Fluff, fluff, fluff, fluff, fluff... "Pindrop Security, a startup focused on combating phone-based fraud for banks and enterprise call centers, has released a new report outlining some of the risks phone fraud poses to financial institution call centers." http://www.securityweek.com/financial-phone-fraud-attempts-double-1h-2013-re... ------------ Outside of a nice little bit of marketing, I think most of us know, and see that phone fraud is up however, some of what is quoted just sounds off: "counted over 2.4 million consumer complaints of phone fraud attempts." First... How big of a call center would they have to count this many complaints. Second, we can go back to the "Ghost calls" thread (Hennigan) from 11/12 and others... Does a phantom call constitute a complaint. What about the 100,000 ghost calls sent my one attacker? I have been meaning to do some more analytics on some of the junk I have seen, but become overwhelmed. I am highly convinced that right now, there is 1) About a half dozen groups highly focused on this (VoIP heavy hitters), and 2) there is a forum shared by the attackers amongst one another sort of a "VoIP carders market" (if you will), where an attacker will post compromised servers to share in what I perceive is a "fraudulent calling card" center with a way to give kickbacks to carriers in questionable countries. I believe the end destination carrier in some cases is likely related (family wise) to some of the attackers. E.g.: Palestine has been ramping things up via VoIP attacks. What I notice is these attackers try to call numbers whose carrier is owned by another Palestinian elsewhere. And it is not isolated to Palestine, they happen to be the heavy hitters via my logs this quarter. I have seen: Romanian attacker --> route calls to company in UK which happens to be owned by (drum roll) another Romanian. Nevertheless, thought I'd ramp up some discourse on VoIP and the oft overlooked (or is it underlooked) topic of security. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF