Doing time on the telephone line.DOING TIME ON THE TELEPHONE LINE WHEN 13 PERSONS PLEADED guilty or were convicted last fall of marketing 1,500 stolen long-distance access codes, the estimated loss to the five victimized carriers was $19 million. Trials were held in Honolulu and 14 mainland cities, with sentences ranging from nine to 46 months in prison. The trial of the six remaining defendants in San Francisco San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden that began in December has not reached judgment. One carrier initiated civil action and received awards in the millions of dollars. While this case is the largest of its type in history, widespread annual theft of services Theft of services is the legal term for a crime which is committed when a person obtains valuable services — as opposed to goods — by deception, force, threat or other unlawful means, i.e., without lawfully compensating the provider of said services. has been plaguing the industry for 20 years, with new versions of crime cropping up as new defenses are introduced. "The first telecommunications fraud that we noticed consisted of college students wanting to call their families, or their girlfriends or boyfriends, so they started using credit card numbers they had gotten," says Joe Horvat, area manager of the risk management division of Southwestern Bell
Southwestern Bell Telephone, L.P. Telephone Company. "To make a call in those days, you had to go through an operator, who had no way to verify whether the simple code number that was used was valid." AT&T responded to the rapid growth of phone fraud in early 1971 by beefing up security. "We lost $50 million in Southwestern Bell's territory: Kansas, Missouri, Arkansas, Oklahoma, and Texas," says Horvat, who joined Southwestern Bell 23 years ago and has been in security since 1971. From 1970 to 1973, US telecommunications security investigators found themselves with work loads of 50 to 100 cases that ranged from losses of a few hundred dollars to $10,000. The Bell System hired former police officers, accountants, and technicians in an effort to blend a variety of useful skills on investigation teams. At first the plan was to deter abuse by aggresively prosecuting suspects and publicizing student arrests in campus newspapers. Military installations were also targeted. But even with improved credit card coding and other carrier precautions, abusers soon learned how to beat the safeguards. Along with credit card abuse, several other versions of telecommunications fraud emerged in the early 1970s. Third-number fraud and code calling, particularly popular with large, cross-country trucking firms, began. Drivers left free messages for their companies by giving operators a predetermined pre·de·ter·mine v. pre·de·ter·mined, pre·de·ter·min·ing, pre·de·ter·mines v.tr. 1. To determine, decide, or establish in advance: name or phrase. "The caller would ask the operator to place a collect call for a Fred P. Jones III," Horvat recalls. "The call would be refused, but the name was a code that let the company know a driver had a half load in Nashville en route to Kansas City Kansas City, two adjacent cities of the same name, one (1990 pop. 149,767), seat of Wyandotte co., NE Kansas (inc. 1859), the other (1990 pop. 435,146), Clay, Jackson, and Platte counties, NW Mo. (inc. 1850). . This would go on 24 hours a day, seven days a week, and the cost in AT&T operator time was incredible." Electronic fraud devices first appeared in the early 1960s and became widespread throughout the next decade, particularly in the early 1970s. It took a series of innovative technological developments by the Bell System to defeat them. The devices were named for the color of the first boxes seized but later could be found in any color. Blue boxes, perhaps the best known, allowed users to place free long-distance calls from any telephone. They had 13 to 15 buttons that simulated tones and contained a transmitter acoustically coupled to a telephone or wired to a telephone line. Blue boxes were defeated by a signal channeling enhancement that Bell had been developing for several years. Black boxes allowed long-distance calls to be received without being billed. If a user knew when a call was coming in, he or she flipped a toggle switch A device that opens and closes an electric circuit. It uses a lever that is moved back and forth; a light switch on the wall being a common example. Old computers often had rows of toggle switches on their consoles, making them look very formidable. on the box while the phone was ringing. The box did not allow enough current to return to the originating city to trip the billing computer. The computer thought the phone was still ringing when the long-distance call had actually been completed. The changeover from mechanical to electronic switching systems In telecommunications, an electronic switching system (ESS) is:
Red boxes simulated aural system tones that counted the coins deposited in a pay phone. Operators thought the correct amount had been received and connected the call. Red boxes were defeated by upgrading central office equipment so it required more precise tones--plus or minus 1 percent error. IN THE LATE 1970S, NEW COMPLICAtions began to appear. Computer modems were introduced, and a few hackers emerged with handles such as Captain Crunch 1. (person) Captain Crunch - ("Cap'n Crunch") An early 1970s hacker/phreaker/phacker who used a free whistle included with "Cap'n Crunch" breakfast cereal to fake pay phone system tones and make large quantities of free phone calls. Also alludes to "crunch". , Cheshire Cat Cheshire Cat imperturbable cat with perpetual grin. [Br. Lit.: Alice’s Adventures in Wonderland] See : Goodnaturedness , Catalyst, and Susan Thunder. With new technological developments, AT&T fraud investigators were able to identify and prosecute hackers. The divestiture of the Bell System