TTY phone fraud and abuse
Sean Donelan
sean at donelan.com
Sun Apr 11 22:55:12 UTC 2004
On Sat, 10 Apr 2004, Scott Call wrote:
> My point was that my $20 GE telephone cannot be made into a liability for
> my telephone provider without my explicit participation, whereas a $20 a
> month dialup (or $50 a month DSL, etc) customer can be a liability for me
> just by being turned on.
Although Bell Labs avoided publishing papers about weakness in the
telephone system, it doesn't mean they don't exist. The Communications
Fraud Control Assocation has a decent publication on communications
fraud.
http://www.cfca.org/CCSP_dictionary_orderform.htm
They cover numerous opportunities for mischief which can occur with your
explicit, implicit, and even without your participation.
In most cases it is the equipment connected to the line (i.e. CPE), not
the line itself vulnerable to mischief. An answering machine with a
default remote access code, a cordless telephone without "digital
security", an insecure PBX, etc. The telephone network also offers
other mischief opportunites such as call forwarding, voice mail,
conference bridges, calling cards, third-party billing, collect calls
and more.
> Can people abuse the phone system? yes, of course it can, but the
> criteria for response are much higher, and in general the nature of the
> network (low concurrent session limit, point to point, voice only) as it
> is exposed to most people limits the damage that can be casually incurred.
There is a difference between crimes against the telephone system
and crimes using telephones. The Department of Justice estimates
Telemarketing fraud is a $40 Billion a year problem. But telemarketing
fraud doesn't necessarily reflect a security vulnerability in the
telephone system per se. Or at least not a security vulnerability
that can be solved solely by the telephone system.
More information about the NANOG
mailing list