Ramat HaSharon, Israel – March 21, 2012 - Humbug Telecom Labs provider of carrier-class Telecom Threat Management including  fraud prevention, detection and telecom analytics for any size business, announced today that it has partnered with VoIPmonitor

“Telecom attacks are getting more sophisticated every day” says Boaz Bechar, VP of Business Development and cofounder at Humbug Telecom Labs. He continues, “The lack of visibility into call traffic means that enterprises usually only find out about attacks when they get their monthly bill. VoIPmonitor enables users of any VoIP PBX or SIP service to monitor and get alerts based on monitoring at the network layer without installation in the PBX.”

“Attacks on Telecom systems have become an everyday occurrence and unprotected phone networks become easy targets,” says Martin Vit, creator of VoIPmonitor. “By combining the monitoring capabilities of VoIPmonitor with the analysis and blocking features that Humbug Telecom offers companies a whole new set of tools to protect themselves.”

Nir Simionovich, Humbug Telecom Labs’ Chief Architect and cofounder, adds “Where Humbug is able to monitor and create alerts on more than 240 supported PBX models; the partnership with VoIPmonitor takes us one layer deeper into the network. This makes the Humbug Service available to more enterprises regardless of their PBX.”

The Humbug implementation of VoIPmonitor can be downloaded from the Humbug Telecom website by choosing your PBX brand at http://www.humbuglabs.org/index.php/index_c/compatibility

About Humbug Telecom Labs

Humbug Telecom Labs makes it affordable for any sized business to have carrier-class fraud prevention and detection, while providing powerful business intelligence which puts users in command of their telecom activity.  Humbug also offers free Visual Analytics to view telecom traffic in a real time, concise, readable Google Analytics-type format. No PBX report comes close. Customizable real time alerts can be configured by the user to track telecom traffic behavior and keep track of spending. Humbug is ideal for call centers, ITSPs (Internet Telephony Service Providers), organizations that sell by phone, businesses with significant telecom expenditures and any responsible organization cognizant of the global fraud epidemic. Humbug easily integrates with a host of popular open source and proprietary PBX systems . www.humbuglabs.org.

About VoIPmonitor

VoIPmonitor is open source live network packet sniffer VoIP monitoring software and call recorder for Linux or posix Unix which analyzes SIP and RTP protocol. It can run as daemon or analyzes already captured pcap files. For each detected VoIP call VoIPmonitor calculates statistics about loss, burstiness, latency and predicts MOS (Meaning Opinion Score) according to ITU-T G.107 E-model so operator centers can quickly decide which calls are bad. These statistics are saved to MySQL database and each call is saved as pcap dump and optionaly to audio WAV. Free VoIPmonitor can decode only G.711 codec. Commercial version can decode from G.729/G.723/GSM/Speex/iLBC. One of unique feature of VoIPmonitor is decoding phone calls which are changing codecs during call. Synchronisation is achieved with jitterbuffer simulator so every single file is properly synchronised. Web PHP application (it is not part of open source sniffer) filters data from database and graphs latency and loss distribution. VoIPmonitor also detects improperly terminated calls when BYE or OK was not seen. To accuratly transform latency to loss packets, VoIPmonitor simulates fixed and adaptive jitterbuffer. www.voipmonitor.org.

All trademarks are the properties of their respective owners.

###

PR Contact:

Eric Klein

Humbug Telecom Labs

IL Tel: +972-54-666-0933

US Tel: +1 518 249 1199

Eric@humbuglabs.org

This new collector enables companies running Asterisk version 1.4 (or later) to benefit from Humbug’s fraud blocking service. The blocking is currently available for the following alerts:

For Asterisk version 1.4 and up:

• Business Hours
• Time Range

For Asterisk versions 1.6 and up:

• Blacklist
• Community Blacklist
• Blacklist Country

We will be expanding to cover all our alerts in the near future. For more details about the features in the latest release please see our blog about it.

Essentially, when a call is made from the PBX, the humbug plug-in authenticates the call against the configured rules of these alerts, and if a deviation is found then it drops the call by sending a command to the Asterisk Manager Interface. In some cases the authentication is done locally (on the PBX) and in some cases it requires a HTTP connection to our server which is done in the background.

