Keeping PBX fraudsters at bay
By Sam Varghese Monday, 07 November 2011 09:25
Business IT - Security
With phone-hacking very much in the news, a small company in Israel has probably chosen the right time to announce that its software, which can analyse and detect fraudulent activity on PBXs, can now work with 200 PBX models.
Humbug Telecom Labs chief technical architect Nir Simionovich said the inter-operation was made possible through a plug-in from another company, AGG Software, that makes software used for snooping.
He said that Humbug's software made it possible for small companies to have proper protection against a type of fraud that was once thought to only affect much bigger outfits.
Humbug vice-president for sales and marketing, Eric Klein, said three kinds of fraud could be perpetrated through PBXs - subscription fraud, voicemail hacking, and premium rate service fraud. Eric Klein Humbug's software is part open source and part proprietary. "Humbug releases its collection agent for Asterisk and other open source PBX variants under a GPL licence, which means its fully open sourced," said Klein.
Asterisk is free software that transforms a computer into a communication server.
"In the same manner, Humbug makes its data collector API available to the public. Thus, anyone can connect to it utilising their platforms and developments."
Klein said the Humbug software provided three distinct methods of interconnecting with its engine - an open-source, GPL-licensed, agent service for Asterisk-based systems; an open web-based API, utilising HTTP or HTTPS; and a closed source agent, provided by AGG software, capable of allowing legacy PBX systems to connect as well.
"For PBXs that can support it, either of the collectors can be installed on the PBX as an agent," he said. "For legacy systems AGG provides a serial port plug that is connected to an external server that acts to collect and transmit the CDRs (call detail records) to Humbug."
The PBX creates the call details (including call set-up, completion codes, status codes, etc.). "This is taken by the collector and sent to the Humbug service for analysis. This analysis includes running the CDR through a set of filters to see if it triggers one of the alerts. These alerts include a blacklist of more than 70,000 known numbers that are used for fraudulent activities, customer defined black/white lists based on location, or time of day/day of week."
Simionovich said if an alert was triggered, the service would send an email or SMS (text) message to the customer-designated administrator for action.
"In the next release the Humbug Fraud Protection service (part of Humbug Pro) will send a message to Asterisk-based PBXs on call set-up to not allow the call to be initiated if it is to one of the 70,000+ blacklisted numbers. This service will be expanded during future releases to include a customer-specified list of prohibited countries and then time of day/day of week. These customer set prohibitions will allow a white list for specific extensions or numbers based on the user's business case."
The AGG plug-in is either connected via a serial port adapter, collecting from the PBX and passing on to an external server, or as software installed as an agent on the PBX, that then sends the call detail records to Humbug.
Simionovich admitted that at present, since a warning occurred during the commission of a fraud, the party which was trying to commit the fraud did benefit to some extent.
"Currently, Humbug is only sending notifications to prevent additional fraud attacks; thus, one attack gets through and the fraudster does get the benefit of that one call. The number of calls that get through is limited by the administrator not Humbug," he said.
Klein said this would change with the next release. "On systems that support it we will be able to stop outbound calls as they are initiated, thus preventing even this first call from benefiting the fraudster," he added.
***** Moderator's Note *****I'm a bit puzzled here: I thought that phone rates had decreased to the point that fraud wasn't a problem. Is it still an issue in overseas traffic?
Bill Horne Moderator