Exploring fraud in telephony networks
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 165 | |
| Autor | ||
| Lizenz | CC-Namensnennung 4.0 International: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/39272 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
| |
| Schlagwörter |
35C3 Refreshing Memories104 / 165
2
5
6
7
8
9
10
11
12
13
15
16
17
22
26
29
30
31
33
37
38
39
40
44
45
48
49
53
54
55
57
59
60
62
65
66
69
70
72
73
74
77
80
82
83
84
85
86
87
89
92
94
100
104
105
106
107
108
111
113
114
115
116
117
119
121
122
123
124
127
132
133
136
139
141
143
144
145
146
148
149
150
154
155
156
157
158
159
160
161
162
163
164
165
00:00
Formation <Mathematik>BitRechnernetzComputeranimation
00:57
HalbleiterspeicherNotepad-ComputerComputersicherheitRelativitätsprinzipGüte der AnpassungRechter WinkelCASE <Informatik>ComputersicherheitPhysikalisches SystemNotepad-ComputerQuellcodeMaschinenschreibent-TestTwitter <Softwareplattform>NetzwerktopologieNummerungVorlesung/KonferenzComputeranimation
02:07
HalbleiterspeicherGravitationsgesetzDatennetzMechanismus-Design-TheorieSystemaufrufTypentheorieComputersicherheitNichtlinearer OperatorNummerungMultiplikationsoperatorEinfach zusammenhängender RaumDatennetzSystemaufrufSocial Engineering <Sicherheit>sinc-FunktionVorlesung/KonferenzBesprechung/InterviewComputeranimation
03:05
VolumenUnternehmensarchitekturDienst <Informatik>DatennetzMechanismus-Design-TheorieSystemaufrufNichtlinearer OperatorHill-DifferentialgleichungAnalogieschlussSISPMobiles InternetInternettelefoniesinc-FunktionKartesische KoordinatenOrdnung <Mathematik>Nichtlinearer OperatorGeradeAnalogieschlussRuhmasseRechter WinkelEinfach zusammenhängender RaumDifferenteVerschlingungDrahtloses lokales NetzSystemaufrufGruppenoperationDatennetzInteraktives FernsehenProdukt <Mathematik>ComputeranimationBesprechung/Interview
04:25
Nichtlinearer OperatorAnalogieschlussMobiles InternetSISPCorporate NetworkNummerungDrahtloses lokales NetzPay-TVOvalGruppenoperationDatennetzRandomisierungEinfach zusammenhängender RaumNichtlinearer OperatorPhysikalisches SystemBitAuswahlaxiomRechter WinkelNeuroinformatikGraphfärbungKartesische KoordinatenTermInternettelefonieComputeranimationFlussdiagramm
05:35
AnalogieschlussNichtlinearer OperatorDrahtloses lokales NetzSISPBitrateNummerungUnternehmensarchitekturPay-TVSimulationBitMobiles InternetOvalDatennetzSystemaufrufSchnitt <Mathematik>CAMCASE <Informatik>BitNummerungSimulationPlastikkarteNichtlinearer OperatorPay-TVGeradeQuaderDatennetzViereckFlussdiagrammComputeranimationTechnische Zeichnung
06:31
Drahtloses lokales NetzAnalogieschlussSISPUnternehmensarchitekturSystemaufrufMobiles InternetNichtlinearer OperatorBitrateNummerungPay-TVOvalCorporate NetworkDatennetzFinite-Elemente-MethodeSondierungEinfügungsdämpfungBitRobotikRechnernetzSystemaufrufBeobachtungsstudieTermNummerungGüte der AnpassungPhysikalischer EffektResultanteRechter WinkelFlussdiagrammComputeranimation
07:30
GeradeSondierungEinfügungsdämpfungNichtlinearer OperatorSimulationAuthentifikationTeilbarkeitSoundverarbeitungComputersicherheitInformationPhysikalisches SystemDienst <Informatik>t-TestPasswortMessage-PassingRechter WinkelCASE <Informatik>NummerungTransaktionAuthentifikationPlastikkarteSimulationMereologieComputeranimation
08:30
MereologieNumerische TaxonomieNummerungPhysikalisches SystemWurzel <Mathematik>DifferenteSoftwareschwachstelleNummerungWurzel <Mathematik>MultiplikationsoperatorPhysikalisches SystemBitFaltung <Mathematik>Rechter WinkelComputeranimation
09:28
SystemaufrufDienst <Informatik>BitratePay-TVNummerungSocial Engineering <Sicherheit>AuthentifikationComputersicherheitBitSystemaufrufMultiplikationsoperatorRechter WinkelMessage-PassingSoftwareschwachstelleNummerungGemeinsamer SpeicherNumerische TaxonomieEinfacher RingPhysikalisches SystemRechnernetzPay-TVSchreib-Lese-KopfPrimzahlBitrateAuthentifikationComputeranimation
10:44
NummerungVarietät <Mathematik>SteuerwerkDienst <Informatik>SystemprogrammierungProtokoll <Datenverarbeitungssystem>Numerische TaxonomieAusdruck <Logik>SimulationDatennetzDatenmissbrauchMIDI <Musikelektronik>Euler-WinkelZellulares neuronales NetzMagnetooptischer SpeicherInklusion <Mathematik>SystemaufrufRegulärer GraphBitrateSoftwareschwachstelleKlasse <Mathematik>DifferenteBitGemeinsamer SpeicherThreadSchreib-Lese-KopfFigurierte ZahlMereologieSystemaufrufNormalvektorGruppenoperationNichtlinearer OperatorGrenzschichtablösungEinfach zusammenhängender RaumBitrateComputeranimationVorlesung/Konferenz
11:56
BitrateRegulärer GraphSystemaufrufHackerZellularer AutomatMobiles InternetDifferenteRoutingNabel <Mathematik>Nichtlinearer OperatorPlastikkarteEntscheidungstheorieSystemaufrufPhysikalisches SystemGruppenoperationDatenfeldMereologieRadikal <Mathematik>AggregatzustandCASE <Informatik>Mobiles InternetMalwareMultiplikationGemeinsamer SpeicherComputeranimation
13:01
SystemaufrufHackerSimulationPlastikkarteMalwareMobiles InternetService providerPay-TVBitrateNummerungBitrateGemeinsamer SpeicherPay-TVSystemaufrufService providerPerspektiveMereologieDienst <Informatik>Nichtlinearer OperatorNummerungCASE <Informatik>Web SiteComputeranimationFlussdiagramm
13:50
Pay-TVNummerungBitrateRadikal <Mathematik>StandardabweichungTransitionssystemMehrrechnersystemHill-DifferentialgleichungSystemaufrufWeb-SeiteSpywareFreewareSystemaufrufDifferenteNummerungGrenzschichtablösungInstantiierungInterface <Schaltung>SoftwaretestSpywareService providerComputeranimation
14:41
CAN-BusService providerPay-TVWeb-SeiteSpywareNummerungSoftwaretestDefaultSISPMobiles InternetInterface <Schaltung>SystemaufrufInterface <Schaltung>GrenzschichtablösungSoftwaretestHypermediaWeb SiteDifferenteSpywareNummerungSystemaufrufEchtzeitsystemFacebookPhysikalisches SystemTwitter <Softwareplattform>Reelle ZahlPortal <Internet>Computeranimation
15:33
Nichtlinearer OperatorPortal <Internet>SoftwaretestNummerungÄhnlichkeitsgeometrieSpannweite <Stochastik>Service providerSoftwaretestTotal <Mathematik>Portal <Internet>SystemaufrufNummerungDatensatzMereologieSpannweite <Stochastik>ÄhnlichkeitsgeometrieSpywareGrenzschichtablösungInterface <Schaltung>Computeranimation
17:04
