Printer Friendly

Toll fraud, when will the bell toll for thee?

TOLL FRAUD HAS BECOME THE modern scourge of user-owned telecommunications systems, reaching epidemic proportions in early 1993. Estimates from my own company, Telecommunications Advisors, Inc. (TAI), are that more than 35,000 users will be victimized in 1993 by highly sophisticated hackers and professional thieves.

Toll fraud is the unauthorized theft of long-distance services by an unrelated third party. This differentiates true toll fraud from other problems, such as telabuse. Telabuse is fraud, waste, and abuse committed by insiders, including management, staff, and employees of users, as well as their family and friends.

Following deregulation and divestiture, most users began to own their telecommunications equipment. Virtually all of this equipment physically resides on the user's premises and is customer premise equipment (CPE). The recent phenomenon of CPE owned by users has created many benefits. The dark side of these developments is toll fraud.

With user ownership of telecommunications equipment becoming the norm, a dramatic change occurred. The users became liable for all long-distance charges resulting from calls going through their equipment, whether authorized or not. The tariffs of each of the long-distance carriers explicitly provide that users are liable for all such charges, and the courts have uniformly upheld these onerous provisions.

The end result: Users sustained losses estimated at $2.5 billion in 1992. These losses related to long-distance calls (mostly international), which neither the companies nor their staff authorized or knew about.

Cellular companies are particularly vulnerable, as the criminal element has perfected methods of cloning good numbers. Cellular fraud alone exceeded $600 million last year. The bottom line: Toll fraud in all forms resulted in charges and losses that exceeded $4 billion in 1992, of which approximately $2.5 billion related to users.

Organized criminal gangs are now responsible for the majority of all toll fraud. The gangs are run by extremely sophisticated individuals with advanced technical expertise. Through the use of computers, modems, and sophisticated equipment, such as speed dialers, they can crack barrier codes and personal identification numbers (PINs) in virtually any equipment in relatively short order.

Hacking and craking codes is not the only way to penetrate equipment and steal long-distance service. Technicians, installers, and back office personnel employed by dealers, installers, and local telephone companies are frequently bribed by criminals to share customer information, including numbers and codes.

Business victims, who often do not even know what toll fraud is, become understandably irate when they receive a phone bill containing charges of several hundred thousand dollars for unauthorized international long-distance service. Feelings reach a fever pitch when the business is later informed by the long-distance carrier that it must pay the bill in full. Each party starts to assign blame to the other.

Manufacturers of CPE, such as voice mail systems, PBXs, call diverters, and switches, have added user-friendly features, allowing remote access and the ability to obtain dial tones from off premises without security engineering. Vendors and manufacturers have generally failed, until recently, to inform users of the risks and how to protect the equipment.

Long-distance carriers have been slow to recognize the necessity of warning users or working with them to detect illegal activity through monitoring or to prevent problems by adding protective features to systems and services. Users themselves have often failed to understand their own equipment, to use known security steps, and to monitor usage.

The local telephone companies--local exchange carriers (LECs) and regional Bell operating companies (RBOCs)--have generally avoided becoming involved, refusing to recognize that they can assist their customers through blocking, monitoring switches, and informing and educating users.

Until recently, user manuals that came with equipment failed to warn users of risks and security steps that should be taken. Rather than coordinating efforts, each involved segment tends to point a finger at the others. The result is that the system is abused.

Even where industry efforts are made, it is difficult for these defenses to keep pace with the rapidly changing methods of hackers. As vulnerable points in CPE systems are better protected, criminals find other ways to penetrate systems and steal long-distance service. At the moment, the two weakest links in user-owned CPEs are remote ports and voice mail systems.

Virtually all of the most sophisticated CPEs installed in the United States have built-in remote ports. These are back doors into the equipment that allow vendors and technicians access through long distance to upgrade software, run tests, and perform repairs. A technician employed by a manufacturer in Houston, for example, can dial in to a user system in Detroit. While useful, this method of connecting can be used by thieves to enter the equipment from a remote site. Once this is done, the criminal can then manipulate the system to allow unlimited long-distance service throughout the world.

Hundreds of thousands of voice mail systems have been installed throughout the country. Most can be easily manipulated by the techno bandits who can then obtain a dial tone and call anywhere in the world.

TAI estimates that nearly 60 percent of all toll fraud losses in early 1993 related to penetration and misuse of voice mail systems and remote maintenance administration and traffic systems (RMATS) ports. These are the favored attack points of the criminal element.

Users must more effectively manage and protect their telecommunications equipment from outside penetration and significant loss. While all segments can and must do more, users should take the following preventive steps:

* Ensure that each voice mail system is a closed loop, blocking or eliminating any features that would allow dial through. If manuals and bulletins from the vendors do not adequately explain how this can be accomplished, users should work with vendors and demand cooperation from them.

