Slashdot Mirror
Telus Puts A Stop To 'Modem Hijacking'
TheIonix writes "Telus, a major telco in Canada, decided to block long distance direct-dialed calls to four countries to help reduce dial-up 'modem hijacking'. The article explains: 'When the [dial-up] user downloads [certain malware programs], the downloaded file accesses software on their computer and causes the modem to dial phone numbers in foreign countries, resulting in long distance charges.' 4 countries were targeted: Guinea-Bissau, Guyana, Nauru and Sao Tome. It is still possible to call to those countries with the operator assistance and the fees are waived. Now let's see if this nice idea will be followed by others."
Why not just have a system that speaks some digits and waits for you to punch them back in for verification? I doubt this software is going to figure out the drivers for your voice modem and do speech recognition.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Just make people dial a PIN number in front of the number, instead of going through the operator? Thus most people will never care they can't call those countries and the ones that do can still do so without the operator (faxing must be a PITA!)
Or make people use calling cards for those countries?
I'd estimate that in the case of these smaller places, a majority of the phone calls they were getting from Telus were being disputed as illegitimate. Countries with larger populations would have more legit calls being made to it, and therefore it'd take many more problem calls to get to the same percentage ratio.
Yes, because the people responsible are the people running the foreign governments and phone companies.
It's not like it's some rogue criminal, you'd have to basically invade the country and overthrow the corrupt government if you wanted to stop them.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
For one, do you really think they were giving people refunds for these charges? Maybe Canada has some consumer protection laws or something, but from my dealings with scummy utility companies in the US, I know I'd pay every penny for a hijacked modem.
Then on top of that, this seems such a small fix. What happens when the new virus out sets it up to call, say, Russia or China. Can't exactly block those countries. Yes yes I didn't RTFA so I'm not sure if these countries have significance more than I know...
A friend of mine works for a porn billing company. A lot of their customers use dialers. They don't hit the US because there are too many laws concerning it, but you'd be suprised at how many countries (like Australia) where their business is really booming. It sucks. It shouldn't be happening. But he makes a killing on it.
To his credit, he doesn't write the dialers themselves. He just writes generalized billing systems for porn sites which are the ones putting dialers on people systems. Usually they wait until the wee-hours of the morning or during the day to make their calls so they can stay connected for a good 2-3 hours and really rack up the charges.
I wouldn't go after the phone companies so much as I would go after the dialer producers. I think generally it's not that the phone company is in cahoots with the dialer company, it's just that they don't bother to regulate it or their government hasn't passed laws officially banning the practice. Governments usually get off their rear and do that but it takes time. Besides, there are probably legitamate reasons for calling those countries such as talking to one's family.
How bout they focus on educating the public about malware instead?
It seems to me a dialog box generated by the OS when an application tries to access the serial port would go a long way towards preventing this. I mean, doesn't this whole scam rely on the modem dialing out without the user knowing?
People's desire to believe they are right is much stronger than their desire to be right.
Damn preview. The quote I meant was:
"Hi, I'm a Telus technician calling from [insert any number here]. Can you please place a test call to [wherever]?"
(see, cuz I used angle brackets instead of square, and didn't escape them...)
Problem with (commercially) building something designed to plug into the phone jack is that there's a lot of paperwork involved.
Such a device would be a very cool homebrew project, though. Just intercept the DTMF for "1" and a user-configurable series of digits (you could program the device either with a keypad on the device, or you could program the device with DTMF tones). Hold the dialed digits in a buffer. When the user finishes dialing the digits on the phone, the user presses the "dialout" button on the phoneblocker, and the buffered digits are dialed out. (Sorta like a cell phone - punch in digits, then click "OK" to dial)
Because a trojan dialer isn't going to have you around to press "dialout", no call ever gets made. Added bonus, you have a gadget that can log the numbers (and for real style points, add a clock chip and store time and date :) all outbound calls made from your number.
Of course, anyone smart enough to design it - or even just build it from a set of schematics and a bucket of spare parts - is unlikely to get pwn3d by a trojan pr0n dialer in the first place. But it'd be a fun weekend project or group exercise for a first year engineering course.
A consumer protest broke out about this in Denmark some time ago. The first IP adresses encountered when dialled in were in.....London. The operators charge the long distance call, but your phonecall actually never reaches the country of destination. The blocking described is now standard for all Danish telco's.
10 ?"Hello World" life was simple then
Still, a phone company somewhere has to be offering the billing service that these dialers are using to cash in. Either it's an interational call to a phone operator that's in on the scheme, or it's the local version of 1-900 area code or 976 exchange pay services.
There is one problem with that approach. It happens when people do plan to go online. They dial out thinking they are paying for the local rate number to their ISP (possibly at $0 per minute) and the dialer intercepts it and dials the $16/m premium rate number.
...with the dialer company (the telco in the foreign country, that is) - otherwise the dialer company would not make any money! The only way that the scam can work is that the foreign telco passes on some of the call revenue to the dialer company. Having said that, in some countries the home telco should also be held responsible - for example, here in Ireland the monopoly telco has specifically put all of the 'dialer countries' into a special band, for which they charge 360c/min, *three times* what they charge for the next band down (122c for 'rest of Pacific Rim'). As such, they make substantially more than the dialer companies themselves out of these scams (which doesn't motivate them to fix the problem.)