ZahlzeichenMobiles InternetPay-TVSoftwaretestNummerungMinkowski-MetrikDezimalzahlLipschitz-StetigkeitService providerAnalysisBitGanze ZahlMinkowski-MetrikDigitalisierungSpannweite <Stochastik>NummerungMittelwertLuenberger-BeobachterService providerRegulator <Mathematik>EinsMobiles InternetMultiplikationSkalarproduktGeradeSoftwaretestMultiplikationsoperatorBetriebsmittelverwaltungDifferenteStatistikTypentheorieKartesische KoordinatenAggregatzustandNichtlinearer OperatorComputeranimation
20:22
Service providerZahlzeichenNummerungVollständigkeitNichtlinearer OperatorSystemaufrufTelekommunikationPerspektiveQuellcodeVolumenDatenmodellClientPhysikalisches SystemSpannweite <Stochastik>NummerungService providerTelekommunikationQuellcodeDatenloggerLuenberger-BeobachterNichtlinearer OperatorSpezifisches VolumenSichtenkonzeptDatensatzPerspektiveSystemaufrufRuhmasseInformationComputeranimation
21:11
Nichtlinearer OperatorTelekommunikationPerspektiveSystemaufrufVolumenNummerungQuellcodeDatenmodellClientPhysikalisches SystemWeg <Topologie>NummerungClientDifferenteNichtlinearer OperatorCall CenterSystemaufrufQuellcodePhysikalischer EffektSoftwaretestWeg <Topologie>Service providerEchtzeitsystemFraunhofer-Institut für Physikalische MeßtechnikComputeranimation
21:58
SystemaufrufWeg <Topologie>NummerungInformationQuellcodeMultiplikationsoperatorNummerungOrtsoperatorSystemaufrufSoftwaretestDifferenteLikelihood-FunktionInstantiierungQuellcodeLoginNormalvektorDatensatzAbstandStatistikZweiComputeranimation
23:05
AlgorithmusWald <Graphentheorie>ZufallszahlenSystemaufrufNichtlinearer OperatorQuellcodeNotepad-ComputerNummerungSimulationPlastikkarteLeistungsbewertungHalbleiterspeicherZahlzeichenVorzeichen <Mathematik>BitrateSystemaufrufDifferenteRandomisierungCASE <Informatik>Wald <Graphentheorie>AlgorithmusSimulationPhysikalisches SystemSchnittmengeNichtlinearer OperatorDatennetzPlastikkarteTotal <Mathematik>ResultanteOrtsoperatorSoftwaretestNummerungMultiplikationsoperatorCall CenterForcingTermComputeranimationVorlesung/Konferenz
24:10
COMEuler-WinkelDiskrete-Elemente-MethodeLokales MinimumProxy ServerMIDI <Musikelektronik>Konvexe HülleSimulationArithmetisches MittelNummerungMereologieHalbleiterspeicherDienst <Informatik>Nichtlinearer OperatorSpieltheorieBrennen <Datenverarbeitung>Proxy ServerBildschirmmaskeRechter WinkelOffene MengeDatenflussRoutingQuaderSimulationGlobale OptimierungSystemaufrufBeobachtungsstudieNichtlinearer OperatorMultiplikationBildschirmsymbolDatennetzKartesische KoordinatenDienst <Informatik>Quick-SortTelekommunikationInteraktives FernsehenSpieltheoriePhysikalisches SystemMixed RealityKlasse <Mathematik>CodeServerFormation <Mathematik>Prozess <Informatik>SpeicherabzugHoaxComputeranimationVorlesung/KonferenzBesprechung/Interview
25:42
Dienst <Informatik>Nichtlinearer OperatorSpieltheorieProxy ServerSystemaufrufNummerungFormation <Mathematik>Dienst <Informatik>NeuroinformatikProxy ServerSystemaufrufCodeNichtlinearer OperatorGemeinsamer SpeicherSmartphoneKartesische KoordinatenGruppenoperationCASE <Informatik>Vorlesung/KonferenzComputeranimation
26:48
Nichtlinearer OperatorProxy ServerSystemaufrufKartesische KoordinatenRoutingNummerungNichtlinearer OperatorNormalvektorDienst <Informatik>Rechter WinkelGruppenoperationInterface <Schaltung>SystemaufrufService providerTelekommunikationGemeinsamer SpeicherDatennetzSimulationPlastikkarteComputeranimation
27:43
Pay-TVProxy ServerNichtlinearer OperatorSystemaufrufDienst <Informatik>Cloud ComputingDatennetzVektorpotenzialPay-TVNichtlinearer OperatorInternettelefonieSystemaufrufDienstgüteGruppenoperationMereologieDienst <Informatik>SpeicherabzugVerkehrsinformationRechter WinkelZweiGraphfärbungComputeranimation
28:37
SystemaufrufProxy ServerNichtlinearer OperatorEinflussgrößeSystemplattformSoftwaretestHumanoider RoboterVIC 20SimulationPlastikkarteWeb logNummernsystemPlastikkarteSimulationSystemaufrufNichtlinearer OperatorEinflussgrößeDatensatzSoftwaretestHumanoider RoboterDatennetzNummerungNummernsystemDatenflussMultiplikationProxy ServerCASE <Informatik>Rechter WinkelSpywareComputeranimation
29:48
Mobiles InternetTermRadikal <Mathematik>Nichtlinearer OperatorProxy ServerBitrateNummerungZählenProxy ServerNummerungSpeicherabzugQuaderMereologieEigentliche AbbildungPlastikkarteSimulationKartesische KoordinatenVersionsverwaltungCASE <Informatik>GruppenoperationRechter WinkelRadikal <Mathematik>DatennetzMultiplikationsoperatorSystemaufrufComputeranimation
31:32
Proxy ServerEinfügungsdämpfungSystemaufrufDatennetzMultiplikationsoperatorNichtlinearer OperatorSystemaufrufEinfügungsdämpfungExistenzaussageSpeicherabzugComputeranimation
32:25
Mailing-ListeSystemaufrufBitSystemaufrufTypentheorieGrenzschichtablösungsinc-FunktionÄußere Algebra eines ModulsKartesische KoordinatenVorlesung/KonferenzBesprechung/InterviewComputeranimation
33:16
PermanenteMailing-ListeSystemaufrufChatbotBildschirmfensterTypentheorieQuick-SortMultiplikationsoperatorFormation <Mathematik>NeuroinformatikChatbotComputeranimationVorlesung/Konferenz
34:47
TypentheorieChatbotWeb-SeiteDatensatzSystemaufrufGrenzschichtablösungDifferenteYouTubeVorlesung/KonferenzComputeranimation
35:39
ServerSkriptspracheWärmeübergangKünstliche IntelligenzServerChatbotSystemaufrufWärmeübergangGraphfärbungPunktRoboterSchnittmengeInteraktives FernsehenNeuronales NetzAudiodateiDatensatzSprachsyntheseMustererkennungComputeranimation
36:45
SystemaufrufKategorie <Mathematik>TypentheoriePhysikalisches SystemComputersicherheitPay-TVOffice-PaketDatensatzDienst <Informatik>YouTubeSystemaufrufLinearisierungMultifunktionRegulator <Mathematik>TypentheorieDifferenteVollständigkeitCASE <Informatik>FlächeninhaltComputeranimation
37:49
BitrateZehnGebäude <Mathematik>GrenzschichtablösungTypentheorieSystemaufrufPunktVorlesung/Konferenz
38:39
BitrateMittelwertSystemaufrufInverser LimesSystemaufrufMittelwertWort <Informatik>Computeranimation
39:26
Inverser LimesMittelwertSystemaufrufSystemaufrufDatensatzTermMittelwertUmsetzung <Informatik>YouTubeMultiplikationsoperatorNummerungPhysikalischer EffektComputeranimationVorlesung/Konferenz
40:29
MittelwertAnalysisSystemaufrufInverser LimesGeradeUmwandlungsenthalpieGruppenoperationPlastikkarteBitrateUmsetzung <Informatik>Kontextbezogenes SystemGeradeDatenflussAnalysisSystemaufrufKontrollstrukturPlastikkarteTermResultanteSprachsyntheseArithmetisches MittelNatürliche ZahlGraphfärbungExogene VariableZweiDifferenteGrenzschichtablösungAbfrageShape <Informatik>TeilmengeTypentheorieLinearisierungAutomatische HandlungsplanungGruppenoperationComputeranimation
43:15
KontrollstrukturProgrammverifikationAbfrageKünstliche IntelligenzInverser LimesKontextbezogenes SystemSystemaufrufAbgeschlossene MengeChatbotNatürliche SpracheGraphfärbungTermUmsetzung <Informatik>SchnittmengeDifferenteKontextbezogenes SystemSoundverarbeitungQuaderSystemaufrufComputeranimationVorlesung/Konferenz
44:21
HalbleiterspeicherProtokoll <Datenverarbeitungssystem>PlastikkarteSystemidentifikationGraphfärbungSoftwareschwachstelleInformationAuthentifikationMultiplikationsoperatorProtokoll <Datenverarbeitungssystem>ComputersicherheitNichtlinearer OperatorRegulator <Mathematik>Rechter WinkelDurchmesserSpywareResultanteTelekommunikationVorlesung/KonferenzComputeranimation
45:42
Formation <Mathematik>EinfügungsdämpfungGeradeSystemaufrufVorlesung/Konferenz
46:29
HalbleiterspeicherApp <Programm>SystemaufrufWald <Graphentheorie>NetzwerktopologieNummerungOrtsoperatorDefaultBitrateNichtlinearer OperatorRadikal <Mathematik>Mobiles InternetProxy ServerMAPPlastikkarteKartesische KoordinatenGeradeQuellcodeRegulator <Mathematik>SimulationMomentenproblemRechter WinkelOffene MengeMereologieInterface <Schaltung>Schreib-Lese-KopfDeterminanteDatennetzSchnittmengeBesprechung/InterviewVorlesung/Konferenz
48:47
HalbleiterspeicherService providerNummerungRoutingSystemaufrufStatistikApp <Programm>MereologiePay-TVInternetworkingPrimzahlVorlesung/KonferenzBesprechung/Interview
49:46
HalbleiterspeicherBeobachtungsstudieKartesische KoordinatenProxy ServerPhysikalischer EffektSystemaufrufSoftwaretestBitrateBesprechung/Interview
50:52
Schnitt <Mathematik>PlastikkarteIdentitätsverwaltungQuaderKartesische KoordinatenSystemaufrufNummerungSimulationNichtlinearer OperatorBesprechung/Interview
51:53
Automatische HandlungsplanungNichtlinearer OperatorTypentheorieProgrammfehlerGesetz <Physik>NummerungDatennetzRechter WinkelMereologieBitrateSimulationTabelleE-MailPlastikkarteInformationsspeicherungVorlesung/KonferenzBesprechung/Interview
52:54
TrägheitsmomentHalbleiterspeicherKategorie <Mathematik>ChatbotSystemaufrufRoboterAnalysisUmsetzung <Informatik>Güte der AnpassungDienst <Informatik>HoaxVorlesung/KonferenzBesprechung/Interview
54:28
HalbleiterspeicherÄhnlichkeitsgeometriePlastikkarteService providerRoboterDienst <Informatik>Kartesische KoordinatenUmsetzung <Informatik>Radikal <Mathematik>Selbst organisierendes SystemTermNichtlinearer OperatorVorlesung/KonferenzBesprechung/Interview
55:45
Kartesische KoordinatenRoutingSimulationPlastikkarteNummerungDatennetzNichtlinearer OperatorTelekommunikationSystemaufrufPunktPolstelleRadikal <Mathematik>QuellcodeRechnernetzBootenMusterspracheBitDatenreplikationCASE <Informatik>Besprechung/Interview
57:41
HalbleiterspeicherSystemaufrufMailing-ListeSoftwaretestNichtlinearer OperatorGruppenoperationNummerungFreier LadungsträgerRoutingEinsDatennetzPASS <Programm>Vorlesung/Konferenz
58:53
HalbleiterspeicherService providerSoftwaretestNummerungCachingMarketinginformationssystemPASS <Programm>SystemaufrufRoutingCall CenterSpywareStatistikTermNichtlinearer OperatorGefangenendilemmaDifferenteVorlesung/KonferenzBesprechung/Interview
01:00:03
HalbleiterspeicherSystemaufrufTermNichtlinearer OperatorSoundverarbeitungHoaxTelekommunikationServerVorlesung/Konferenz
01:01:32
HalbleiterspeicherKartesische AbgeschlossenheitMultiplikationsoperatorDiagramm
Transkript: Englisch(automatisch erzeugt)
00:19
Welcome, everyone, to the first talk in the morning.
00:23
We are here to learn something new about exploring the fraud in telephony networks. The speakers today are Aurélien Francéon and Mervi Shaheen, and they will give you a little bit of an understanding of the telephony fraud ecosystem
00:45
so that you can learn a bit about what telephones can do. So give a warm hand of applause to Aurélien and Mervi.
01:02
Thank you. Good morning, everyone. Happy to see so many people working up for the first talk of the day. Happy to open the session today. So the goal in this talk is to give you, first, a broad overview of telephony fraud. What is telephony fraud, why it is important, how does it work. And then we will dive into a few topics.
01:22
We're going into more detail. There will be some new content, some things we've already said before, but the goal is really to give an overview and to dive into some of the difficulties there, some of the things on how you can analyze, how you can detect, especially where we care about understanding how does it work. So a small thank you of myself, so my name is Aurélien Francien.
01:43
I'm an assistant prof in Eurekon, a small engineering school in source of France on the French River next to Nyx. And my specialty is working on system security as well in telephony fraud. Now you can follow me on Twitter, Aurélsec, and I'm actually hiring students, PhD students, engineers, feel free to get in touch in case of need.
02:03
So hi everyone, my name is Mairém. I have been working the last almost five years with Aurélien on telephony fraud. First I started as a PhD and then I did one year of post-doc. And then starting from next year, actually I will join the SAP Security Research.
02:21
That's it. Good, so telephony fraud. What's really interesting about telephony fraud is that telephony is like the oldest network we have today that's still running, right? So telephony started in the 80s, 70s, the beginning of interconnections of phones, right? And since then, since 150 years, we kind of have backward compatibility, right? So it's kind of a big legacy.
02:43
Another thing interesting for fraud is that everything is billed. So almost every phone call you make, even if you have some plans or sound, there is some bidding behind the check, how much time you call, which number, which destination, all this is fairly complicated. And since the beginning, people try to make some free calls. So for example, to fraud some telephone operators, right?
03:03
And social engineering against them. And then today, so it's getting quite complicated. There are multiple technologies which get converged. You have voice over IP since like 20 years, but no tons of applications. And those are interacting with the telephony ecosystem, right?
03:20
So this is getting complicated with many different actors involved. Before you had these state-owned operators, like Orange in French, or Dutch Telecom in Germany. But since 20 years, it's getting lots of operators, lots of interconnections and so on. On telephony fraud, telephony is not touching like 7 billion people, right? So it's really huge. And this generates a massive amount of data,
03:42
and finding the fraud in there is not always easy. So let's look at the ecosystem, right? So at the beginning, you have a phone, right? So it may be a long line phone, an old analog line. It could be an analog line in a company with a PBX. Or it's most likely today, if you are in a company on the product network, it's an IP phone with an IP PBX, right?
04:02
So those phones get connected through different connection links to your operator. And of course, you also have mobile phones, which as well gets connected through wireless to your operator network. So we don't care so much about the technical details of how this interaction work, but more how the calls are rooted across operators, right?
04:22
Because if you have a call from the same operator to the same operator, it stays on the network. But extremely often, you go over another operator because you call someone that's in another country or in another operator. So you have to get some attack connection between two operators. And then again, extremely often, you have to go through some transit operators
04:41
because you are across multiple countries, or they just don't have a direct link, or for some random reason, price or so on, they still go through a transit. Very often, you have multiple choices, and some transit goes through some other transit, and that's getting complicated. Sometimes you have ten transit operators between the two callers.
05:03
So of course, as we mentioned, your mobile phones today, they are computers, and you have tons of applications, voice over IP, and what is called OTT, we'll come back to it. And these allow to interconnect with the legacy telephony system that adds some complexity. And in the end, if you call a mobile phone from a mobile phone,
05:22
you may go through all this complicated network on transit, or you may also go directly between the two phones over the IP network that's extremely frequent today. So in all this ecosystem, now we have some fraud a bit everywhere. So for example, you may have your operator
05:40
who's overcharging you something, and this happens, this happens. And then you may have other cases where your phone gets stolen, your SIM card is abused to generate some calls to some premium numbers, right? And then you get extremely high charge at the end of the month, and sometimes it's even within a few hours before your phone line is cut. We'll talk about that in a bit.
06:02
In some cases, I don't know if it occurs to you, you may have someone calling you from one country, and you receive the call, and then you see the caller ID which is changed. So your friend's calling you from, let's say, Russia, and then you get a UK caller ID, and that's a kind of a fraud. Typically, this is done with SIM boxes,
06:22
which get somewhere into the network to abuse some SIM cards. On this, it typically changes the caller ID. We'll see some examples of that as well later. Another thing that's extremely important today is unwanted calls, voice spams. The robocalls, basically they have robots that will just spam you a lot,
06:43
and everyone receives some spam calls before. We'll talk a bit about this too. So in the end, there is fraud a bit everywhere in these networks. We need to understand this, because these frauds have some consequences. These consequences are important. So in terms of money, there is no good study about it.
07:03
There is one study by CFCA which states that they do it annually, but overall, they claim that telephoning fraud costs something like $4 billion a year. That's significant, but these numbers are not extremely reliable. But if you just look at the complaints from users,
07:20
so it's about half a million users which complain to the FTC in the US about receiving some spam calls. Half a million per month, half a million complaints per month. There is also telephoning service, which basically happens to make emergency phone numbers unavailable that can have life-threatening consequences.
07:41
So we rely on this system for us to work. Another thing as well is that more and more, we rely on the telephone for using it as a trusted dot party, as a secure system, a secure mechanism, so that we can use, for example, two-factor authentication. But we have seen recently some cases
08:01
where two-factor authentication is abused. So you receive a text message on your phone to log into your bank or confirm a bank transaction or access your Bitcoin wallet. There have been cases with Bitcoin wallets stolen because people just went to the shop, bribed some employees, and they get the phone number attached to a new SIM card with their own,
08:22
and then they can get the reset password message and confirmation text message on the phone. So all these are actually abused in the wide. So because all this gets quite complicated, in fact, very often, when some people talk or you check online,
08:41
you find people talking about fraud, and then they meet according to the technique, they say PABX fraud. There is no such thing as a PABX fraud. PABX can be abused, compromised, and they can be used to make a lot of different frauds. So we actually came up with a definition, because we're scientists, so we have to come up with definitions,
09:01
trying to help us to understand this in a proper way. So at the beginning, we said that a fraud scheme is a way to obtain legitimate benefits by using a technique. It's important because, as I mentioned, techniques can be used in multiple frauds. In the end, these techniques are possible because there are weaknesses in the networks, in the systems,
09:22
and these weaknesses are present because there are some root causes which have been there for a long time, and they are hard to fix. So to get a bit more concrete, here is an example with a callback scam. So you all receive these text messages, these calls, very short calls, which make your phone ring, say, oh, there is no message, maybe you call back.
09:42
So the goal of the fraudster is to, they will call lots of people, and they will generate lots of one ring on many phones, and they expect that some people call back, and they will call back, but when calling back, they will call back a premium rate number, and this premium rate number will generate some cash for the fraudster. So this we can actually analyze in this taxonomy.
10:03
So we can define the fraud scheme as a callback scheme. The benefit of the fraud is to obtain some revenue share from these premium numbers. Then the technique would be, multiple techniques can be used, but first we assume that some Colorado ID spoofing can be used.
10:21
There will be some weaknesses in the system. So basically, you can do Colorado ID spoofing because there is no Colorado ID authentication in these systems, in the telephony. There are some things ongoing to fix this, but it's still going to take a lot of time before it's completely there. And in the end, all these are possible because you have legacy networks and so on.
10:41
So we came up with these classification layers, and then we can make this a bit more complicated, and we can just categorize the different classes of frauds and put it in there, classes of frauds, classes of techniques and weaknesses and so on, and where to obtain benefits. And then we can get this to a lot more detail. I don't expect you to look in detail at this figure.
11:00
We have a paper where we discuss all this, but we're going to use this as a thread of the talk, and we're going to talk about some specific parts of it. Mary is going to start talking about international revenue share fraud, or IRSF. So before explaining how this IRSF works,
11:21
first I need to explain to you how a normal international phone call works. So let's say there's a caller in country A. He wants to call the callee in country B. So for this call, the caller will pay some amount of money to his operator. Let's say he pays $1. So it's most likely that there is no direct connection between these two operators,
11:41
so the call needs to go through several transit operators. And what happens is that each operator, like here operator A, he will have a rate sheet showing that for this destination, he can use several different transit operators to route the call, and each of them probably have different qualities and different prices.
12:04
Of course, if he chooses a cheaper transit operator, he will keep more money for himself, but usually this decision is very complicated. So let's say operator A choose T3 as the transit operator. Again, T3 will have multiple options.
12:21
Let's say it choose T4, and finally, T4 actually paid the international call termination fee to the destination operator, and the call is terminated on this destination. So what happens in case of international revenue share fraud is basically there's a fraudster
12:41
who's generating calls on behalf of someone else. He can use stolen SIM cards, he can compromise the telephone system, he can use mobile malware, et cetera. And basically, at some part of the call route, there is a transit operator that is a kind of shady fraudulent operator,
13:01
and instead of sending this call to the legitimate destination, this operator can make a deal with a premium rate service provider and actually hijack the call and reroute the call to this provider. And of course, in this case, they don't have to pay any money to the operator B. Instead, they can keep this money for themselves
13:21
and share between each other. And finally, our fraudster will also get some part of the revenue for each minute of the call that he generates. So we analyzed this fraud scheme basically from the perspective of these premium rate service providers.
13:43
So actually, if you go online, make a Google search with the keyword international premium rate numbers, you will see many, many websites that are advertising those numbers. So they tell you that you can get a phone number for free. You start generating calls to this phone number, and then you receive payments
14:01
via several different payment methods, and they also give you a lot of support, whatever you need. This is an example of the money paybacks. For instance, if you start, if you generate call to this phone number in Belarus,
14:21
you will be getting 10 cents for one minute of call. So one interesting thing was that those IPRM providers, they actually also have some test interfaces. And this is necessary, because before you start the actual fraud, you need to make sure that the hijack works.
14:42
So you first go to the test interface, you make several tests, you check if your call is hijacked in this route, and if you will be able to receive payback or not. And actually, those test interfaces, they are advertised on social media, in Facebook Twitter, with the user accounts, test user accounts, and so on.
15:05
So once you go to one of those interfaces, you will see several phone numbers from many different countries. You can pick one of those numbers, you make your test call, and if the test call is successful, basically you will see in the website, in real time,
15:21
if your call, the hijack was successful, and if you will be able to get some money payback from this call or not. So basically what we did was to crawl those test portals for about three years, actually.
15:41
In total, we have been collecting more than 1.3 million test numbers and 150K test call records. So the first interesting thing that we observed was that actually all the countries and territories in the world are affected by this fraud scheme, but some parts, some continents and countries
16:04
are affected more, like African countries, Russia, some islands in South America, and so on. One important thing to note is that the test numbers that we collect, they are not used
16:20
for the actual fraud scheme. So first the fraudster goes to the test interface, makes several tests to several destinations, and if the test is successful, actually he will obtain another number that will be dedicated to himself, but this number will be in a similar number range with the test call that he made. And actually, so the fraud actually will occur
16:43
on similar numbers to the test numbers. So as an example, if this is a test number that you see on the test interface, most probably this number is hijacked in a range of 100 or 10,000 numbers, but we don't actually know the actual range of hijack.
17:06
So in this picture, okay it's a bit complicated, so here we see the whole number space of two countries, Latvia and Cuba. So in the y-axis you see the first four digits,
17:20
all possible four-digit numbers, and in the x-axis you see the last four digits. So if you actually move over the x-axis, these are the consecutive phone numbers, and if you move over the y-axis, you can see number allocations in the country by the type. For instance, the blue denotes the mobile number range.
17:42
So in Latvia, for example, mobile ranges start with two, while in Cuba, mobile ranges start with five. So the first thing we observe here is that the spreadness of IPRNs are different in each country. In Latvia, the test numbers are more concentrated on five number ranges,
18:00
but in Cuba they are much more spread and much more random looking. The second observation we can make is that the dots that you see, the red dots, they actually come from the number ranges that are not allocated by the regulator of this country.
18:20
So actually, normally those numbers that should not be used and should not be called by anyone, but they are still being abused for this fraud. And the last observation we make is that you are seeing some vertical lines in the graphic, and this is because the test numbers are most of the time selected
18:41
from the beginning of these four digit number ranges. So once they hijack a range, probably they advertise the beginning, some numbers from the beginning of the range as the test number, and maybe they use the rest for the actual fraud. Okay, so another thing that we analyzed
19:01
was the behavior of different providers if they behave the same way or they are different. So these are some statistics from six of the providers. You can see the first two of them are the most active ones. They change numbers very frequently,
19:20
so an average advertisement duration for a single number is only four or five days, and every new day they advertise almost 2,000 new phone numbers. Probably they do this because after some time, these phone numbers start getting blocked by operators, so by changing the numbers frequently, they make the test calls more successful.
19:45
But the rest of the providers, they basically are more static. They advertise phone numbers for really long durations, and they actually advertise few new numbers per day. So another thing we looked at
20:03
was to check if two different, if one phone number is shared between multiple providers or not, and it turns out that among the more than one million numbers, only 70,000 of them are observed in more than one provider.
20:21
But actually, if you ignore the last four digits and if you look for the number ranges, almost 8% of the number ranges have been shared across all the providers. So after making some observations on these numbers, of course we want to focus on solution.
20:41
So from the perspective of a telecom operator, an operator only sees the call data records that are recorded in his own infrastructure. So these records include the date, the source number, destination number, duration, some signaling information, et cetera. So it actually turns out to be very challenging
21:02
to detect IRSF because operators have limited like the local view of the call, and they actually process a massive volume of traffic and phone numbers every day. And sometimes anomaly detection techniques does not actually work because the number
21:22
of fraudulent calls can outnumber the legitimate calls for some of the source numbers. Also, operator has many different users with different behavior. For example, an outbound call center that is making calls to many remote clients will not behave the same as some home users.
21:44
So of course, first naive approach to detect IRSF would be just to look for those test numbers and the number ranges that we collected. But this is not a good solution because this is incomplete. We cannot track all the IP RAM providers in real time, all the time.
22:02
And also this is likely to bring some false positives because not all calls to suspicious numbers will be fraudulent. So our approach, our idea was using these test numbers in a different way. For instance, we compute some IRSF likelihood
22:23
for the destination number, depending on the distance of this number to the known test numbers. Or we can compute some likelihood score for the destination country that relates to the ratio of IP RANs advertised from this country and the test call logs observed to this country.
22:44
And finally, we combine this with some statistics from the call records, like how many seconds I've passed since the last call from the same source number, or how frequently the source number calls this particular destination number.
23:01
So we were lucky to obtain some call records from a small European operator, and we were able to evaluate this approach, actually. So the dataset we obtained includes four different IRSF cases. Three of them are compromised telephone systems used for IRSF, and one of them is a stolen SIM card,
23:23
again used for IRSF. So in total, we have 3,000 fraudulent calls in this dataset, and 150K legitimate calls. And what we did was actually, by using the features that I described before, we trained a random forest algorithm to classify the calls as fraudulent or benign.
23:44
And actually, of course, these are preliminary results, but it turns out that this approach works better than the naive approach of just looking for test numbers. So we actually achieved much better accuracy and much less false positives.
24:02
But currently, we are working on a much bigger dataset to be able to evaluate this approach better. Okay, so the next fraud scheme that we will talk about is called the interconnect bypass. Actually, it will be one form of interconnect bypass fraud. Okay.
24:21
So one form of interconnect, so essentially, interconnect bypass is some fraud technique where you will put calls in a normal way, right, you will get the calls over some route which is not the normal or the most likely route or the most quality route, and you will do this
24:40
to obtain some benefits. So this is a general way, there are multiple techniques. We'll talk in particular about over-the-top bypass and some study we did a few years ago. So basically, what is called over-the-top, so you probably heard this a lot before. Over-the-top is in a way the way that telecom operators call services which run on top of their network
25:00
and which compete with their network services like telephony or messaging, right? So there are tons of applications you recognize, probably most of the icons there. On these are basically competing with traditional telecom service and providing some other services too. It's huge today, right, it's like it was
25:20
sort of like billions of users. And the thing is these services, they in general need to make some revenue too, right? So they are very cheap or free but they still have to make some revenue. So typical ways of making a revenue is advertisement or selling some stickers or games on Cetera. And one way that is used more and more is to actually provide some interaction
25:41
with telephony systems. In particular, we can think of Skype In or Skype Out which is very popular, it's been there for years. Skype In basically allows you to buy a phone number and get people to call this phone number that would reach your Skype account and would ring on your computer or anything you want. Skype Out is from your Skype account,
26:00
you can call some international numbers everywhere in the world, so I'm sure many of you already use these services. These are perfectly fine. But however, there is what is called Oddity Bypass which we'll describe in more detail, which is not so fine, I'll show you why. So essentially, an Oddity Bypass call
26:21
is occurring over an international call. So like before, you see you have a caller, a callee, an auditing operator, some transit operator and some terminating operator. There is some revenue share along the way, so you pay something to your auditing operator for him to put your call to the destination. In Oddity Bypass case,
26:40
it could be a call generated from a mobile or online, it doesn't really matter. But the callee, the number you call, is basically a smartphone that has this oddity application that has a SIM card with a phone number attached. So basically what happens here is that this transit operator is going to make an agreement with the provider
27:02
of this service, of this oddity application, and they will route the calls over the IP network. On the call that you generate to this mobile phone number, those plus three, six in France, for example, is not going to ring on the normal phone interface, but it's going to ring on these oddity applications.