For the blocking you work you will need to make sure you are running the latest version of the humbug collector (version 0.8.0.0)

This is available for download from: http://secure.humbuglabs.org/downloads/humbug-collector-0.8.0-0.i386.rpm

If you are upgrading from the old plugin to the new one, please add the following listed in your configuration file (/etc/humbug/humbug.conf):

# Check community blacklist

community_blacklist = no/yes

# Do Hangup

action_hangup = no/yes

Guest Blog Post by Randy Resnick

It started with an alert from the mail queue, way too many returns. I went to look at what was going on and it became apparent that a mailing had been done on our dedicated server. I began collecting evidence. Here’s how:

1. Looking at the server logs, I saw the campaign going out via a php script. The server was tightly controlled by someone whose knowledge I respect. How could this be happening? Simple. It was an inside job, installed by the web agency designing the new sites at a very high cost to the customer.

2. I found the php script recently uploaded inside the web framework and the list of names. I inserted an anonymous email of mine to the list and waited until the next batch. Sure enough, the message was a spammy mailing going out to the list from another customer of the agency. In short, the agency was using the server of one customer to send another customer’s mailing! Why they did something this stupid has never been explained.

3. I spent most of a week gathering rock solid evidence, because there is a great ironic twist to this story. For the past several months, the web agency was “poisoning” our image, telling our customer of over 10 years that the server wasn’t powerful enough, that we weren’t cooperating with them, and several other completely fabricated lies.

When I had a file that clearly incriminated the agency, I presented it to the IT director of our customer. He took one look and knew that the agency’s house of cards had just crumbled.

We were lucky to see the mail queue fill up, but since that time, I have added cron jobs that do the following within areas controlled by third parties like the agency:

- look at file changes every few minutes and send me an alert when new files are uploaded

- look at all sftp logins

We also now use a separate dedicated server for email and that server is running fail2ban which I highly recommend on all servers.

The first thing you always need to consider when you are concerned with security is who has legitimate access to your server, whether they are agencies or VoIP clients. Traffic analysis is important, it’s how I found the agency fraud. Analysis and fraud detection is what Humbug Labs specializes in.

Humbug Labs Adds:

Keep in mind that when talking voice, this is just one type of insider resource fraud. There are several others like internal calls that are not part of your business (cleaning staff, employees, etc making long distance calls). To parallel the case in this blog, there are cases where your PBX can be turned into a telecom company for someone else’s financial benefit at your cost, this can be internal or the result of vendor misconduct (as in Randy’s example) or even hacking.

About Randy Resnick:

Randy is the creator and producer of the weekly VoIP & Tell conference call, where people have been meeting to talk about telephony, security and networks for the past 5 years. Humbug Labs is an active participant of the talks.

Check them out at http://vuc.me or http://voipandtell.us and please join them on the weekly call at 12 Noon Eastern time each Friday.

Image Source:  http://www.flickr.com/photos/55839122@N04/6043660600/

The most common password used by global businesses is “Password1″ because it satisfies the default Microsoft Active Directory complexity setting. Because it includes a capital letter, a number and the required number of characters to form a password.

We bring you other great password scenes:

Spaceballs

Pink Panther 2

The classic Horse Feathers

With that a reminder:

1. Change the all the passwords on  your servers from the default ones
2. When possible use pass phrases as they are harder to brute force hack
3. In spite of the new trend in sharing passwords, don’t share it to anyone that does not need it for legitimate work
4. Limit the number of unsuccessful attempts – it is recommended that after 3 unsuccessful attempts then access should be locked for at least an hour
5. Physical security is important; your server and PBX room should be locked when not attended

Your best defense is to proactively watch for offenses. Proactively monitor and understand your traffic, don’t wait until you get your phone bill to discover you have a problem. Use a ‘real time’ monitoring system that can alert you to suspicious activity like short repeat calls, traffic spikes, unusual call destinations, or changes in after-hours calling patterns.

