Transactions and customer interactions flowing through your contact center and other customer support lines are the financial lifeblood of your enterprise. Unfortunately, security threats such as Telephony Denial of Service (TDoS) attacks and fraudulent social engineering schemes are dramatically increasing and becoming more difficult to detect and prevent. These and other threatening, negative value calls are having a significant, operational impact on many financial, heath care, retail, emergency response, and other organizations across North America.

1. Keeping Denial of Service and
Financial Fraud Out of Your
Contact Center
Mark Collier, Chief Technology Officer
SecureLogix Corporation

2. About SecureLogix
SecureLogix:
•UC security and management solution company
•Security solutions for UC and TDM
•Solutions integrated on Cisco ISR/ASRs
•www.securelogix.com
Mark Collier:
•Author of Hacking Exposed: UC and VoIP
•Author of many SIP/RTP attack tools
•Conducted many security assessments
•www.voipsecurityblog.com
•markcollier46 on twitter and Google+
SecureLogix

3. State of Security Report
http://www.securelogix.com/sos/
SecureLogix

4. UC Security Overview
SecureLogix

5. Negative Value Calls
SecureLogix

6. Low/High/No Value/Negative Value Calls
SecureLogix

7. Example Impact/ROI
Revenue: $30BN (Annual)
Employees: 30,000
Call Count: 9,750,000
Cost per Call: $3.00
Negative Value Calls: 477,750 (5%)
Customer LLR: $62.15
------------------------------------------------------
NVC Cost: $1,433,250
Lost Revenue: $4,500,000
Efficiency Impact: $5,593,500
------------------------------------------------------
Total Annual Loss: $11,526,750
SecureLogix

8. Telephony Denial of Service (TDoS)
for fraud, extortion, and disruption
SecureLogix

9. TDoS Bulletins from DHS and FBI
2013 Public TDoS & Voice Attack
Warnings Issued by:
•DHS – Department of Homeland Security
• Initial Alert in March 2013
• Latest TDoS Alert issued from DHS
on Oct 17, 2013
•FBI – Federal Bureau of Investigations
• Private Industry Notification on
TDoS – July 2, 2014
• Call Pumping Alert - Oct 25, 2013
• Original announcement – May,
2010
•NENA 911 – National Emergency Number
Assoc.
•APCO International – Assoc. of Public-
Safety Communications Officials
•Several U.S. state agencies
SecureLogix

10. TDoS Taxonomy
SecureLogix

11. Call Pumping
SecureLogix

12. Call Pumping Example
SecureLogix

13. Manually Generated TDoS
SecureLogix

14. Social Networking TDoS
SecureLogix

15. Social Networking TDoS – Examples
SecureLogix

16. Simple Automated TDoS
SecureLogix

17. Simple Automated TDoS Example
SecureLogix

18. Complex Automated TDoS
SecureLogix

19. Complex Automated TDoS – Turnkey
Tool
SecureLogix

20. Distributed/Complex Automated
TDoS
SecureLogix

21. Financial Fraud
SecureLogix

22. Financial Fraud/Social Engineering
SecureLogix

23. Financial Fraud
• An issue for all enterprises with financial contact centers
• Attackers take over individual’s accounts (ATO)
• A growing threat – arguably easier than Internet/mobile
• Typical targets are consumer accounts - credit, debit, HELC
• Knowledge Based Authentication (KBA) is ineffective
• Attackers know limits and corresponding authentication
SecureLogix

24. Financial Fraud
• Attackers use anonymous numbers and burner phones
• Spoofing the number is also common
• Attackers disguise their voice, use distortion/noise
• Easy to get PI via the Internet, phishing, black market, etc.
• Attackers can also get PI through the IVR
• Attackers may also intercept verification calls
• It usually takes multiple calls to get the money
SecureLogix

25. Solutions
SecureLogix

26. SecureLogix Solution
SecureLogix

27. System Architecture - SIP
Service
Provider
SIP Trunk
CUBENetwork Tap
ENUM
Request
Request
ENUM
Appliance
SIP/RTP
Probe
Web Interface
System Console
Managed Service
Reports
Dashboards
Mediation/
Management
Database
Server
Cache/Audio
Processor
IP PBX/IVR/CC
SecureLogix

28. System Architecture – TDM or SIP
SecureLogix

29. Call Risk Scoring and Filtering
SecureLogix

30. Policy Hub
SecureLogix

31. Questions?
?
SecureLogix

32. Thank-you for participating
Questions/Comments
Mark Collier, CTO, SecureLogix
Mark.collier@securelogix.com
Joe Gerard, Vice President Marketing and Sales, i-Sight
j.gerard@i-sight.com
SecureLogix