27:21
So maybe this occurred to you already before, and this occurs in general over international communications. So the big advantage of this is that the transit operator doesn't pay anything anymore to the terminating operator, but he pays a lot less to the oddity provider, which makes some revenue,
27:40
and then is keeping a lot more, a bigger share of the revenue. So it's increasing its revenue, basically the transit operator and oddity operator are very happy about it. This has some consequences for the caller, which is going to have some potential quality problems. You pay for something, for some quality of service as an operator, but you get something else.
28:02
You may pay for premium routing and get something that's similar to VoIP quality. For the callee, it's the same. Sometimes you have quality problems, the call don't reach, you don't have the voicemail or the call forwarding which are working, because the voicemail and the call forwarding
28:21
are actually handled by your terminating operator, your mobile operator. And there are some other trouble. The main problem, of course, is for the terminating operator because he's losing a lot of money. All the international calls, a big part of the international calls don't go through his network anymore and he's not paid anymore for those calls. So to study this, we actually made a small experiment.
28:43
We actually took eight funds with some SIM cards that we put in eight European countries. So those funds were actually controlled over SSH, they're basically Altered Android Funds, and we get them to some friends in eight countries. And then we generate calls to some funds
29:01
which are in France and which include SIM cards from this operator. On the home country, operator is actually giving us the call that records that correspond to the calls we generate to those numbers. So in the end, we generated like 15,000 calls on this small test network we built. And then we do some measurements.
29:20
So the first surprise is that about 80% of the calls, in some cases, up to 80% of the calls go over the OTT network. And this is huge, right? 80% being hijacked, in some cases, is pretty important. There are six out of the eight countries where there was some hijack, where there was some bypass. The most surprising thing, in fact,
29:42
was that there is multiple flow schemes which call it. And this is quite funny. So, for example, we see SIM boxing on OTT bypass to call it. We generate a call from UK, from some phone number in UK. And then we have, so we first,
30:01
I would say first, we expect the call to terminate on the SIM card on the phone here to go over some transit. And then we expect the mobile termination with the same number as we called. So we expect to see this number to ring. In fact, we see sometimes that the numbers,
30:20
they go over a SIM box. And then they don't show up as a, we receive the call, we generate, but we don't receive it with a caller ID which is from UK but from Russia, right? So basically there are SIM boxes in the middle with a Russian SIM card, which could be maybe a stolen SIM card or a fraudulent SIM card. And we see about 16% of SIM box bypass.
30:42
But then we also see some plain OTT bypass like before, like I mentioned before. So there we see just the, basically what we observe is that the phone is not ringing on the mobile network, but we see the OTT application to ring, right? And then we see the proper phone number, no problem,
31:01
but we have 36% of these to occur. And then the most funny part of it is that we also see some calls which go first over the SIM box and then they go over the OTT bypass, right? So in this case, it means you see your phone ringing on the OTT application with the Russian number, right? And it's like, who's calling me?
31:23
And that's kind of weird. So in the end, we reach this 80% fraud with all possibilities and that can get quite confusing for the user. So in the end, so we have a paper where we describe a lot more details on experiments we conducted. We don't really have time today.
31:41
But in the end, these frauds can lead to quite several financial loss for the operators. There are some call establishment problems which we measure. And basically, you can get your phone to ring, I mean, the caller here, your phone ringing for one minute before your phone actually rings, right? And this is problematic
32:00
because maybe after one minute, you just drop the call so you never actually answer it. You won't have a chance to answer it. And then there are some quality problems. But in fact, if you look at this, there is zero benefit for the user, right? So I think that's the main problem. Someone's making some benefit. You have some quality problems, but no benefit for the user. Something's wrong.
32:21
Okay, so with this, I'm going to let Mary talk about some interesting topics on telephoning voice spam on scams. So actually, I think voice spam is a bit more particular compared to the previous stuff we talked about because this is something that I think everyone in this room experienced
32:42
at least once in their lives. So what is voice spam? We can define actually a spam call as any type of unwanted or abusive phone call. So this has been a problem since several years. And there are many solutions around like caller ID, black list, applications,
33:02
white list, do not call lists, et cetera. But none of them are actually working well. We are still receiving a lot of spam calls. So some people come up with alternative solutions. For example, they say that the permanent solution would be to present, to be deaf or a child.
33:20
Or there are people who actually try to throw back the scammers and they spend, for example, this guy spent two hours talking with a Windows technical support scammer. So of course, these are also some type of,
33:40
some sort of solutions. But they are not very efficient because if you spend two hours with the scammer, you are also spending your own time. So you waste the telemarketer's time or spammer's time, but you don't, you shouldn't waste your own time. Okay, so this is end.
34:04
And we are calling you from King Central, America. At the phone, the house, you're still here. So how are you doing today? I'm sorry, I couldn't hear you.
34:23
I'm talking about your own computer, which is very, which is our current computer. So I, you have seen Lenny already. So Lenny, the guy that you all just heard
34:42
is a, is a kind of a defensive chatbot that is created to defend against the voice spammers. So the creator of Lenny is anonymous, but it is actually working surprisingly well. It is working very well in dealing
35:01
with various type of spammers. And it has growing popularity online. You can find the YouTube page. There's a public deployment of this chatbot, basically, that people are forwarding their calls. And you can find many different call recordings of Lenny dealing with several type of spammers.
35:24
So how this chatbot works. So let's say there's a spammers calling a user. What the user does is basically, either on his mobile phone or on his landline phone, he transfers this call to a telephone server
35:45
that is hosting Lenny. He can either create a conference call or call transfer or make, just make a setup call forwarding. And basically here, the user will leave from, leave the call or just mute himself. And after this point, Lenny will be interacting with the spammers.
36:04
This chatbot is actually made up of, just a set of pre-recorded voice audio files and a secret that is running those recordings once the caller stops speaking.
36:21
So as you see, there is no speech recognition, no artificial intelligence, nothing advanced. But this chatbot is working very, very well. And we think that the reason that it works so well is because of the conversational quality of those recordings. Another nice thing about this is that it actually acts
36:41
as a high interaction honeypot for voice spam. So as I said, there is a YouTube channel playlist that you can find many recordings of Lenny online. So what we did was actually, we chose 200 of those recordings randomly, and we made them transcribed
37:02
with a commercial transcription service. It corresponds to almost 2,000 minutes of phone calls. Then, basically, of course, we analyzed those transcriptions in detail. So the first thing we saw was that in these 200 phone calls, you can find almost 22 different type of spams.
37:24
Some of these are more on the legitimate side. I mean, according to the regulations of the corresponding country, which is United States in this case, these calls are legitimate, like political or fundraising calls. Some of them are more like in the gray area, because, for example, the telemarketing calls,
37:42
you are never sure if they actually get the user consent in a proper way. And some of the calls are complete scam calls, like the tech support you just heard. There are several vacation scams, Nigerian scams, and so on. But the nice thing is that Lily is effective
38:01
against all type of such spams. So, of course, we went over in detail to those transcriptions, and we analyzed how different spammers interact with Lenny. So there are several interesting things here. So first of all, I should say that Lenny never terminates the call.