Usually we look at telecom fraud and crime as a serious topic, so today we are taking it a little lighter. Here is a collection 8 of songs that include have something to do with it.

Subscription Fraud

Artist/group: Scarface

Song: Skrilla

Lyrics

The bill collectors, they ring my phone

Scam my wife when I’m not home

Video:

Artist/group: Osborne Brothers

Song: Rocky Top

Lyrics:

Wish that I was on ol’ Rocky Top

Down in the Tennessee hills

Aint’ no smoggy smoke on Rocky Top

Ain’t no telephone bills

Video:

The majority of songs actually include telephone tapping

Telephone Tapping

Artist/group: Talking Heads

Song:  Life in Wartime

Lyric:

We got computer, we’re tapping phone lines,

I know that ain’t allowed

Video:

Artist/group: Glenn Campbell

Song:  Wichita Lineman

Lyric:

I can hear you thru the whine

And the Wichita Lineman,

is still on the line.

Video:

Artist/group: Weird Al Yankovic

Song:  Party In The CIA

Lyrics:

tappin’ the phones like yeah, shreddin’ the files like yeah,

and then i rised all the enemy spies i’ve got to neutralize today

Video:

Artist/group: Bad Religion

Song:  Man With A Mission

Lyrics:

Now somebody out there must be

tapping my phone,

Cuz everybody knows

I’m a man with a mission,

Video:

Artist/group: Public Enemy

Song: Louder Than A Bomb

Lyrics:

And at home I got a call from Tony Rome

The FBI was tappin` my telephone

Video:

Artist/group: ?

Song: Santa Claus Is Tapping Your Phone

Lyrics:

Oh! You better watch out,

You better not cry,

You better not pout,

I’m telling you why,

Santa Claus is tapping your phone!

He’s buggin your room,

He’s reading your mail,

He’s keeping a file

And runnin a tail

Santa Claus is tapping your phone!

Video:

Can you think of any that we missed?

So, except for the fraud blocking that was announced in our Press release, a faster bigger & badder DB we’ve rolled out, and a completely rewritten user interface, you may wonder what’s new in this version…

1. Custom Reports – Select a report layout and drag-&-drop filters and widgets to create your own dashboards. We designed this to provide the ultimate flexibility in creating the graphs, tables and statistics that you need to keep track of. Lets just say, for example, you want to create a report keeping track of daily outbound duration vs ASR to France versus India, or perhaps you would like a report showing all calls made through a given trunk to Spain? The flexibility is all there, and you need only drop the relevant filters and watch the dashboard begin to populate with stats. Easily save this report for future reference, and pretty soon you’ll also be able to schedule it as a routine report delivered directly to your inbox.



2. Departments & Contacts – No longer do you need to have an address book handy to decipher who the top callers are. Instead, you may click any phone number and associate it with a contact name or department. Naturally, we’ve included department level reports which allow you visualise for example, how those inbound sales calls from USA compare to the inbound sales calls received from all other countries.
3. Real-time Feed – We’ve become very used to the idea of “feeds” as a form of viewing real-time streaming information, and now you can expect the same from your favourite telecom analytics platform. Our real-time newsfeed displays the latest inbound and outbound callers in a streaming newsfeed format, alongside a live running-tally of your hourly and daily peaks. We have a lot planned for this real-time section so stay tuned on this one.
4. Search – Simple yet powerful, the search box was added to enable users to search for any phone number, country, contact or PBX, and quickly gain a drill-down report on its usage. Need a quick look at your traffic to Brazil? Search it! Looking to check up on the sales department’s calls for this past month? Search “sales”, point, click, view report.
5. Mobile App – This feature probably deserves a blog-post on its own, but in short, Humbug’s Mobile Fleet Governance is soon coming to a mobile near you. Currently supports android devices, and available in beta, Humbug’s mobile application enables you to gain a holistic view of your organization’s traffic, from not only your fixed-infrastructure, but mobile fleet as well.
6. Back End – Its not easy crunching all this data, let alone generating reports in real-time. We wanted a flexible, customisable user experience, and that took us through quite a few challenges, for example: how do you calculate the top-10 callers for a given time period when the data set consists of millions of unique phone numbers and when the date range and resolution (hr/day/month) is customisable? Perhaps pre-prepare a leaderboard for all possible date combinations in all possible resolutions? Or perhaps sacrifice on the user experience and require the user to schedule a report and receive it via email later when its done? While these were some of the deliberations over the past months, i’m happy to say the solution we delivered chops up those CDR’s and spits out reports faster than you can say “shard, map, reduce”.