* Block or eliminate the ability of outsiders to penetrate equipment through RMATS ports, which are often referred to as maintenance ports. Users should require vendors wishing to access equipment to interact with the system administrator or allow access only through a manual connect and disconnect procedure. Another approach would be to allow access only through a smart modem or temporary access codes issued by the system administrator.

* Deactivate or block remote direct inward systems access (DISA) to CPE. If the business is unable or unwilling to do so, authorization codes for DISA should be changed often and should contain at least fifteen digits.

* Block all international calls if the business does not routinely require the ability to dial international calls directly. At a minimum, the user should block the ability to dial direct to known toll fraud regions where most of the fraudulent calls are directed.

* Instruct the local telephone company and long-distance carrier that calls to all of the same regions should be blocked by them, setting forth instructions in writing and preserving copies.

* Block the ability to make informal calls within the CPE.

* Delete DISA authorizations for employees who have left the company or no longer need that service.

* Monitor PBXs and switches as well as voice mail systems on a daily basis for suspicious call patterns.

* Disconnect extensions no longer in use.

* Program the software within the systems or work with vendors to do so to lock out callers after they exceed a predefined number of failed attempts to use codes.

* Regularly remove unassigned and unused mailboxes on voice mail systems and modify the software to terminate access to such systems after a third invalid PIN attempt. Ensure that the system administrator is the only person who can change or create PINs. Monitor mailboxes frequently to detect and eliminate outsiders who might have become "squatters" in unused mailboxes.

Although this list appears foreboding, most of these steps can be taken with relative ease. If a user is unsure how to implement these procedures, the company can work with vendor and carrier representatives.

In 1992, the major long-distance carriers began responding to developing concerns about toll fraud losses and liability by offering various protection programs. Significant changes and variations will be announced this year.

Sprint was the first of the major carriers to announce a program, called SprintGuard. For a fee, with a $25,000 deductible, Sprint will assume toll fraud losses up to 1 million dollars with certain exceptions and exclusions. To qualify, the user must exclusively use Sprint and generate a minimum of $30,000 each month in long-distance charges.

AT&T announced its program during the summer of 1992. Called Net-Protect, it provides three options. The first is Basic, and is available to all AT&T customers at no charge. The carrier promises to monitor its network for unusual traffic and spikes in usage. The company will attempt to contact customers who appear to be victimized by toll fraud, but it provides no guarantees.

Under its Advanced plan, AT&T will cap user liability at $25,000 (a deductible) and protect the user against losses up to 1 million dollars. The program carries a fee, and the requirements state that the user adopt and implement various protective steps with its own equipment. A Premium option has no user liability for toll fraud, but the fee is considerably greater, several exceptions and exclusions exist, and the user must take significant preventive steps to protect its own equipment.

As of early January, MCI had not yet announced its formal toll fraud program, but it is expected to do so in early 1993. MCI will discount toll fraud billings to users experiencing a problem for the first time, waving the charges for 30 percent of the bill. It is also expanding its Affiliate Program, working with hardware and software vendors who have developed toll fraud solutions for its subscribers.

Liability carriers began to offer commercial insurance in 1992. Travelers, National Union, and AIG each offer toll fraud policies or riders to existing commercial policies that cover toll fraud with deductibles and additional premiums. Other commercial insurance companies are expected to follow suit in 1993. The coverage is limited and expensive. It is generally available at a reduced premium if the user has other commercial insurance coverage through the same concern. Users should check with their commercial insurance broker for competitive quotes.

The bottom line is that users should do everything possible to protect their own equipment and insulate themselves from loss. Prevention is one key. Education is another. Telecommunications equipment must be viewed as highly vulnerable to hackers and long-distance thieves. Every user must take significant preventive steps to protect, monitor, and manage its own equipment.

John J. Haugh is chairman of Telecommunications Advisors, Inc., in Portland, Oregon. He is the principal author and editor of Toll Fraud and Telabuse. He is also the editor of a new national newsletter, Telecom and Computer Security Review.
COPYRIGHT 1993 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1993 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Safe Communications in the 1990s
Author:Haugh, John J.
Publication:Security Management
Date:Mar 1, 1993
Previous Article:Anatomy of a redesign.
Next Article:The importance of IDS inspection.

Related Articles
Toll fraud becomes top priority of associations.
Disconnecting phone fraud.
Who ya gonna call? Holiday Fair's 'tail' on voice mail hackers.
New year promises more excitement for telecomm.
Toll fraud: multimillion-dollar telecomm problem.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters