have come from that particular sender (and the body could not have been altered). And the body of every email can be decrypted by any authentic list member. Does that work well? Cheers, / Jim -----Original Message----- From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Jim Dalton Sent: Friday, February 21, 2014 3:18 PM To: 'J. Oquendo'; 'Hiers, David' Cc: voiceops at voiceops.org; 'Mark Collier'; voipsec at voipsa.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea One option maybe to cooperate with the Communications Fraud Control Association (www.cfca.org). They do vet their members, but they do not have a mailing list. The association also has an annual membership fee. Jim Dalton -----Original Message----- From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of J. Oquendo Sent: Friday, February 21, 2014 3:38 PM To: Hiers, David Cc: voiceops at voiceops.org; Mark Collier; voipsec at voipsa.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea On Fri, 21 Feb 2014, Hiers, David wrote:
The key is vetting the participants. Even the feds have a hard time with that...
Indeed which is why I stated: 1) Private mailing list - to prevent talks from being seen 2) NON freemail addresses - easier to establish that this individual works for this company, therefore its highly unlikely he is going to throw himself, and or his company, under the bus passing bogus information. The "private mailing list" is not to try to start some secret club, VoIP Gestapo. It is merely to be able to share data, methods, etc., with other peers in an effort to keep our networks from piping out 100s of thousands of dollars in toll fraud. PERIOD. ANYONE is open to participate, with the clause that we want to, and NEED to be able to trust data. Otherwise it will never work. I will re-think this over the weekend and have a take two. I think it could, and would work. I do also believe that there are likely individuals even on this list, that would not like the idea much, so hosting decisions need be met, etc., in order to keep away DDoS attacks, reputation based attacks, and so forth. That's my train of thought though. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
What does the "International Revenue Fraud Number Database" on cfa.orgcontain? I agree it's tricky to block based on hosts, you hit one and the others start popping up. -- Christopher Aloi -- ctaloi at gmail.com On Fri, Feb 21, 2014 at 4:17 PM, Jim Dalton <jim.dalton at transnexus.com>wrote:
One option maybe to cooperate with the Communications Fraud Control Association (www.cfca.org). They do vet their members, but they do not have a mailing list. The association also has an annual membership fee.
Jim Dalton
-----Original Message----- From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of J. Oquendo Sent: Friday, February 21, 2014 3:38 PM To: Hiers, David Cc: voiceops at voiceops.org; Mark Collier; voipsec at voipsa.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
On Fri, 21 Feb 2014, Hiers, David wrote:
The key is vetting the participants. Even the feds have a hard time with that...
Indeed which is why I stated:
1) Private mailing list - to prevent talks from being seen
2) NON freemail addresses - easier to establish that this individual works for this company, therefore its highly unlikely he is going to throw himself, and or his company, under the bus passing bogus information.
The "private mailing list" is not to try to start some secret club, VoIP Gestapo. It is merely to be able to share data, methods, etc., with other peers in an effort to keep our networks from piping out 100s of thousands of dollars in toll fraud. PERIOD. ANYONE is open to participate, with the clause that we want to, and NEED to be able to trust data. Otherwise it will never work.
I will re-think this over the weekend and have a take two. I think it could, and would work. I do also believe that there are likely individuals even on this list, that would not like the idea much, so hosting decisions need be met, etc., in order to keep away DDoS attacks, reputation based attacks, and so forth. That's my train of thought though.
-- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of real peace" - Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
It is a list of subscriber numbers that have been identified as destinations for fraudulent calls. The list is compiled by members of the GSM Fraud Forum and the CFCA. In addition to the subscriber number, the list identifies the organization that submitted the number and the reason why. Jim Dalton TransNexus From: Christopher Aloi [mailto:ctaloi at gmail.com] Sent: Monday, February 24, 2014 10:50 AM To: Jim Dalton Cc: J. Oquendo; Hiers, David; voiceops at voiceops.org; Mark Collier; voipsec at voipsa.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea What does the "International Revenue Fraud Number Database" on cfa.org contain? I agree it's tricky to block based on hosts, you hit one and the others start popping up. -- Christopher Aloi -- ctaloi at gmail.com On Fri, Feb 21, 2014 at 4:17 PM, Jim Dalton <jim.dalton at transnexus.com> wrote: One option maybe to cooperate with the Communications Fraud Control Association (www.cfca.org). They do vet their members, but they do not have a mailing list. The association also has an annual membership fee. Jim Dalton -----Original Message----- From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of J. Oquendo Sent: Friday, February 21, 2014 3:38 PM To: Hiers, David Cc: voiceops at voiceops.org; Mark Collier; voipsec at voipsa.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea On Fri, 21 Feb 2014, Hiers, David wrote:
The key is vetting the participants. Even the feds have a hard time with that...
