Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Toll Fraud on 8x24, I think the line provider is full of it! Give me your opinions !!!

Status
Not open for further replies.
Cat5Jive

Cat5Jive

Vendor
May 14, 2012
106
CA
Hi all,

I'm a Interconnect with many years experience working Norstar and other systems and what I am being told by a line provider is not adding up.

I have a customer with an 8x24 and Flash 2 voicemail. 5 VM boxes on the system, included SM and GD, 2 info mailboxes and 1 subscriber.
No Outdials have been configured on any mailbox. Flash obviously does not include the ability to Outbound Xfer but it does have the ability to technically dial out for remote VM notification.

Customer's line provider says over 500 hours of international LD was made via 1 single analog line over the course of less than one hour. Obviously they blame an insecure system and have produced a very large invoice to cover off this expense. In my long standing experience, the best case scenario for a fraudster would be to utilize link transfer and multiple lines to make fraudulent calls, but the supplier states that they ALL occurred on the same line in a very short period of time. My thought is that there is no way this was processed through the 8x24 and this was some sort of CO hack upstream that produced this fraud. Any thoughts on this? Anyone ever see anything like it??

Thanks!

C5J
 
Sort by date Sort by votes
Now the line provider tells me the system will "release" the lines which will not disconnect the original caller and call recipient. Thoughts??
 
Upvote 0 Downvote
I am having this same problem with a customer with a flash talk, My customer has local link lines, which allow the customer to transfer a caller on there line. Somehow the fraudsters have figured out a remote sequence of numbers to allow the CO line to return dial tone. Provider Bell Canada says they can't restrict international calls and allow only North America calls. But other providers will. A temp fix is to have line provider to program forced verified account codes.

Does anyone know was the fraudsters are dealing to return dial tone one voicemail has answered call..
 
Upvote 0 Downvote
It's interesting that even today (when international calls over SIP trunks cost a few cents per minute) it makes sense to people to try to make fraudulent calls like this.

It is an interesting puzzle how someone could achieve this. My personal guess based on the available information is this:
1. The analog trunk has an external transfer capability turned on at the CO (i.e., the trunk's subscriber can dial a star code to transfer an external incoming call to an external destination).
2. The external attacker makes a call to the analog trunk and gets routed to a mailbox.
3. When prompted to record a message, the attacker generates DTMF digits for the trunk's external transfer star code followed by the desired external destination (these digits get recorded).
4. The voicemail system gives the caller/attacker the option to review the recorded message and the caller selects that option.
5. The voicemail system plays back the recorded DTMF digits - because these digits are coming from the analog trunk subscriber, CO interprets them as a request to make an external transfer. As a result, the call is disconnected from the analog trunk and transferred to the external destination dialed by the attacker in step 3.
6. The attacker makes another call to the analog trunk and repeats steps 3 to 5 over and over again. This way, the attacker is able to make many such calls within just one hour.
 
Upvote 0 Downvote
Check Toll Fraud in FAQ at the top of the switch, if the Norstar is not locked down you will get Toll Fraud

OLD ROLMEN WORKING ON NORTELS AND AVAYA
 
Upvote 0 Downvote
Ask the carrier for a printout of the calls, it might provide a clue such as which line in the system and what digits were dialed.

Make sure to add restrictions including 10 (for those 1010 type numbers).

Check your lines for DISA too

"Now the line provider tells me the system will "release" the lines which will not disconnect the original caller and call recipient. Thoughts?? "
Sorry but I don't get that sentence, hard day though.






________________________________________
We take the time to try to answer your questions for free, please return the favor and take the time to answer back and include any resolution you found elsewhere, thanks.

=----(((((((((()----=

small-logo-sig.png

Toronto Canada
 
Upvote 0 Downvote
Even from this side of the pond, it's hard to grasp what the line provider is saying. As has been said, only one call per line at a time can be used.

I'm agreeing with Ucxguy that the calls were unlikely to have ever reached the Norstar system and that they were somehow diverted in the exchange because one analogue line can't have made all those calls within an hour.

Check the call reports that the outgoing calls were made from the Norstar end.

Firebird Scrambler
Nortel and Avaya Meridian 1 / Succession and BCM / Norstar Programmer

Very advance high level knowledge on the Linux BCM phone system.

Website
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jsaad
  • Locked
  • Question
toll fraud.. how'd they do it?
Replies
3
Views
120
Qzwsa
Qzwsa
N
  • Locked
  • Question
Need support on dial 9 Nortel MICS PRI When dial 9 display states Invalid number. Incoming DIDS work fine. Been working for years. Provider 1
Replies
6
Views
661
Nortel dino
N
telephonesteve
  • Locked
  • Question
Line Redirection - Different lines redirected to different numbers?
Replies
2
Views
223
telephonesteve
telephonesteve
Robert Lafleur
  • Locked
  • Question
Toll fraud Norstar Flash. 3
Replies
6
Views
186
Nortel4Ever
Nortel4Ever
Stephen Smith
  • Locked
  • Question
Help Troubleshooting Nortel CICS Noise on all Phones - swap positions of trunk cards
Replies
2
Views
272
curlycord
curlycord

Part and Inventory Search

Sponsor

Back
Top