As some of you know, I was speaking at the Digium Asterisk World event, that took place in Miami a couple of weeks ago – as part of the IT Expo show (http://www.tmcnet.com/voip/conference/digium-asterisk-world/default.htm). During my presentation, I had showed the following slide:

ITexpo Slide

Well, apparently, I was slightly wrong – well, not all the way wrong. While the general term is that fraudsters don’t publish their success on the Internet, it would appear that we are now at the verge of seeing “Fraud Enabling Services”.

A recent post on the www.voip-info.org website had caught my attention this morning:

A “FAS Service” – since when did False Answer Supervision became a legitimate thing in telecoms? Ok, in order to elaborate on the matter, let’s first explain what “False Answer Supervision” actually is.

False Answer Supervision, or FAS, is generally facilitated within mobile networks – usually when dealing with SIM based gateways. The methodology is fairly simple: A call from the VoIP world is transferred to a SIM based cellular gateway, the SIM gateway then generates an outbound call from an installed SIM card on the SIM gateway. As there is a delay from the time the VoIP call was intercepted, till the mobile network generates the ring-back tone (the ringing beep-beep sound), the SIM gateway will answer the call on its own and generates a falsified ring-back tone.

Technically speaking, this sounds reasonable. The problem is that FAS creates a billing record, even for calls that weren’t answered at the remote mobile end. Which means: if your call was intercepted by a SIM gateway, there is a good chance you’ll be paying for the ringing of the call. In addition, if this is an international call – that can easily rack up fairly fast (depending on your destination).

So, the above news bulletin kind’a racked up into my: “CHECK THIS THING OUT MAN!” list. So, when you logon to their website, you are greeted with a very informative page, explaining what FAS is, how it works and how their service works. Their page actually explains why generating FAS is good for you and how you can make money from using their service:

So, this service takes people that have legitimate wholesale termination services or other telecoms services – and turns them into fraudsters.

FAS is not a “prerogative”, FAS is down right nasty – and in some countries even illegal. At the same time, I can create a system that would randomly answer calls, delay the outbound ring by 20 seconds, then start dialing out – cashing those 20 seconds into my pocket. Sure, you say 20 seconds isn’t much, but multiply that a 500,000 calls per month, and you have over 160,000 minutes of cash in your pocket – let’s imagine that these are mobile numbers in the UK, where the interconnect fee is around 0.05GBP – that’s a really COOL 10,000GBP – per month, every month – that’s practically stealing !

So, who are www.fasservice.net? Their website doesn’t say much about them. Even a short Whois query on Internic will generate the following response:

Registrant:
 Domains By Proxy, LLC

 Registered through: Go Daddy
 Domain Name: FASSERVICE.NET

 Domain servers in listed order:
 NS01.DOMAINCONTROL.COM
 NS02.DOMAINCONTROL.COM

So, their domain was registered via GoDaddy.Com and they had decided to hide who they are. How convenient!

There is no question about it, this service turns a simple wholesale/termination provider into a fraudster – use this service, and know that you are putting your hand into someone else’s pocket – for a service you didn’t deliver. And hope you don’t get called on it or the FCC (OFCOM, etc.) could shut you down.