in 1984 brought new entries to the telecommunications industry--mostly long-distance service providers. These new providers lacked the knowledge and defenses that 13 years of investigative experience and engineering development had given the Bell System. For example, some providers used authorization code An identification number or password that is used to gain access to a local or remote computer system. See authorization. numbers that consisted of only four to six digits. The codes could be figured out in a few minutes and passed around. By the mid-1980s, PCs were less expensive and could be equipped with autodialers. Also, many newcomers simply didn't know that running a telecommunications business inevitably involves certain losses, which many of them began experiencing right away. In 1985, common carriers rarely worked together to combat crime. Local exchange companies (LECs) were not equipped to offer low-cost investigative services, educational support, or billing analysis. Consumers suspecting phone fraud did not have a national number to call for help and could not share information. That spring, a few managers from the security departments of 15 long-distance and local telephone companies met in San Francisco and created the Communications Fraud Control Association (CFCA CFCA Chicago Film Critics Association CFCA Christian Foundation for Children and Aging CFCA Communications Fraud Control Association CFCA Central Florida Corvette Association CFCA California Fire Chiefs Association ), a nonprofit organization Nonprofit Organization An association that is given tax-free status. Donations to a non-profit organization are often tax deductible as well. Notes: Examples of non-profit organizations are charities, hospitals and schools. that has established itself as a national clearinghouse for telecommunications crime information. One fact is evident from CFCA's programs: widespread cooperation among injured parties gets results sooner and helps conserve vital company resources. Today's proliferation of desktop computers and accessories gives anyone who wants to make free long-distance calls more opportunities to steal. Fraudulent calls can now be made faster and in greater volume than ever before. Newer carriers have aggressively sought to minimize their vulnerabilities, much as AT&T did earlier, and they have largely succeeded. The result is that inventive, well-organized phone phreaks--those who try to steal codes to make free long-distance calls, as opposed to hackers, who try to access data bases to get information--are adopting new, potentially more devastating dev·as·tate tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates 1. To lay waste; destroy. 2. To overwhelm; confound; stun: was devastated by the rude remark. targets. Last October, an engineer for a Tennessee civil engineering firm with 350 employees discovered that criminals had used the company's private switch to place hundreds of long-distance calls. The switch, called a private branch exchange (PBX (Private Branch eXchange) An inhouse telephone switching system that interconnects telephone extensions to each other as well as to the outside telephone network (PSTN). ), directs incoming and outgoing calls and can connect company sales representatives calling from pay phones with domestic and foreign clients. The company was billed $3,000 for inbound 800 line use and $12,000 for calls to the Dominican Republic Dominican Republic (dəmĭn`ĭkən), republic (2005 est. pop. 8,950,000), 18,700 sq mi (48,442 sq km), West Indies, on the eastern two thirds of the island of Hispaniola. The capital and largest city is Santo Domingo. . "I was totally unaware that this could happen," the engineer said. The scenario is repeated over and over throughout the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. , as long-distance carriers are no longer the only victims of telecommunication services theft. Losers range from the Tennessee Valley Authority Tennessee Valley Authority (TVA), independent U.S. government corporate agency, created in 1933 by act of Congress; it is responsible for the integrated development of the Tennessee River basin. , with its 35,000 employees, which lost $65,000, to Philadelphia Newspapers Inc., owner of the Inquirer and Daily News, which lost $115,000 in one month last fall. The Denver Post and Christian Broadcasting Network The Christian Broadcasting Network, or CBN, is a Christian television broadcasting network in the United States. Its headquarters and main studios are in Virginia Beach, Virginia. CBN was founded by evangelist Pat Robertson in 1961. also recently lost big money to PBX abusers. A computer manufacturer based in the Netherlands but with offices across the United States lost $42,000 on its PBX in three weeks. One manufacturer had 43 PBXs compromised across the country, losing $700,000 in one weekend. Another's system was hit for $300,000 in one month. In an earlier case, New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of City's Department of Human Services lost $750,000. Department employees rigged the organization's switch to make more than 15,000 unauthorized calls to spots in the United States and 50 other countries, particularly Pakistan, Colombia, and the Dominican Republic. As Horvat summed it up, "If someone with a magic wand a wand used by a magician in performing feats of magic. See also: Magic could fix all the problems tomorrow, fraud would move to some other vulnerability we don't know Don't know (DK, DKed) "Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. about." Private switches with access codes of only six or seven digits will continue to be attacked. Abusers route long-distance calls overseas, quickly accumulating charges the systems owner has to pay. Many PBXs are not equipped to detect irregular activities or block fraudulent calls, making them especially vulnerable. If a system is equipped with a remote access feature used by sales representatives, intrusions by outsiders quickly become an expensive nightmare that worsens with each phone bill. This is true even if the only remote access is the maintenance port used by technicians to adjust and repair system software. Even if direct inward service access (DISA 1. (body) DISA - Defense Information Systems Agency. 