In the early days of the internet, access to websites was conducted by "dial-up" modems. Billions of people worldwide found themselves silently disconnected from a local telephone number to an expensive Premium Rate number, and the call was also bounced around the world. The victims were members of the public who were supposed to be protected by Regulation, but instead were forced to pay huge phone bills. Of course, the law was always late to catch on and most of these early "white collar crimes2 were never prosecuted (at least not in the UK). This presentation was originally put forward at the European Telephone Network Operators Fraud Working Group by its President Luis, who was the only guy with the knowledge and contacts to trace all the way back to the source Lee Jones. No one questions how you made your money so long as you have enough to splash around and today Lee is still in business with his own private investment company(http://www.creditas.com) and telco (see http://www.neutrinonetworks.co.uk), having sold his original businesses Wire9 and Cloud9 back in 2008.
4. 4
Definitions
‘Internet dumping’ or ‘modem hijacking’ is
what occurs when the telephone line that
connects your computer to the Internet is
disconnected and then reconnected to a new
telephone number without your full knowledge or
consent. The new number, generally an
international one, has a high call charge rate.
Source: Australian Communications Authority
13. 13
How does it work?
• Internet dumping can occur when you access
certain Internet websites. A very small program
known as a dialer is downloaded onto your
computer from these websites and installed
often using the ActiveX technology.
• Dialers are frequently linked with pornographic
websites, but are sometimes found on gambling,
games and music sites.
• Sometimes in common words the dialer can be
seen like a trojan horse.
Source: Australian Communications Authority
14. 14
Definitions
ActiveX is a Microsoft technology that
allows Internet applications that are more
powerful than simple scripts.
Source: Australian Communications Authority
15. 15
How are dialers installed and run?
• When you click on an icon or button on a web page you
may download a dialer.
• Unscrupulous sites provide little warning that you will
have to pay a higher call charge if you agree to
download the Internet dialer to access the website.
• Some dialers can re-dial and connect your computer at a
high call charge rate automatically, and some even mute
the dialing noises your modem makes through your
computer speakers to hide the fact that the modem is
dialing.
Source: Australian Communications Authority
16. 16
Is it legal?
The provision of pay-per-view content via
a website utilizing dialer software is legal
as long as the site gives adequate warning
that charges may be incurred upon
entering the website, and as long as the
software is configured to ensure that the
premium rate services are disconnected at
the end of the Internet user’s session.
Source: Australian Communications Authority
17. 17
Internet dialers aren’t all bad
Internet dialers also allow you to pay for
certain services over the Internet using
your telephone account rather than a
credit card, for example, downloading ring
tones or call-back services for travelers.
This payment service can be useful
provided it is done with your knowledge
and consent. Some dialers can be used as
a SECURITY ADD ON on dialing-up
access.
Source: Australian Communications Authority
18. 18
‘Good’ and ‘Bad’ dialers
• We consider as ‘good’ dialers those which
warns you that you will dial an
international telephone number with high
charge.
• On the contrary ‘bad’ are the dialers that
don’t provide any warning you will dial an
international telephone call and this dial-up
connection is established automatically.
21. 21
‘Good’ dialers
You must be eighteen (18) years of age or older to use this service. You are acknowledging
that you are eighteen (18) years of age or older if you continue to use this software. BY
USING THIS SOFTWARE, YOU WILL DIAL AN INTERNATIONAL TELEPHONE NUMBER
FOR WHICH INTERNATIONAL LONG DISTANCE CHARGES APPLY (SEE DETAILS
BELOW).
By choosing this Dialer as a payment method for this content, you will download our
proprietary software to your computer's hard drive.