I guess I could go on all day about new stuff we’ve done, but why not check it out yourself? Signup and get up and running from zero-to-powerful-reporting-platform in 5 minutes.

Of course we’d be happy to receive any feedback: feedback@humbuglabs.org

Boaz

Humbug Telecom Labs was shortlisted under the Best Technology Innovation – Vendor Solution category.

Despite advancements in technology, telecom frauds continue to be a major source of revenue leakage for businesses and telecom operators alike. It’s believed that businesses worldwide face a loss of 3 – 9% in annual revenues through telecom frauds.  According to statistics published by the Communications Fraud Control Association (CFCA), telecom fraud costs businesses more than $40 billion each year.

How do various types of telecom frauds lead to revenue losses and leakages? Let’s take a closer look.

External Frauds

As the name suggests, these frauds are typically committed outside the network. Fraudsters and hackers can penetrate a telecom network to make unsolicited calls, remotely open/shut specific ports on telephony servers and even flood a business network with spurious calls. Fraudsters can use the network to make calls to premium numbers and use a business’s telephony infrastructure outside business hours and on holidays for personal monetary gains. External frauds are typically driven by a fraudster’s malicious intentions and greed and can be monetarily damaging for any business.

Internal Frauds

Such telecom frauds are usually initiated by insiders. Internal frauds typically include making unapproved configuration changes in any of the network elements, modifying the tariff configuration without an approval, and extracting/ manipulating information on MSC-IN-mediation-billing systems. Since such frauds often impact the billing, it’s crucial for a business to prevent them to minimize revenue leakages.

Non-Technical Frauds

Telecom frauds aren’t just limited to the network. Fraudsters often use fake subscriptions, caller IDs and unapproved forwarding to conduct telecom frauds. Such non-technical frauds are a menace for businesses as well as a major inconvenience for their customers. Since the fraudster’s objective is to cash in on loopholes in the subscription or the call forwarding process, these can often lead to charging discrepancies, thereby causing significant revenue leakage.

So, how do these telecom frauds cause revenue leakages?

• Direct monetary loss through fraudulent calls (internal and external)
• Poor resource utilization due to un-needed circuits
• Loss of customer confidence due to disruption in services
• Financial losses due to litigation and failure to meet contractual obligations

In response to these high cost fraud cases characterized by high volumes of preventable fraudulent calls, Humbug has launched the new Humbug Pro Protection service which will allow the end-user to configure their PBX to block calls to fraudulent destinations based on the following opt-in parameters:

• Community Black List: Over 70,000 certified fraudulent numbers.
• Premium Numbers Worldwide (in the USA these would include 1-900 numbers, for example).
• Specific Countries, Continents, Geographic Areas and Satellite and Mobile Phones.
• Specific numbers or ranges.
• By Business hours – the company configures its normal working hours and Humbug Pro Protect will block calls outside of those hours. .
• By Holiday – allows the company to configure which holidays (single day or range of days) they are closed (by calendar date).

Roger Collings, Managing Director of RDC Communications Ltd in the UK and a telecoms consultant specialising in business VoIP

ITexpo Slide

Well, apparently, I was slightly wrong – well, not all the way wrong. While the general term is that fraudsters don’t publish their success on the Internet, it would appear that we are now at the verge of seeing “Fraud Enabling Services”.

A recent post on the www.voip-info.org website had caught my attention this morning:

A “FAS Service” – since when did False Answer Supervision became a legitimate thing in telecoms? Ok, in order to elaborate on the matter, let’s first explain what “False Answer Supervision” actually is.

