What is SS7 SMS Fraud?
There are a number of known methods of committing SS7 (signalling network) SMS fraud.
These include:
• Spoofing of subscribers
• Flooding of messages
• Spam messages
• SMSC Global Title scanning
• Faking of originating PLMN
Example: SS7 Spoofing Fraud
Currently one of the most threatening frauds is the SS7 spoofing fraud. This occurs when a fraudster hi-jacks a subscriber’s personality whilst they are roaming. This “spoofed” personality is then used to send fake SMS messages. These messages normally try to persuade the recipient to call a premium rate number. Often fake competitions or pornography is involved. The fraudsters often “market” their ability to deliver SMS mailshots to the highest bidder, usually within organised crime. This gives organised crime the ability to send spam at very low costs to themselves.
Most operators for whom we run monitoring services, see probing messages from fraudsters on a regular basis. These messages are used by fraudsters to detect unprotected networks and also to act as their own form of “quality control”. The messages are used in order to check how many of their planned SMS messages were sent before the fraud was closed off.
Of course this type of fraud also generates spam traffic. It is unlikely that the spam messages would be sent if the originators had to pay the commercial rate.
What are the Business Effects?
This type of fraud can be devastating. An attack can cause a huge problem with customer relations. It can also cause a direct financial loss to the operator who is obliged to pay the IOT rate for each message sent.
The numbers involved can be very large. We have seen as many as 350,000 SMS messages sent from one identity in about four minutes. This cost the operator concerned €17,000, a lot of customer dissatisfaction and substantial management time. One operator suffered a loss equating to around 30% of his revenue from SMS messaging.
Whilst these effects are substantial, the biggest worry is that one day the intention of the spoofers may be more sinister. There may be an attempt to deny the use of the SMS service by overwhelming it with seemingly valid messages.
Why this is a growing threat
The SS7 network, that links operators together, was also once considered a protected area which was insulated from the outside world and used solely by trusted members. However the barriers that protect this “safe area” are being increasingly eroded.
Changes in legislation, regulatory policies and customer demand have lowered the barriers to entry for new telecom operators. This has led to a rise in the number of operators, MVNOs and hub operators with access to the SS7 network. At the same time developments in advanced inter-networking, data applications and voice over IP (VOIP) have all provided fraudsters and hackers with new ways to get access to the network. The once secure world, of trusted operator members, is in danger of facing an onslaught of fraud and hacking. Many fear that the threat is of similar proportions to that suffered by the Internet community today.
Perhaps the biggest problem has developed from the convergence of SS7 with IP. This convergence is central to the development of a next generation network and as well as promising great potential, also brings significant threats. Many IP-SS7 gateways have been developed by new players in the market. Often their approach is based on commercial standard computer systems running flexible SS7 protocol stacks which lack robust SS7 security.
Of course hackers know IP very well indeed. Now that SS7 knowledge is also available to anyone, programming a PC to “speak SS7” requires relatively little effort. This means that hacker communities are now busy finding ways to gain network access. Sometimes their aim is purely to disrupt services “for fun”. Sometimes the intent is to defraud the network or its customers.
Some fraud specialists speculate that we may be less than a year away from a tidal wave of SS7 based fraud.
What can you do about it?
There are a number of responses that can be made. At a basic level, the NOC can look out for high levels of traffic and act to switch out the source when these are seen.
This is simple and direct. However the method often allows the fraudster to get a significant number of messages sent before the operator acts. It is also a somewhat “blunt instrument” that can deny service to innocent users as well as cutting out fraud. Fraudsters are also aware of this approach and may well decide to send a more measured pace of messages so as not to alarm the NOC and to avoid triggering a response.
Another approach is to use a screening system on the SMSC. Typically this will look at the origin of the message and match it up with the registered location of the subscriber. This works well and avoids targeting innocent users. However recently the fraudsters have started to adapt to this and now often send a fake “update location” request prior to sending fake SMS messages. This effectively makes the SMSC believe that the messages are from a genuine source.
The Evolved Intelligence approach goes further by looking out for fake update location request messages. An active network interface function then intervenes to eliminate the fake SMS message. The system is configurable to recognise the fraudsters “test” messages and let them go through. It will also create a log for forwarding to the police.
We are now observing to see what the fraudsters do next.
We want to be a preferred business enabler and business support partner throughout the region of Latin America and Caribbean, We help Telecom-and Technology companies and vendors from US, Europe and Asia, who are interested to expand their activities in new export markets, to analyze the markets and introduce them in this rapidly growing market place. TelecomAdvisors International S.A.counts on more than 15 years of experience in the Latam Telecom - and Technology Market.
No hay comentarios:
Publicar un comentario