38:21
So he never says bye. He always keeps talking. But at some point, the caller needs to, of course, stop, like, terminate the call in some way. So some of them actually try to do this in a proper way, try to say bye. But some of them are not polite.
38:42
They are rude, and they just hang up. So if we, for example, look at the ratio of people who hangs up, you can see that the scammers are much less polite compared to, for example, the donation calls. You can also see that the scammers, the average call duration for scam calls is much shorter than the rest of the calls,
39:04
because once the scammer understands that he won't get any money, he just hangs up the call. He doesn't want to waste too much money. And finally, we found that the scammers use bad words, curse words, much more than the rest of the spammers.
39:23
Okay, so I have been saying that Lenny is very effective. Why I'm saying this? Because basically, okay, so in this 200 phone calls that we analyzed, the average call duration was 10 minutes. Actually, over all the playlists, all the recordings available on YouTube,
39:43
the average call duration was 10 minutes, which is quite high. And during these 10 minutes, actually, there are 58, in over 58, conversation terms between Lenny and the spammer. And actually, the spammer hears the recordings almost two times, so he actually hears
40:01
the repeated recordings, but they somehow do not realize that they are listening the same thing over again. And one other interesting thing was that only in 5% of the calls, Lenny was explicitly
40:22
recognized as a bot or as a recording. So what we did was actually we collaborated with a social scientist who is specialized on conversation analysis topic, and we get a subset of these transcriptions that we get.
40:42
We made them, like we analyzed them further with some conversation analysis technique. So now I will make you listen, actually, the first four terms of Lenny in isolation, just to look at it in more detail.
41:02
This is Lenny. Second one. Sorry, I can barely hear you there. Third one. Yes, yes, yes. Oh, good, yes, yes, yes. So as you see, they are very simple, very brief lines.
41:20
But actually, they are designed as possible speech terms. They have some details that are specific to natural speech, like there are hesitations, self-repetitions, and some of the terms initiate a new action. For example, in the second term, Lenny says, I can barely hear you there, which makes the caller actually repeat his previous term.
41:43
But some of the terms are responsive. For example, the fourth one, good, yes, yes, yes, can, depending on the context, it can mean acceptance, like approval. So depending on the context, it can mean several different types of responses.
42:06
So this is an example to show you how these simple lines work, how well they fit in one conversation. So this is a type of,
42:21
an example of a credit card scam call. So as you see, the caller immediately enters the call with the reason of the call. He directly says why he is calling, and then he finishes his turn with a question. This looks like a question, but actually the preferred answer here is a yes.
42:41
So he expects the colleague to say yes. But actually, Lenny breaks this flaw by saying that he is not able to hear. And as a result, the caller, as you see, just partially repeats his first query, and then asks the question again.
43:01
And by chance, because Lenny is designed so well, actually the next answer of Lenny is yes. So the conversation continues very well, like nothing weird happened, basically. So Lenny is, as I said, very simple-looking chatbot
43:23
with pre-recorded fixed turns, but actually it is really sophisticated due to the flexibility of the turns, its closeness to natural speech, the coherency of the character and the turns, and so because this guy is an old guy, of course he will have some hearing issues, so it sounds very coherent to the caller.
43:44
And also it has a very good ability to control the conversation somehow, sometimes leading the caller to adjust to himself. So in conclusion, of course, this is a very specialized chatbot. It is working very well in this narrow context
44:01
of spam calls, but of course it wouldn't work in different contexts, probably. But we think that the use of such chatbots can be an effective way to, at least to slow down the voice spam campaigns. Okay, so. So with this we're going to conclude.
44:21
Just saying that overall, telephone info is likely to remain a significant problem. There are weaknesses that are here and they are difficult to fix, right? So I mentioned, for example, voice color identification. There are some attempts to fix it with protocols like Stir on the IETF protocols,
44:41
but it's going to take some time. And every time we add a new layer of technology, it's going to bring new vulnerabilities. Forrester are quite smart and they have strong incentives. Basically I mentioned in the beginning that telephony, there is a lot of things which are built because there is money. There is a lot of ways to gain some benefit from it,
45:01
gain some money out of it. So we hear a lot about surveillance or hijack of calls, et cetera. So there are many security problems with diameter or things like this, or 2G security and so on. But this can also be abused for extracting some revenue from this
45:22
by a fraudster, right? So these people have strong incentives and they move very fast and they're typically hidden in some different countries in the world with flexible regulations. In the end, it's also interesting to understand that fighting fraud can be costly. So telecom operator will not fight fraud
45:40
if that's getting more expensive than the actual loss or perceived loss. And in the end, sometimes it's good to be as good than the competition. So if you are worse than competition, maybe you need to do something. But if you are the same as competition, maybe you are fine. Okay, so with this, I will thank you
46:01
and I will take questions. So we have questions from the audience.
46:21
Please line up at the mics. I see a hand at microphone two, please. Hi, it's for the talk. I wanted to ask, the calls that get routed through the apps, the damage to the end user might be very minor, acceptable, nearly net positive.
46:43
But what I don't understand, it's very transparent to the end user. He actually realizes which app he's being called on. So there is a way to track this back and it should be very evident. I thought when you were putting up the numbers, I was expecting .8%, 2%, like hiding it in the trees.
47:04
That's the forest it looks like. Why don't they massively intervene and stop it? So your question is one. So you expected it not to be 80, but 0.8%. So I think it depends how you look at it.
47:22
If you look at the calls from this source to this destination, if you have the phone with the application installed on your register on the IP network, then you may have very high levels. But overall in the world traffic, it may be very low. It may be as well very high for some termination. So if you have a SIM card for a country where you have 40-some termination rates,
47:44
not like France or Germany where you have maybe two-some termination rate with even the European regulation was very low. But if you have very high termination rates, there in these countries, you may have a lot more of this bypass. And the other thing is, yes, of course the user will notice it because it's not going to ring on the normal,
48:01
say Android, the other interface, but it's going to ring on this application. So you may not notice it if you maybe expect this person to call you on this application or if you don't check if they actually call from the application or from the normal mobile. It's going to look awkward if it's like your grandmother calling from the long line and it's ringing on this new fancy application you have.
48:21
But then it's going to be obvious, yes. So yes, it is obvious. It's easy to detect for the own user. Actually, it's something you can deactivate if you go search very far in the settings, which are checked in by default. But the thing as well is that for the operator, it's very hard because the operator doesn't see the call, the termination operator doesn't see the call at all anymore.
48:41
And that's a difficulty for the operator itself. Okay, microphone four, please. Hi, thank you for the talk. Do you have any stats on what apps are used for OTT? So yes, but our lawyers doesn't want us to mention it.
49:02
But if you Google online, you will find it easily. So no worries, just Google for it, you will know. Okay, thank you. A question from the internet, the signal engine. Yes, the internet wants to know with the callback spam where the route is hijacked, who's paid for that? Is it the provider or the end user?
49:24
Who's paying? So who's paying? If you have the callback spam, so you get to call, you call back, so you as a user, you call this premium number, and then this premium number will be supposedly registered by the fraudster. So you pay for the call back,
49:41
and then the part of this cost of the call that you pay would be given back to the fraudster, if that's maybe a good answer. Okay, microphone one. Yeah, what application did you use in your own study to get those rates?
50:02
Or if you're not willing to tell it, would we be able to find it somewhere? To generate the calls, you mean, the test calls? No, no, you did a study on the OTT bypass with those percentage rates of like 80% in Spain.
50:20
What application was that? Okay, so this- Did we use to generate the calls or sales for the test calls? No, I think he is asking for the application that is doing the bypass. Yes. That's what Simmons was before us. All of you doesn't want us to mention it. If you Google it, you will find it. So we use like multiple applications or?