False Answer Supervision, or FAS, is generally facilitated within mobile networks – usually when dealing with SIM based gateways. The methodology is fairly simple: A call from the VoIP world is transferred to a SIM based cellular gateway, the SIM gateway then generates an outbound call from an installed SIM card on the SIM gateway. As there is a delay from the time the VoIP call was intercepted, till the mobile network generates the ring-back tone (the ringing beep-beep sound), the SIM gateway will answer the call on its own and generates a falsified ring-back tone.

Technically speaking, this sounds reasonable. The problem is that FAS creates a billing record, even for calls that weren’t answered at the remote mobile end. Which means: if your call was intercepted by a SIM gateway, there is a good chance you’ll be paying for the ringing of the call. In addition, if this is an international call – that can easily rack up fairly fast (depending on your destination).

So, the above news bulletin kind’a racked up into my: “CHECK THIS THING OUT MAN!” list. So, when you logon to their website, you are greeted with a very informative page, explaining what FAS is, how it works and how their service works. Their page actually explains why generating FAS is good for you and how you can make money from using their service:

So, this service takes people that have legitimate wholesale termination services or other telecoms services – and turns them into fraudsters.

FAS is not a “prerogative”, FAS is down right nasty – and in some countries even illegal. At the same time, I can create a system that would randomly answer calls, delay the outbound ring by 20 seconds, then start dialing out – cashing those 20 seconds into my pocket. Sure, you say 20 seconds isn’t much, but multiply that a 500,000 calls per month, and you have over 160,000 minutes of cash in your pocket – let’s imagine that these are mobile numbers in the UK, where the interconnect fee is around 0.05GBP – that’s a really COOL 10,000GBP – per month, every month – that’s practically stealing !

So, who are www.fasservice.net? Their website doesn’t say much about them. Even a short Whois query on Internic will generate the following response:

Registrant:
 Domains By Proxy, LLC

 Registered through: Go Daddy
 Domain Name: FASSERVICE.NET

 Domain servers in listed order:
 NS01.DOMAINCONTROL.COM
 NS02.DOMAINCONTROL.COM

So, their domain was registered via GoDaddy.Com and they had decided to hide who they are. How convenient!

There is no question about it, this service turns a simple wholesale/termination provider into a fraudster – use this service, and know that you are putting your hand into someone else’s pocket – for a service you didn’t deliver. And hope you don’t get called on it or the FCC (OFCOM, etc.) could shut you down.

Martin Vilaboy, in his recent article “Dipping into BIG DATA’, indicated some information regarding the usage of BIG DATA in various corporations. The information was provided by the Aberdeen Group. Let us examine the below table:

Key Performance Enhancements Provided by Data Analytics

Top Inhibitors to Efficient Data Management

* Data provided by Aberdeen Group, survey of business decision makers

While our primary usage for this data is fraud analysis, a business which relies primarily on its phone system can benefit immensely from the distillation of the raw data accumulated in its Humbug account. In order to evaluate the possibility, let us describe a case for an office furniture manufacturer.

Office furniture manufacturer usually work via distributors, these then distribute to the various resellers – while at the end of the day, the support and customer care is performed by the manufacturer himself. So, our manufacturer has 5 distinct distributors in the US, while each distributor has around 20 different reselling outlets – with some overlapping between the reselling outlets.

Now, our manufacturer receives around 30,000 calls to its support team on a monthly basis. Calls are coming in from various area codes in the US, with no specific overlapping with the various resellers and distributors. Most manufacturers won’t allocate many resources for analyzing the call data via a call center platform, or even extract the information from their PBX system, however, utilizing a tool like Humbug – they can now tap into that rich data, to provide them an insight as to where their REAL CUSTOMERS are located. Now, having obtained that information using the various call records and Origination reports in the Humbug analytical suite, our manufacturer can now ascertain whether a specific region in the US requires specific handling, or if a distributor/resellers isn’t doing their job right.

The above shows that companies that will gain access to their call records, can synthesize the information into a business readable form – thus utilizing it. The Humbug analytical service does most of the work on its own, thus, allowing you to gain immediate access to the synthesized data, in a humanly readable form. No more need to import the data into various customized spread sheets and special reports – just logon and issue a customer report according to your requirements.