SECURITY

Blacklist Aims to Block Telecom Fraud

R. Colin Johnson | Date: 06-28-11 | Comments

The hacking/phreaking culture lures the brilliant and best to waste their talents on cyber-attacks that thumb their noses at civil society, or worse, perpetrate outright theft, prompting the formation of a community blacklist to restore order.

While the bulk of the publicity on today's hacking/phreaking culture focuses on cyber-intrusions into online computers, a growing threat also comes from phreaking attacks on telecommunications systems where fraud not only inconveniences phone-system users, but also fleeces them financially. With technological solutions fighting a losing battle, "community blacklisting" emerges as a necessary evil.

This sheer volume of malware worldwide is slated to surpass the 51 percent mark by 2012. However, hacking is only the most recent manifestation of a security problem that began with phreaking attacks from the days of rotary-dial telephones. Popularized by a teenagers with code-names like Berkeley Blue (Steve Wozniak before he co-founded Apple Computer), phreaking enabled the forerunners of today's computer hackers to make free long-distance phone calls by breaking into telecommunications systems.

Phreaking started when a blind child with perfect pitch discovered that he could affect telecommunications systems by whistling the tones that triggered recording systems. Soon phreakers were commandeering these analog switched circuits by simulating the legacy rotary dials by quickly tapping on the switch hooks that held nearly all handsets before the deregulation of telecommunications. After an internal AT&T publication noted the intricacies of tone-based dialing, "blue boxes" and "black boxes" were constructed by phreakers to circumvent and penetrate telecommunications systems.

Participants were originally harmless pranksters, but today phreaking has degenerated into cyber-crime that costs businesses upwards of $80 billion each year, according to the Communications Fraud Control Association. While numerous vendors offer carrier-class fraud prevention, detection and analytics for modern telecommunications systems, the situation there is not much better than the degenerating security environment on the Internet.

As a result, telecom fraud prevention vendor Humbug Telecom Labs (Ramat Hasharon, Israel) proposed a crowd-sourced community blacklist that carriers, telecom vendors and individual PBXs can access and update to cut off known phreakers before they can perpetrate intrusions.

Humbug�s Community Blacklist, currently in public beta testing, already has over 55,000 known fraud perpetrator's telephone numbers in its database, and is designed to be updated by its membership. Carrier and business users can configure their voice networks and individual PBXes to provide alerts that cut off telephone calls from known abusers before new attempts at fraud can be perpetrated. Organizations that have been targeted by phreaking attacks are encouraged to email the originating number, along with details of the attack, to support@humbuglabs.org for investigation and possible inclusion on Humbug's Community Blacklist.