50:47
So, multiple applications. So we know of one of them. So we did all these experiments on one application only, but we are not sure if there are more doing the same thing, basically.
51:00
Okay, microphone five, please. Regarding the SimBox fraud, where are those SIM cards coming from? Sorry, the echo is bad. Where are the SIM cards coming from? And how do the fraudsters avoid paying for the calls? Because I would assume calling from a SIM card would not be cheaper than routing the call legitimately.
51:23
So where are the SIM cards coming from? Basically, there are multiple ways. They can use stolen SIM cards, but this is, I think, I would say less likely. There are some countries actually that you can obtain SIM cards without giving your identity, this kind of thing. So in those countries, it is much easier
51:43
to obtain a large number of SIM cards. And mostly, they abuse the SIM cards. Let's say there's an operator that is making a promotion that he says, okay, calling from Russia, let's say, to this country, from my network, it will be very cheap
52:01
for the next few months, let's say. So then they are more likely to abuse this type of like law of tariffs and promotions from the operators. There are also sometimes some bugs in the numbering plans. So the operator may actually, they have to have for every destination a cost, right?
52:21
And sometimes they have some mistakes, right? So if they have a mistake in their numbering plan, and they will charge you, if say, to call Zimbabwe, you will maybe call the same as Germany because they made a mistake in this table where they put the phone number destination on the price. So if a fraudster finds this, and finds that he would pay like, say, five cents
52:42
instead of paying 35, he's going to buy the SIM cards, buy 20 of them, put them in SIM boxes, and he's going to sell this traffic for cheaper than the normal rate. I think that was the second part of the question as well, but maybe we omit it. Okay. Thank you.
53:01
Google has developed a very sophisticated chatbot for phone calls. Would that be a suitable Lenny 2.0? Yes. So I think the thing with the Google's chatbot is that they have to say that it is,
53:22
I mean, they have to say that it is a chat, well, okay, there are, so. So probably they could be used for this as well, right? But I think they have been designed for something else. So I think there is already, from Google, there is a service that actually answers your spam calls.
53:41
I don't have much knowledge about it, but there is also the chatbot that makes, for example, makes reservations for you. Definitely it is a much complicated and better artificial intelligence. I think it will work well if it is also combined with some conversation analysis techniques.
54:01
The thing as well is that so far, there are lots of these, let's say, Alexia or Google Home, et cetera. When you talk to them, you know you are talking to a bot, right? If they have a voice that's kind of synthetic, it's fine because you know you're talking to a bot. If you think of Lenny, he has a human voice. It's a good actor who's actually speaking this.
54:23
It's hard to recognize this voice as fake because it's a real one, right? Just the conversation is fixed and it's done, but as the Lenny is just on swearing terms, he's not driving the conversation to anything smart. It's working quite well. Maybe if these bots would become a lot better
54:40
in voice quality, like this conversational organization of the discussion, then maybe they could be used as well in a similar way as Lenny. But so far, it's not yet there exactly, I think. I have another question about the OTT.
55:01
How do they know that the application, the OTT application is actually installed on the colleague's device? How do they know that? And also, does this scam require the OTT application to actually be actively participating in the scam
55:22
and to be kind of complicit in it? Or are they just like an unknowing bystander in the scam? So the way it's working is the OTT service provider is actually advertising call termination
55:42
on the two operators, right? Then when they agree on a deal, you will have the operator who's going to basically say, oh, I receive on my network, so my incoming traffic for calling this termination, say, I don't know, South Africa, right?
56:00
South Africa. And then you look at your sheets and you say, okay, I have going through, I don't know, Dutch telecom, that much per minute. I'm going through orange, orange that much, and so on. And then you have many, many, maybe you have 20 different possible routes, and you will say, okay, I have also this OTT operator.
56:20
The thing is, you will be only able to carry over the call to this OTT operator if, on the other hand, we have the phone which is having this application activated, and if it's running, and if you're on the IP network. For this, basically, the thing is that on many OTT applications today, you register on the OTT application with your phone number.
56:42
So first, the same phone number for the actual SIM card and for the application. Second, the OTT operator is kind of having a heartbeat thing, so he knows the phone is active and the application is active and can ring or not. At this point, the telecom operator is going to try to route the call,
57:01
if this is already checked, let's say. The operator is going to try to route the call over the OTT network. If it's working, it's ringing, and it's fine. Sometimes, it's not going to succeed, so it's going to fall back to another network. So it's going to route the call on the OTT application only because they have a prior deal with it, for it,
57:21
and it's going to be only if the application is active, and then it's going to ring, maybe, and if it doesn't work, it doesn't connect, then they will fall back to another route. That's at least our understanding of how it should work. There is also a patent, if you want to read patentees. Okay, Mark, from one, please.
57:41
In the first scam case, how do the fraudulent operators make sure they get the call and not somebody else, and how are their lists or efforts to keep lists of fraudulent operators? So, actually, there is no way to make sure that you will get the call,
58:02
and that's why, actually, there is those test interfaces that the fraudster makes several calls to several destinations to see one that is working. So, most of the time, if the operators use, like transit operators, which are large ones, like Orange, for example, it has very big orange,
58:21
international carriers are very huge, so, and it is very, very less likely to have fraud in that network, but if some small or fraudulent transit operator is on the call route, then you are more likely to end up in a fraudulent route.
58:44
Yeah, so, I mean, they never make sure that they will get the call, they just hope that the call will go over them, basically. And if it doesn't work, they just test another number in another country, another destination, and they will test until they see the number to appear on this test interface, so they say, okay, no, I know this number
59:01
are going to be hijacked, or I can make some cache out of it, and then you just use this, you get a new number that you will generate cache on this provider, we know that when they see this number, it's you generated the calls. And actually, the call routing is very dynamic, so maybe today, the hijack works, and tomorrow, maybe it won't work, because the operator started to use a different route.
59:25
Microphone five, please. Hey, do you have any statistics on, how do you say, on kinds of scam being done, like, and who's, and do you have any idea about the people behind those scams?
59:40
Because I know for a fact that in some countries, there is quite popular scam from a prison, like, prisoners calling and saying, like, your daughter got in traffic accident, you have to pay this and this. Yes, so, in terms of the scams, I don't have.
01:00:00
much idea, I mean for telemarketing, for instance, there are many call centers running the telemarketing campaigns all the time, but in terms of scams, I am not really sure who will be behind the calls. If you look globally on telephony frauds, so you can refer to the CFCA study, which is not maybe perfectly accurate, but it gives an idea on the classified big frauds
01:00:24
by how much they cost or how much, in fact, operators claim they cost to them. So that's why it's not perfectly good, 100% accurate, nothing would be perfectly accurate, but you see IRSF as a very big one, you see Simbox as quite big as well on things like this.
01:00:41
So I think you can't get very detailed about this. Then who are the people doing this? I think it depends a lot, so you have in fact operators frauding each other a lot, apparently. You have people who just like run their small fake companies and put Simboxes somewhere and just advertise, so you have one person companies, a lot of telecom operators are
01:01:03
in fact one person company doing this on the side job, having a server, a telephony server in a place where you have no tax, for example, and they're just running and they get some mixing, some legitimate traffic with some fraud traffic and then they just make some few simple effects that are called their hoods, these kind of things.
01:01:24
So it's a fairly complex ecosystem and I wouldn't be able to just point one kind of people for this. So unfortunately we don't have time for any more questions, so let's give a big hand of applause for our speakers. Thank you.
01:01:42
Thank you.