I think generally it's not that the phone company is in cahoots with the dialer company, it's just that they don't bother to regulate it or their government hasn't passed laws officially banning the practice.
If I ever found a third world country, I'll have to keep this in mind. Great way to pad the ol' treasury, eh? ;-)
Seriously though, what would happen if you simply refused to pay the charges? i.e. Work with your phone company so that you pay them their side of the line, then simply refuse to cough up the cash to the foreign carrier. Attempts at prosecution would have to be through your home country's legal system, which may have laws regarding fraudulent debts.
Javascript + Nintendo DSi = DSiCade
According the to end of this story, British Telecom are going to start doing the same thing too.
Better solution:
voice conversations are very very tolerant of small disruptions while data is not. So just introduce random noise once at the beggining (to interrupt the initial handshake) and once every minute of so. a small change in pitch and modulation 1/2 second out of a minute won't affect voice calls very much but data lines won't take it too well.
Not that many people place Long distance data calls on land lines. Some geek BBS'ers but their pretty rare in this age of telenet. So there'd be very very little disruption of normal service.
"There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy."
At most one of these Nauru remains a government monopoly. Two of them, Sao Tome and Guinea-Bissua are owned in part Portugal Telecom which seems to be a former Telecom monopoly, now privately owned. The other, Guyana is a majority owned by ATN, an American company.
So it seems it isn't 'the corrupt third world governments' behind this 'problem'.
Woe be on to them, all who rise against poor people, shall perish in a the end. Buju Banton
I apologize for posting anonymously, but I'm under non-disclosure on this. I work in the security department of a major long distance provider. Telus's blocks are a good try, but they won't stop the problem. They will put a small dent in it, though.
First of all, it's more than those four countries, although that's about half of the most common ones we've been seeing lately. At the very least, they should have added Diego Garcia, Tuvalu, and Tokelau to the list. But almost every really small, really poor country telco goes in for this kind of thing sooner or later, and at one point so did one of the UK telcos and (oddly enough) so did one of the Canadian telcos.
Do not assume that there has to be a modem on the other side. Your modem doesn't have to sync for you to get charged, it just has to stay dialed into that number long enough for the "first minute" charge to take effect.
The billers keep insisting that everybody who gets billed for these calls has agreed in advance to do so. At least some of them are lying about this. We have seen cases where we're absolutely sure that unlabeled trojans were to blame, including one that sets the user's computer to do so at least once a day for up to a couple of hours when they're not using it.
There are only two completely reliable defenses against this. The only completely reliable was is to never, ever, ever plug an analog phone line into your computer. (I had one customer insist that it couldn't have happened to them, they used broadband. But they had a fax modem card, and the dialer detected and used that.) That's not practical for most people, so instead call your local phone company and ask for a total block on directly dialed international calls. Most companies offer this as a free service. Also make absolutely sure, if you never intend to charge premium services to your phone bill, that you tell this to your local and long distance phone companies; having that note in the records on your account will help their security people know to block the calls more quickly when they get by and may, the first time, help you get the charges removed from your bill.
You can ask your long distance provider to block international directly dialed calls, too, but that'll only help if you get that block from every long distance provider in your country, and in the US that could take you weeks of research because there are so many. But if you're in the US and you don't block every long distance provider, all the dialer authors have to do is preface the modem string with 10-10 and the three-digit carrier code to temporarily switch your long distance provider. That's why it's going to be a lot more reliable if you do it through your local phone company, if they offer the blocking feature you need.
After you've blocked the feature, if you absolutely have to make a directly dialed international call, call your local company and your long distance company, remove the block, wait for it, make the call, and then call them back and restore the block.
US long distance companies aren't blocking whole countries for this because US law won't let them. Telcos are required to deliver every call that you want them to. This means that while we can temporarily stop your service until we can ask you "did you really want to make that call?," we can't pre-emptively stop you from calling poisonous numbers like this because we can't prove that nobody wants to call them. On the contrary, probably about 1 out of ever 20 customers that I speak to about this really did use the dialer on purpose and they intend to pay for the call. (About 3/4 of the callers, though, had it happen because somebody who didn't have their permission to charge long distance calls was sitting at the computer surfing porn or using paid gambling sites without the owner's knowledge. Frequently, it's their kids.)
My employer doesn't want me to tell you this because it is their opinion that every time we reveal anything about what we know about this scam (or any other),
The problem with going after the producers and distributors of the dialer software is that it ends up being whack-a-mole. Any scam artist worth their salt is perfectly capable of shutting down one scam under legal pressure and opening a new one. Going after the telcos is much easier, even if the dialer agents are more culpable.
In New Zealand this problem was recently on primetime TV. In response, one of our tollcall providers has implemented a change where a confirmation message is played upon dialing a certain few countries, and the caller has to press a key in response. This is simple enough to implement and would be pretty affective. Porn-Dialers would have to be a little more clever to get around this.