2. (standard) DISA - Data Interchange Standards Association. ) and remote maintenance ports are protected by authorization or barrier codes, thieves can easily use a variety of tricks to break through defenses. Once they gain access to a system, phreaks usually sell authorization codes to persons most likely to make international calls: illegal aliens and drug traffickers. The sad part of this scam is that system owners are nearly always unaware of vulnerabilities. SOLUTIONS TO TELECOMMUNICAtions fraud include intelligent software, which is available to help PBX owners identify, screen, and block fraudulent calls. Simply adding digits to access codes is another precaution, because numbers with fewer than 10 digits cannot hold off today's intruders. A number of manufacturers have gone to 14 digit access codes. Some carriers send technical representatives to customers to reprogram re·pro·gram tr.v. re·pro·grammed or re·pro·gramed, re·pro·gram·ming or re·pro·gram·ing, re·pro·grams To program again. re systems, upgrade safeguards, and advise owners to shut their systems down at night and on weekends. Voice mail fraud is another threat. Criminals are easily defeating or by-passing security codes to take over the mailboxes of voice store-and-forward systems, or voice mail--the electronic bulletin boards of the future. Criminals then exchange lists of long-distance codes without the system owners' knowledge. Phone phreaks are not the only problem. Paying customers also use voice mail systems to commit a variety of crimes, such as coordinating international drug shipments and marketing bankcard numbers, long-distance access codes, and even prostitution. To protect voice mail systems, owners should assign each mailbox its own code and perhaps set up five- or six-digit passcodes in a tree system. Software is also available that terminates a call after three attempts have been made on the system and informs callers to try again when they have the correct number. Then it alerts owners that the attempts have been made. Just increasing access codes to six or eight digits decreases the probability of deciphering them to one in nine million. Adding as many digits as possible, say between 12 and 15, is ideal. South Dakota-based industry consultant Marc Tobias says voice mail distributors should load randomly generated data file lists of active mailboxes into newly installed systems. He also advises managers to limit the time mailboxes can go unused and to close surplus units. A new version of voice mail fraud could cause mailbox owners considerable grief. Last October 31, MCI (1) (Media Control Interface) A high-level programming interface from Microsoft and IBM for controlling multimedia devices. It provides commands and functions to open, play and close the device. (2) (Microwave Communications Inc. Senior Manager Jenny Grolemund discovered that systems equipped with a feature allowing callers to bypass the greeting message are especially vulnerable to intrusion. Two days later, CFCA's faxed news weekly Fraud Alert warned readers of the vulnerability. Bandits have also targeted cellular phone carriers, who first noticed in 1986 that fraud losses were rising faster than they had thought possible. Losses of hundreds of thousands of dollars surfaced in three Northeastern cities, then spread quickly to the South and West. Bandits--the thieves of the car phone industry--began exploiting two inherent weaknesses in roamer services when the system became operational in 1983. Roamer services are provided by cellular companies under reciprocal agreement Reciprocal agreement is an agreement between two U.S. states to allow members of the Bar association from each state to practice in the other. Thus, lawyers who wish to practice in two states do not have to take the bar examination in both states. and allow customers to travel from city to city and still use their car phones. Lists of network abusers, or negative switch files, were particularly vulnerable then, because they could hold only 1,000 numbers. Another problem was that switches that ran the independent service areas throughout the country could not link an owner's identifying number (NPA (1) (Numbering Plan Area) The Bellcore/Telcordia telephone area code system in use in the U.S., Canada, Alaska, Hawaii and islands in the Caribbean. See NPA code. (2) (Network Professional Association, San Diego, CA, www.npanet. NXXX) to the serial number embedded in a particular phone. In 1984, designers saw the need for more sophisticated protection against fraud and installed a few improvements. Electronic serial numbers (ESNs) were embedded in each car phone set, along with the user's mobile identification number (MIN Min (mĭn). 