Minimizing Asterisk VOIP Fraud
This morning I read a warning email sent to me by my carrier. My account balance went over 80 USD. This was seemingly impossible as I did not make any international calls. However, when I did investigate, there were a lot of calls that was made out of my line. It went to countries like Somalia, Tunisia, and a host of middle eastern countries that I do not have any friends or acquaintances in.
It also seems that this wasn’t an isolated incident as others were victimized as well. This one came from: https://puck.nether.net/pipermail/voiceops/2010-November/001998.html
We had two customers get hit simultaneously last summer with almost the same thing. In both cases the customers entire DID ranges were hit by an auto dialer that basically iterated through and did password guessing attempts and then once it compromised a voicemail account it set a call forward to an international pay per minute informational line through the portal. The dialer would then call back in and initiate as many calls as allowed to the compromised DID, racking up as many charges as possible. We picked it up fairly quickly and so were able to minimize losses but the whole incident did lead to a gaggle of administrative and operational changes.
I would suggest that you do two things:
1. Route all outbound calls to countries you know you wouldn’t be making to a dead trunk
2. Capture all SIP authentication traffic to isolate the hackers
3. Put in Route Passwords to international callers.
On an asterisk box, login to the admin pages, select the outbound routes and create a ‘Blocked Routes’
Configure it with the route patterns for country codes that you wish to block. Put in a route password so that the system will prompt you for it when a call is made to those numbers.
Hope this helps.
Filed under: Computing