Slashdot Mirror
Telus Puts A Stop To 'Modem Hijacking'
TheIonix writes "Telus, a major telco in Canada, decided to block long distance direct-dialed calls to four countries to help reduce dial-up 'modem hijacking'. The article explains: 'When the [dial-up] user downloads [certain malware programs], the downloaded file accesses software on their computer and causes the modem to dial phone numbers in foreign countries, resulting in long distance charges.' 4 countries were targeted: Guinea-Bissau, Guyana, Nauru and Sao Tome. It is still possible to call to those countries with the operator assistance and the fees are waived. Now let's see if this nice idea will be followed by others."
Commonly, the way that these international calling scams work is that the monopoly carrier of the foriegn country charges obscenely high rates by most standards, and then the malware writer leases lines close to the point of entry so that the carrier doesn't have to do much work once the call enters their system. The malware writer is then given a piece of the international call toll for attracting the business.
In short, the phone companies in these developing nations are usually in on the scheme and profit just as much as the malware operators do from the increased call volume. They have no interest in stopping calls that way.
I wouldn't be opposed to giving such companies an international telecom death penality of simply not routing calls their way. If the only phone operator in a country can't properly keep scam artists out of their network, and furthermore aids such scam artists, that country really doesn't have much of a phone system to begin with... an electronic embargo might get the government there to get a clue.
Granted auto dialers to these countries will no longer function, but I suppose the loss of the one customer who regularly dials Guinea-Bissau, Guyana, Nauru and/or Sao Tome in Canada vs. the gazillions of mad people for bum phone bills weighs itself out. However let's see them try this with a bigger country having auto dial issues as well (Thailand, Vietnam and former Russian republics come to mind). A step in the right direction, but not hardly a full solution.
...in bed
Telus needed to do something, I know from experience that this is a serious problem. 16 dollars for some call to africa i never placed, I had no idea about this stuff, fortunately Linux is immune to these things. Here's an idea: Don't hook up the phone line to the computer unless you plan on going online. That way if one of those stupid dialers fire up, its evil plan will get foiled.
Why not just have a system that speaks some digits and waits for you to punch them back in for verification? I doubt this software is going to figure out the drivers for your voice modem and do speech recognition.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I'm glad Nigeria isn't being blocked, I have to contact Dr. Mbugo Mbongo to see how my wire transfer went.
Trolling is a art,
Operator: How may I direct your call?
Customer: Squeeechhllcshhsh
Operator: You want to be connected to Guinea-Bissau?
Customer: Squeeeeelch
Operator: One moment while I connect you.
See, it won't help. :)
I thought that any act by government restricting our freedom, no matter how benevolent their intent, was a bad thing.
Telus is a telco, not the government.
How bout they focus on educating the public about malware instead?
Have you ever tried educating the public about anything?
Remember last week, when CERT recommended MSIE users consider switching browsers, and MSIE usage fell to under 10%? It didn't happen quite that way, now did it?
Remember, this is the same public that buys RIAA music, believes they'll go to hell if they "sin", and trust voting machines because they're convenient.
E.g. who in their right mind accepts credit card orders from Romania, Russia or Indonesia when it is well known that the vast majority of those card numbers are stolen?
But I think that what is right now simply a major annoyance to on-line vendors and users (spam, phishing, etc.), will eventually backfire at the countries that are unable (or more likely do not care to) to control Internet fraud of various kind sas they become more and more blacklisted and left out of the Internet economy. This will eventually force their governments to pay attention to the issue. I bet already it is pretty frustrating to be an Internet user in one of such countries and know that most vendors on the internet will not accept any payment from you simply because of your country of origin...
Most of these international telecom LD companies use voip, and the gateway will negotiate to the right codec depending on whether its a data or voice call. Have the carrier detect whether its a voice call or data call and drop on the results.
Have you ever been to a turkish prison?
1) Telus is a publicly traded company, not a government agency
2) This does not restrict your freedom in any way. You can still call Nauru etc, just not without opeator assistance.
Problem with (commercially) building something designed to plug into the phone jack is that there's a lot of paperwork involved.
Such a device would be a very cool homebrew project, though. Just intercept the DTMF for "1" and a user-configurable series of digits (you could program the device either with a keypad on the device, or you could program the device with DTMF tones). Hold the dialed digits in a buffer. When the user finishes dialing the digits on the phone, the user presses the "dialout" button on the phoneblocker, and the buffered digits are dialed out. (Sorta like a cell phone - punch in digits, then click "OK" to dial)
Because a trojan dialer isn't going to have you around to press "dialout", no call ever gets made. Added bonus, you have a gadget that can log the numbers (and for real style points, add a clock chip and store time and date :) all outbound calls made from your number.
Of course, anyone smart enough to design it - or even just build it from a set of schematics and a bucket of spare parts - is unlikely to get pwn3d by a trojan pr0n dialer in the first place. But it'd be a fun weekend project or group exercise for a first year engineering course.
A consumer protest broke out about this in Denmark some time ago. The first IP adresses encountered when dialled in were in.....London. The operators charge the long distance call, but your phonecall actually never reaches the country of destination. The blocking described is now standard for all Danish telco's.