1 Chief river of Fujian prov., SE China, c.350 mi (560 km) long, rising in Wuyi shan and flowing SE to the South China Sea near Fuzhou; it receives several tributaries near Nanping. ). Both numbers are verified by the local switch and checked against the negative file each time a customer places a call. If anyone tries to alter the ESN (Electronic Serial Number) A unique identification number built into a cellphone for security purposes. , the mobile phone simply stops operating. Home carriers identified legitimate customers by first determining if the first seven digits, NPA NXXX, were valid. Next, they compared the ESN with the negative file to see if the set had been identified as a bandit bandit: see brigandage. . But if, for example, a customer of a Washington, DC, cellular company drives to New York City New York City: see New York, city. New York City City (pop., 2000: 8,008,278), southeastern New York, at the mouth of the Hudson River. The largest city in the U.S. , where the service of another provider may be used through reciprocal agreement, only one number can be validated. Roaming bandits can then more easily use cellular telephones illegally. Some customers became unwitting bandits by using their phones when another carrier was providing the service. Deliberately dishonest bandits used other people's phones and, because they knew valid numbers, could call free in other cities. They weren't discovered by the service provider until the bill arrived. More pernicious intruders altered the electronic serial numbers in a phone's RAM chip (Random Access Memory chip) A memory chip. See dynamic RAM, static RAM, RAM and memory. . Some even installed many numbers. To counter this fraud, cellular companies aged codes by taking them out of circulation if they went unused for a certain period of time. Even with more sophisticated bandits on the loose than ever before, however, several technical improvements have stymied most intruders. During the first six months of 1986, 21-digit validation systems that can verify ESNs and MINs were installed. Communication between the industry's two clearinghouses was improved, so the rate of successful verification is now at 98 percent. There are now 2.7 million valid cellular users in the United States. "Losses began dropping a year ago, and there has been even more of a reduction in the past six months," says Carolyn Schott, manager of roaming services for NewVector Group, US West's cellular carrier in Bellevue, WA. "It's funny, the bandits are more creative, but we're losing less money." Bruce Bangert, general manager of revenue assurance for PacTel Cellular in Irvine, CA, says fraud losses ran about 20 percent during the first six months of 1988. "Now, with bandits needing to be more knowledgeable of the technology, losses have dropped to about 2 percent." However, Tobias, an attorney and consultant specializing in pay phone security, tells anyone within earshot ear·shot n. The range within which sound can be heard by the unaided ear; hearing distance: listened until the parade was out of earshot. that customer-owned, coin-operated telephones (COCOTs) are readily being beaten, and that most Americans don't believe stealing from the phone company is a crime. "If you purchase one of these wonderful devices for $2,000 and install it outside your store, phone phreaks can simply walk up to it and make free calls," says Tobias. "It may be 45 days before you get the bill and shut it down. Under all US tariffs, the operator is liable for every call. Single phone losses of $25,000 in a month are no longer rare occurrences." Tobias was recently called to Fort Lauderdale Fort Lauderdale (lô`dərdāl), residential, commercial, and resort city (1990 pop. 149,377), seat of Broward co., SE Fla., on the Atlantic coast; settled around a fort built (c.1837) in the Seminole War, inc. 1911. , FL, to help a vendor who had lost $400,000 in calls to Egypt, Bolivia, and Pakistan on his COCOTs--all within three months. "Red boxes, defeated years ago by Bell Laboratory technology, have been replaced by high-tech ingenuity, often carried out by 14-year-old kids," he says. Other vulnerable devices include mobile phones, automatic teller machines, and private pay phone systems available on ships, trains, and airplanes. Over the next few years, the Years, The the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109] See : Time Integrated Services Digital Network Integrated services digital network (ISDN) A generic term referring to the integration of communications services transported over digital facilities such as wire pairs, coaxial cables, optical fibers, microwave radio, and satellites. (ISDN ISDN in full Integrated Services Digital Network Digital telecommunications network that operates over standard copper telephone wires or other media. ) will be gradually employed in fighting fraud. When fiber optics fiber optics, transmission of digitized messages or information by light pulses along hair-thin glass fibers. Each fiber is surrounded by a cladding having a high index of refractance so that the light is internally reflected and travels the length of the fiber are installed, ISDN uses a digital system to provide a message that includes originating and terminating numbers, the codes used for billing, and transmission protocol. "ISDN's vulnerabilities to fraud will really be unknown until it is employed," says Horvat. "And we won't know where the holes are ourselves until then." No one is immune to phone fraud. Modern life revolves around the use of the telephone, and it is more important than ever to keep abreast Verb 1. keep abreast - keep informed; "He kept up on his country's foreign policies" keep up, follow trace, follow - follow, discover, or ascertain the course of development of something; "We must follow closely the economic development is Cuba" ; "trace the of new forms of abuse and developments in fraud control. "Information must be shared," says CFCA President Marty Locker. "Today's abusers are well organized and have developed an efficient network to exchange information and share resources." Clearly, if telecommunications fraud losses are ever to be controlled, security professionals must continue to find ways to stay ahead of abusers. The key to staying ahead is sharing vital information. Langford Anderson is director of communications Director of Communications is a position in the private and public sectors. The Director of Communications is responsible for managing and directing an organization's internal and external communications. for the Communications Fraud Control Association in McLean, VA, and editor of Fraud Alert and The Communicator. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion