Slashdot Mirror

← Back to Stories (view on slashdot.org)

Telus Puts A Stop To 'Modem Hijacking'

Posted by simoniker on from the relatives-in-sao-tome-most-upset dept.

TheIonix writes "Telus, a major telco in Canada, decided to block long distance direct-dialed calls to four countries to help reduce dial-up 'modem hijacking'. The article explains: 'When the [dial-up] user downloads [certain malware programs], the downloaded file accesses software on their computer and causes the modem to dial phone numbers in foreign countries, resulting in long distance charges.' 4 countries were targeted: Guinea-Bissau, Guyana, Nauru and Sao Tome. It is still possible to call to those countries with the operator assistance and the fees are waived. Now let's see if this nice idea will be followed by others."

9 of 293 comments (clear)

  1. Lesser of 2 evils I suppose by tekiegreg · · Score: 5, Insightful

    Granted auto dialers to these countries will no longer function, but I suppose the loss of the one customer who regularly dials Guinea-Bissau, Guyana, Nauru and/or Sao Tome in Canada vs. the gazillions of mad people for bum phone bills weighs itself out. However let's see them try this with a bigger country having auto dial issues as well (Thailand, Vietnam and former Russian republics come to mind). A step in the right direction, but not hardly a full solution.

    --
    ...in bed
  2. Another idea by drinkypoo · · Score: 5, Interesting

    Why not just have a system that speaks some digits and waits for you to punch them back in for verification? I doubt this software is going to figure out the drivers for your voice modem and do speech recognition.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  3. Phew by grub · · Score: 5, Funny


    I'm glad Nigeria isn't being blocked, I have to contact Dr. Mbugo Mbongo to see how my wire transfer went.

    --
    Trolling is a art,
  4. Operator Assisted Modems by Bastian227 · · Score: 5, Funny
    It is still possible to call to those countries with the operator assistance.

    Operator: How may I direct your call?
    Customer: Squeeechhllcshhsh
    Operator: You want to be connected to Guinea-Bissau?
    Customer: Squeeeeelch
    Operator: One moment while I connect you.

    See, it won't help. :)

  5. Re:This is good by grub · · Score: 5, Informative


    Here's an idea: Don't hook up the phone line to the computer unless you plan on going online

    Here's a better idea: download Spybot Search & Destroy and run it. Keep your system patched. Run AV software. Don't run unkown binaries (read:"crap off Kazaa")

    --
    Trolling is a art,
  6. Re:When phone monopolies go corrupt... by Bellyflop · · Score: 5, Interesting

    A friend of mine works for a porn billing company. A lot of their customers use dialers. They don't hit the US because there are too many laws concerning it, but you'd be suprised at how many countries (like Australia) where their business is really booming. It sucks. It shouldn't be happening. But he makes a killing on it.

    To his credit, he doesn't write the dialers themselves. He just writes generalized billing systems for porn sites which are the ones putting dialers on people systems. Usually they wait until the wee-hours of the morning or during the day to make their calls so they can stay connected for a good 2-3 hours and really rack up the charges.

    I wouldn't go after the phone companies so much as I would go after the dialer producers. I think generally it's not that the phone company is in cahoots with the dialer company, it's just that they don't bother to regulate it or their government hasn't passed laws officially banning the practice. Governments usually get off their rear and do that but it takes time. Besides, there are probably legitamate reasons for calling those countries such as talking to one's family.

  7. Internet credibility of a country by gtrubetskoy · · Score: 5, Insightful
    I think we are seeing an interesting trend where some countries are earning a bad reputation on the Internet, which will ultimately affect their economies and ability to participate in international trade.

    E.g. who in their right mind accepts credit card orders from Romania, Russia or Indonesia when it is well known that the vast majority of those card numbers are stolen?

    But I think that what is right now simply a major annoyance to on-line vendors and users (spam, phishing, etc.), will eventually backfire at the countries that are unable (or more likely do not care to) to control Internet fraud of various kind sas they become more and more blacklisted and left out of the Internet economy. This will eventually force their governments to pay attention to the issue. I bet already it is pretty frustrating to be an Internet user in one of such countries and know that most vendors on the internet will not accept any payment from you simply because of your country of origin...

  8. Where can I get this autodialler script for linux? by dogsbestfriend · · Score: 5, Funny

    amazing. I never thought anything would do that on my toshiba laptop running linux. It was hard enough setting up any kind of dialling on the linmodem, if those scripts would have set up my modem for me and dialed a number, I would have gladly paid for it :)

  9. Telco Security Insider View by Anonymous Coward · · Score: 5, Interesting

    I apologize for posting anonymously, but I'm under non-disclosure on this. I work in the security department of a major long distance provider. Telus's blocks are a good try, but they won't stop the problem. They will put a small dent in it, though.

    First of all, it's more than those four countries, although that's about half of the most common ones we've been seeing lately. At the very least, they should have added Diego Garcia, Tuvalu, and Tokelau to the list. But almost every really small, really poor country telco goes in for this kind of thing sooner or later, and at one point so did one of the UK telcos and (oddly enough) so did one of the Canadian telcos.

    Do not assume that there has to be a modem on the other side. Your modem doesn't have to sync for you to get charged, it just has to stay dialed into that number long enough for the "first minute" charge to take effect.

    The billers keep insisting that everybody who gets billed for these calls has agreed in advance to do so. At least some of them are lying about this. We have seen cases where we're absolutely sure that unlabeled trojans were to blame, including one that sets the user's computer to do so at least once a day for up to a couple of hours when they're not using it.

    There are only two completely reliable defenses against this. The only completely reliable was is to never, ever, ever plug an analog phone line into your computer. (I had one customer insist that it couldn't have happened to them, they used broadband. But they had a fax modem card, and the dialer detected and used that.) That's not practical for most people, so instead call your local phone company and ask for a total block on directly dialed international calls. Most companies offer this as a free service. Also make absolutely sure, if you never intend to charge premium services to your phone bill, that you tell this to your local and long distance phone companies; having that note in the records on your account will help their security people know to block the calls more quickly when they get by and may, the first time, help you get the charges removed from your bill.

    You can ask your long distance provider to block international directly dialed calls, too, but that'll only help if you get that block from every long distance provider in your country, and in the US that could take you weeks of research because there are so many. But if you're in the US and you don't block every long distance provider, all the dialer authors have to do is preface the modem string with 10-10 and the three-digit carrier code to temporarily switch your long distance provider. That's why it's going to be a lot more reliable if you do it through your local phone company, if they offer the blocking feature you need.

    After you've blocked the feature, if you absolutely have to make a directly dialed international call, call your local company and your long distance company, remove the block, wait for it, make the call, and then call them back and restore the block.

    US long distance companies aren't blocking whole countries for this because US law won't let them. Telcos are required to deliver every call that you want them to. This means that while we can temporarily stop your service until we can ask you "did you really want to make that call?," we can't pre-emptively stop you from calling poisonous numbers like this because we can't prove that nobody wants to call them. On the contrary, probably about 1 out of ever 20 customers that I speak to about this really did use the dialer on purpose and they intend to pay for the call. (About 3/4 of the callers, though, had it happen because somebody who didn't have their permission to charge long distance calls was sitting at the computer surfing porn or using paid gambling sites without the owner's knowledge. Frequently, it's their kids.)

    My employer doesn't want me to tell you this because it is their opinion that every time we reveal anything about what we know about this scam (or any other),