Once connected, you will establish an connection with a remote server outside of your
country. Your modem will disconnect from your Internet Service Provider and dial an
INTERNATIONAL TELEPHONE NUMBER to Cook Island. An INTERNATIONAL LONG
DISTANCE call to Cook Island will appear on your phone bill. Rates are subject to change,
check with your local carrier for exact rates. Your phone bill will reflect charges on a per minute
basis (rounded up to the next whole minute) for the cost of the call. You can terminate our
service by one of the following procedures:
1. You can terminate the connection by selecting the modem symbol located on the lower
right side of Windows 95/98 tool bar, then by clicking on the "Disconnect" button, or Clicking on
the Pay Dial application icon at the lower portion of Windows 95/98 tool bar. When the
message box shows up, click "Yes" to disconnect the service.
2. You can connect to this service for the maximum of thirty (30) minutes. Pay Dial software
will automatically terminate this service after thirty (30) minutes;
You may use this service only if you are the line subscriber or are authorized by the line
subscriber to incur charges on the phone bill.
22. 22
SOME Risky Destinations
Destination Code
Central African Rep. +236
São Tomé and Principe +239
Diego Garcia +246
Comoros +269
Austria +43
Norfolk Island +672
Nauru +674
Papua/N. Guinea +675
Solomon Islands +677
Vanuatu +678
Wallis and Fortuna +681
Cook Island +682
Kiribati +686
Tuvalu +688
French Polynesia +689
Tokelau +690
ALL DESTINATIONS
WITH HIGH
TERMINATION
RATE
(e.g. EMSAT and
ANTARCTICA
NETWORK or IRS on
GSM networks)
52. 52
ANOTHER CASE to GSM
PTC noted several calls to KPN mobile numbers done
with WEB diallers
+31 620675560
+31 620985172
+31 612203785
+31 622834749
After some discussion with portuguese customers
dialling that numbers, a situation of Internet dumping
was found, and numbers were blocked.
Due to the fast action the numbers of minutes involved
was about 250
This numbers matched with a information reported by
Maltacom
53. 53
Maltacom also reported the Internet dumping
situation to that numbers and to the following
ones:
+31 623 079882
+31 613 269348
+31 613 179137
+31 613 262607
Maltacom also decided to block such numbers. In
these case the numbers of minutes involved were
about 197.47 hours
54. 54
Maltacom and PTC started an investigation based
on the practices presented during previous meetingsc
So the diallers were installed in a test PC
And the results were :
59. 59
WHOIS information for valuedcontents.com:
Registrant:
Marco Casali (VALUEDCONTENTS-COM-DOM)
via De Gasperi Roma, nn 66023 italy 0670623431
info@7adpower.com
Domain Name: VALUEDCONTENTS.COM
Administrative Contact: Marco Casali info@7adpower.com
via De Gasperi Roma, nn 66023 italy 0670623431
Technical Contact, Zone Contact:
Marco Casali info@7adpower.com
via De Gasperi Roma, nn 66023 italy 0670623431
69. 69
Who can become a victim?
Virtually any household can become
a victim to these malicious dialers.
70. 70
ITU/QSDG
Xi’an Meeting, May 2005
1. Document titled ‘Information concerning the use of 882 13 numbers’
(COM2-D173-E) a Swisscom contribution was presented.
2. It is recommended that operators should prepare their fraud staff to
the new situations as web dialers. This needs to be done involving
CRM staff as well.
3. It was concluded that operators should not do a global block of a
destination when trying to fight web diallers fraud. It if happens then it
should be considered as a commercial decision and not related with fraud
aspect. It is clear that this type of traffic could increase outgoing traffic and
some operators may wish to reduce their out-payments. However such
decisions are not related with fraud. Concerning fraud aspect only
rogue diallers should be blocked.
71. 71
ETNO
It is recommended that concerning fraud aspect only rogue
diallers, mainly those producing Internet dumping and/or
modem hijacking, should be blocked. This requires a proper
investigation to gather proof of the rogue dialler (e.g. the
dialer programme).
It is also recommended that operators should prepare their
fraud staff to the new situations as web diallers and possible
rogue dialers. This needs to be done involving CRM staff as
well.
It is also recommended that clear position be taken within
each organization (operator) in order to allow a common
understanding by all areas of the organization on how to deal
with internet dumping fraud and associated activities.