Indeed which is why I stated: 1) Private mailing list - to prevent talks from being seen 2) NON freemail addresses - easier to establish that this individual works for this company, therefore its highly unlikely he is going to throw himself, and or his company, under the bus passing bogus information. The "private mailing list" is not to try to start some secret club, VoIP Gestapo. It is merely to be able to share data, methods, etc., with other peers in an effort to keep our networks from piping out 100s of thousands of dollars in toll fraud. PERIOD. ANYONE is open to participate, with the clause that we want to, and NEED to be able to trust data. Otherwise it will never work. I will re-think this over the weekend and have a take two. I think it could, and would work. I do also believe that there are likely individuals even on this list, that would not like the idea much, so hosting decisions need be met, etc., in order to keep away DDoS attacks, reputation based attacks, and so forth. That's my train of thought though. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF> &search=0x2BF7D83F210A95AF _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
An embedded and charset-unspecified text was scrubbed... Name: not available URL: <https://puck.nether.net/pipermail/voiceops/attachments/20140224/6234cdd9/att...>
The CFCA may not want that information shared publicly. It would be best to ask them directly at fraud at cfca.org <mailto:fraud at cfca.org%A0> From: Paul Timmins [mailto:paul at timmins.net] Sent: Monday, February 24, 2014 1:04 PM To: jim.dalton at transnexus.com Cc: 'Christopher Aloi'; 'Mark Collier'; voipsec at voipsa.org; voiceops at voiceops.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea How many entries are on the list, and how quickly are they added? Mulling over the $2500 cost of membership to gain access. On Mon, 02/24/2014 12:43 PM, "Jim Dalton" <jim.dalton at transnexus.com> wrote: It is a list of subscriber numbers that have been identified as destinations for fraudulent calls. The list is compiled by members of the GSM Fraud Forum and the CFCA. In addition to the subscriber number, the list identifies the organization that submitted the number and the reason why. Jim Dalton TransNexus From: Christopher Aloi [mailto:ctaloi at gmail.com] Sent: Monday, February 24, 2014 10:50 AM To: Jim Dalton Cc: J. Oquendo; Hiers, David; voiceops at voiceops.org; Mark Collier; voipsec at voipsa.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea What does the "International Revenue Fraud Number Database" on cfa.org contain? I agree it's tricky to block based on hosts, you hit one and the others start popping up. -- Christopher Aloi -- ctaloi at gmail.com On Fri, Feb 21, 2014 at 4:17 PM, Jim Dalton <jim.dalton at transnexus.com> wrote: One option maybe to cooperate with the Communications Fraud Control Association (www.cfca.org). They do vet their members, but they do not have a mailing list. The association also has an annual membership fee. Jim Dalton -----Original Message----- From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of J. Oquendo Sent: Friday, February 21, 2014 3:38 PM To: Hiers, David Cc: voiceops at voiceops.org; Mark Collier; voipsec at voipsa.org Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea On Fri, 21 Feb 2014, Hiers, David wrote:
The key is vetting the participants. Even the feds have a hard time with that...
Indeed which is why I stated: 1) Private mailing list - to prevent talks from being seen 2) NON freemail addresses - easier to establish that this individual works for this company, therefore its highly unlikely he is going to throw himself, and or his company, under the bus passing bogus information. The "private mailing list" is not to try to start some secret club, VoIP Gestapo. It is merely to be able to share data, methods, etc., with other peers in an effort to keep our networks from piping out 100s of thousands of dollars in toll fraud. PERIOD. ANYONE is open to participate, with the clause that we want to, and NEED to be able to trust data. Otherwise it will never work. I will re-think this over the weekend and have a take two. I think it could, and would work. I do also believe that there are likely individuals even on this list, that would not like the idea much, so hosting decisions need be met, etc., in order to keep away DDoS attacks, reputation based attacks, and so forth. That's my train of thought though. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF> &search=0x2BF7D83F210A95AF _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
On 2/24/14 7:50 AM, Christopher Aloi wrote:
What does the "International Revenue Fraud Number Database" on cfa.org <http://cfa.org> contain?
It's the internet. Pictures of cats, of course. Cats are always on-topic. Or did you mean http://www.cfca.org ? <emily litella> Never mind. </emily> -- Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
ha ! Wow - Actual cats on the internet !! // my bad.. Correct - http://www.cfca.org On 24 Feb 2014, at 14:14, Jay Hennigan wrote:
On 2/24/14 7:50 AM, Christopher Aloi wrote:
What does the "International Revenue Fraud Number Database" on cfa.org <http://cfa.org> contain?
It's the internet. Pictures of cats, of course.
Cats are always on-topic.
Or did you mean http://www.cfca.org ?
<emily litella>
Never mind.
</emily>
-- Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
participants (7)
-
ctaloi@gmail.com -
David.Hiers@adp.com -
jay@west.net -
jim.dalton@transnexus.com -
jim.gast@tdstelecom.com -
paul@timmins.net -
sil@infiltrated.net