10 ?"Hello World" life was simple then
amazing. I never thought anything would do that on my toshiba laptop running linux. It was hard enough setting up any kind of dialling on the linmodem, if those scripts would have set up my modem for me and dialed a number, I would have gladly paid for it :)
...with the dialer company (the telco in the foreign country, that is) - otherwise the dialer company would not make any money! The only way that the scam can work is that the foreign telco passes on some of the call revenue to the dialer company. Having said that, in some countries the home telco should also be held responsible - for example, here in Ireland the monopoly telco has specifically put all of the 'dialer countries' into a special band, for which they charge 360c/min, *three times* what they charge for the next band down (122c for 'rest of Pacific Rim'). As such, they make substantially more than the dialer companies themselves out of these scams (which doesn't motivate them to fix the problem.)
I think generally it's not that the phone company is in cahoots with the dialer company, it's just that they don't bother to regulate it or their government hasn't passed laws officially banning the practice.
I can see the headline now: "Canada Invades Sao Tome, or will just as soon as they can locate it."
Telus is not doing this to protect its customers, it's doing it to protect is own bottom-line. I would imagine that the vast majority of people caught by the modem high jacking scam refuse to pay their bills. They call and complaint, Telus backs down, and it is stuck holding the bag.
This strategy ensures that Telus is never stuck again, plus, it gives them good PR because it appears that it is looking out for its customers. Yeah right.
If someone says he and his monkey have nothing to hide, they almost certainly do.
That's very stupid. They should go after your friend and people who make money from others. You can bet some poor sucker got paid $50 or less to write the dialer if they even got paid. Once it's made, you have it, just change the number it dials.
It's the telco's and the porn companies that need to be held accountable since they are the ones distributing and profiting from this computer hijacking. They could possibly face jail time for that if they are in the US. Not sure, but it seems there are stricter laws all the time.
Writing a dialer is pathetically easy. Even from a simple DOS prompt, one liner
echo "atdt 1-123-456-7890" > com1:
This is once step BELOW spammers in my opinion, and your using the same pathetic excuses they do. People shouldn't make it so easy to do. Spam at least is only for idiots. Your taking control of computers and waiting until people won't notice.
It's not email software or dialer software that is the problem. It's the scum who take these useful tools and use them to try to rip people off.
I apologize for posting anonymously, but I'm under non-disclosure on this. I work in the security department of a major long distance provider. Telus's blocks are a good try, but they won't stop the problem. They will put a small dent in it, though.
First of all, it's more than those four countries, although that's about half of the most common ones we've been seeing lately. At the very least, they should have added Diego Garcia, Tuvalu, and Tokelau to the list. But almost every really small, really poor country telco goes in for this kind of thing sooner or later, and at one point so did one of the UK telcos and (oddly enough) so did one of the Canadian telcos.
Do not assume that there has to be a modem on the other side. Your modem doesn't have to sync for you to get charged, it just has to stay dialed into that number long enough for the "first minute" charge to take effect.
The billers keep insisting that everybody who gets billed for these calls has agreed in advance to do so. At least some of them are lying about this. We have seen cases where we're absolutely sure that unlabeled trojans were to blame, including one that sets the user's computer to do so at least once a day for up to a couple of hours when they're not using it.
There are only two completely reliable defenses against this. The only completely reliable was is to never, ever, ever plug an analog phone line into your computer. (I had one customer insist that it couldn't have happened to them, they used broadband. But they had a fax modem card, and the dialer detected and used that.) That's not practical for most people, so instead call your local phone company and ask for a total block on directly dialed international calls. Most companies offer this as a free service. Also make absolutely sure, if you never intend to charge premium services to your phone bill, that you tell this to your local and long distance phone companies; having that note in the records on your account will help their security people know to block the calls more quickly when they get by and may, the first time, help you get the charges removed from your bill.
You can ask your long distance provider to block international directly dialed calls, too, but that'll only help if you get that block from every long distance provider in your country, and in the US that could take you weeks of research because there are so many. But if you're in the US and you don't block every long distance provider, all the dialer authors have to do is preface the modem string with 10-10 and the three-digit carrier code to temporarily switch your long distance provider. That's why it's going to be a lot more reliable if you do it through your local phone company, if they offer the blocking feature you need.
After you've blocked the feature, if you absolutely have to make a directly dialed international call, call your local company and your long distance company, remove the block, wait for it, make the call, and then call them back and restore the block.
US long distance companies aren't blocking whole countries for this because US law won't let them. Telcos are required to deliver every call that you want them to. This means that while we can temporarily stop your service until we can ask you "did you really want to make that call?," we can't pre-emptively stop you from calling poisonous numbers like this because we can't prove that nobody wants to call them. On the contrary, probably about 1 out of ever 20 customers that I speak to about this really did use the dialer on purpose and they intend to pay for the call. (About 3/4 of the callers, though, had it happen because somebody who didn't have their permission to charge long distance calls was sitting at the computer surfing porn or using paid gambling sites without the owner's knowledge. Frequently, it's their kids.)
My employer doesn't want me to tell you this because it is their opinion that every time we reveal anything about what we know about this scam (or any other),