simwood talk at itspa voip fraud workshop - part one: setting the scene

Simon Woodhead CEO

simon.woodhead@simwood.com

Simwood eSMS Limited https://www.simwood.com/@simwoodesmsTel: +44 330 122 3000

VoIP Fraud

www.simwood.com

US IF YOU’RE NOT FAMILIAR

Wholesale Voice to 590 providers worldwide

www.simwood.com

MORAL JUDGEMENT MANY YEARS AGO:

Do not want to profit from customers misfortune

www.simwood.com

TRY OUR BEST TO PROTECT THEM

www.simwood.com

PICTURE THE SCENE…

Christmas Eve 2013

www.simwood.com

AND THEN…

www.simwood.com

BUT OTHERS FOLLOWED…

For 9 days a customer fell

victim every night

www.simwood.com

ON EVERY OCCASION…

They were unaware

www.simwood.com

YES…

Even those attacked

repeatedly

www.simwood.com

SCORE SHEET…

Hours sleep lost:

27

www.simwood.com

SCORE SHEET…

Customer cost saved:

£200k

www.simwood.com

SCORE SHEET…

Actual customer cost (spend with Simwood):

£150

www.simwood.com

SCORE SHEET…

Actual customer cost (overflowed):

?

www.simwood.com

SCORE SHEET…

Most heard expression: “We must implement your fraud controls

in the New Year”

www.simwood.com

SCORE SHEET…

Pro-active customers compromised:

0

www.simwood.com

SO I GOT GRUMPY…

www.simwood.com

SERIOUS MESSAGE / LESSONS LEARNED:

VoIP Fraud is now organised

crime

www.simwood.com

SO WE DECIDED TO DO MORE, AND I WENT ON TOUR…

www.simwood.com

AND LEARNED LOTS…

VoIP Fraud is now organised

crime

www.simwood.com

AND LEARNED LOTS…

They know who you are

www.simwood.com

AND LEARNED LOTS…

They have reconned your

equipment

www.simwood.com

AND LEARNED LOTS…

They have planned their

exploit

www.simwood.com

AND LEARNED LOTS…

They await opportunity

www.simwood.com

QUICK DEMO…

16:21 Clean VM installed

off our network

www.simwood.com

QUICK DEMO…

17:02 First recon

www.simwood.com

QUICK DEMO…

Which we did not respond to

www.simwood.com

QUICK DEMO…

Overnight Nothing more

www.simwood.com

QUICK DEMO…

10:08 Installed Asterisk

www.simwood.com

QUICK DEMO…

12:35 Another recon

www.simwood.com

QUICK DEMO…

Which we did respond to

www.simwood.com

QUICK DEMO…

14:00 14:32 16:47 17:30

More recon…

www.simwood.com

QUICK DEMO…

17:49 First attempted

call

www.simwood.com

QUICK DEMO…

18:06 18:13 18:20

and so on…

www.simwood.com

QUICK DEMO…

02:12 first attempted

registration

www.simwood.com

QUICK DEMO…

All single packets

www.simwood.com

QUICK DEMO…

Unnoticeable in production

www.simwood.com

QUICK DEMO…

Even dialled the ‘test numbers’ we identified

www.simwood.com

QUICK DEMO…

Started within 41 minutes!

www.simwood.com

MORE LESSONS LEARNED…

You’ll know 50% of this

stuff

www.simwood.com

MORE LESSONS LEARNED…

The other 50% will be

‘interesting’

www.simwood.com

MORE LESSONS LEARNED…

But you’ll do nothing with it

www.simwood.com

PLEASE…

Prove me wrong