System Access Fraud

Continuing our occasional series on the different kinds of fraud that take place on mobile networks, Mark Yelland, an international expert on mobile fraud and revenue protection looks at System Access Fraud:

Most PABX systems have a means for the maintainer to dial into the system to perform remote diagnostics and system maintenance through dialling a number (often a freephone number) and entering a password.  This access is often referred to as the Direct Inward System Access port (DISA port).  This port gives total access to the system and allows outgoing calls to be made.

By chaining several of these hacked PABXs, and relying on the lack of co-operation across different telecommunications providers, the fraudster is able to hide.  Having access to an external line, the fraudster is then able to generate revenue by providing services at a cheaper rate than through the legitimate operators.

Although traditionally these frauds have been initiated by fixed line fraudsters, as calls to Freephone numbers from mobiles may be charged, with the advent of web sites which provide the translated number, these can now be access using mobiles with unlimited calls to fixed lines.

In addition, as convergent services are being developed, and the proliferation of ip-pbx systems, the fraudster first hacks the company website to gain access to the internal intranet network.  He then uses this to access the pbx and can initiate calls from the pbx.    Potentially, with the growth of smartphones and LTE equipment, the opportunity for the fraudster to attempt to hack the web address can be delivered from anywhere, and the service can be sold anywhere, simply breaking out in the local country.

From a mobile network operator’s perspective, the contract between the customer and the network usually specifies that the customer is liable for all calls originating from his equipment.  Theoretically, this means that the customer could be charged for all fraudulent traffic, but in practice there is usually an agreement reached whereby the network writes off part of the losses.

The key indicator for this type of fraud is traffic being generated outside normal parameters for this type of business, for example out-of-office calls, excessive number of destinations called, and so on.

The weakness being exploited is the failure of the customer to secure his equipment from external or internal threats by implementing a strong security policy.