
I Dialed a Wrong Number and Stumbled into International Phone Fraud - nols
http://www.theatlantic.com/technology/archive/2016/12/cuban-telephone-fraud/509006/?single_page=true
======
Guest98123
I have a related story. I was in North America, looking for an apartment in
Australia. At the time I'd buy phone cards for long distance calls, and they'd
always work fine.

So, I used the phone card, and tried to call someone about an apartment that
looked great. According to the advertisement, it was a woman that owned the
apartment and she had an extra bedroom she was renting. I called, and a man
answered. It went like this...

Him: Hello

Me: Hi, I was calling about your apartment for rent online.

// Dogs barking in the background fairly loudly.

Him: Sorry, what was your name?

Me: John Doe

Him: It's difficult to hear, could you hold on a moment?

Me: Sure

// He puts down the phone, and it sounds like he's taking the dogs outside or
to another room. In the background a TV is playing. I'm getting annoyed, but
he finally returns 4 or 5 minutes later.

Him: Are you still there?

Me: Yes

// A woman starts talking to him from inside the house.

Him: Sorry, just give me one more moment.

// He starts talking and arguing with her. I wait two minutes, then hang up.

After the call, I was frustrated. The apartment sounded great online, but what
a nightmare; dogs barking, people yelling at each other, and they wasted 10
minutes of my time. So, I moved on, and tried calling others. Sometimes I'd
get through to the person, sometimes I'd get errors about not being able to
reach the number. Fast forward a week, I changed my plans, and started looking
at apartments in another Australian city, hundreds of kilometers from the
first. I call for an apartment, and guess what I hear? That's right, the same
recording from above. Now, I was confused. I didn't even expect it was a
recording the first time. But, how was I getting the recording from a
completely different number, in a different city? I called back, because I was
getting curious at that point. To my surprise, someone answered the second
time, and it was actually the person from the advertisement I was trying to
call. It became obvious at that moment that someone in the middle was
hijacking calls, and trying to keep people on the line as long as possible.

~~~
ChristianBundy
Have you heard of the "It's Lenny" bot?

[https://www.reddit.com/r/itslenny/](https://www.reddit.com/r/itslenny/)

It's meant to keep telemarketers on the phone and waste their time, but it
sounds like someone was using something similar for international phone fraud.

~~~
Humdeee
Goldmine. I just listened to a call where Lenny put the telemarketer on hold
for a 2nd time to quiet his ducks. It's amazing how getting telemarketers to
repeat themselves for the fifth time to a bumbling old man really takes the
optimism out of their voice.

~~~
zeroer
> Lenny put the telemarketer on hold for a 2nd time to quiet his ducks

That's all of them (if the marketer stays on long enough).

------
wpietri
Long ago I did some contract coding for a company that processed donations via
credit card. To my amazement, we had to watch out for people trying to donate
small amounts to the Red Cross. Why? Because people with a list of possibly-
valid credit card numbers would use small donations to brand-name charities as
a way of validating credit cards.

It made me long for some sort of professional association that kept track of
naughty uses of technology. It's easy to think only about the happy path. But
there are all sorts of unsavory people out there: abusers, mobsters, thieves,
authoritarian governments. Once I know how they think, I can defend against
them. But keeping up with how they think has always been a challenge for me.

~~~
jasonkostempski
Should that have really been your concern? If every company that processes
cards has to be fraud detecting experts, then they CC system is totally
broken.

~~~
a3n
As Harry Tuttle said, "We're all in it together."
[https://www.youtube.com/watch?v=xlCPkmb6cuY](https://www.youtube.com/watch?v=xlCPkmb6cuY)

Which is why it pisses me off when a company deploys insecure software or
hardware, claiming that network security is the customer's responsibility.

So my home network should be reasonably secure, so that it doesn't become part
of a bot net. Which means that I have to, or should, become at least
knowledgeable enough to know what to buy, what to do, and what not to do.
Which means that my router vendor better step up and sell me something secure.

Is it the responsibility of end users to submit bug tickets? I think it is.

Is it the responsibility of end users, or the vendors receiving reports, to
publish discoveries of exploits in the wild? I think it is.

Is it the responsibility of a pedestrian who notices a skateboard on the
sidewalk to move it aside and upside down so no one does a splat fall? I think
it is.

We're all in it together.

~~~
Jarwain
I heard a neat definition of responsibility the other day: "If it is to be,
it's up to me"

------
MichaelGG
A real great scam recording is the following: A "maid"-sounding voice answers,
pretends to not understand for a second, then says "oh yeah I'll go get them".
In the background there's a TV and people talking. I've had it happen to me
twice, and it was effective on keeping me on the line, despite not having a TV
or the woman not sounding like anyone I know.

Margins in telecom can be super thin. Diverting, say, 1% of traffic to fake
answering could mean increasing profits by 10%. If the scammer doesn't go
overboard, users won't complain. They'll just say "the wires got crossed" and
redial.

------
djsumdog
The article mentions VoIP being the issue, but comments here show issues with
calling cards as well. It's not VoIP, it's trusting your service provider, the
destination service provider and everything in-between.

If you dial via a calling card, everything goes through their proxy before
being handed off.

I've run into problems with services like Telegram not accepting my Google
Voice number (my own real US number) and the recent NIST recommendations also
state not to use SMS as 2-factor verification (citing VoIP concerns).

We have TLS/LetsEncrypt/etc to verify we're talking to who we think we're
talking to on the Internet, but phone networks come from a previous era.

I worked for a telcom once in one country where if they no longer held a phone
number (it got ported to another network), we just send it to all the other
providers. The network that currently held the number would relay it and the
others dropped it. I actually wrote the job to actually compare the ported
number list and only forward to the right destination. Telecom is janky as
shit.

~~~
eric_h
> It's not VoIP

I'm not convinced that this is the case - I'd imagine there are a number of
calling cards that terminate a POTS line to a voip device in the US and then
VOIP out for vastly cheaper international calling.

~~~
falsedan
I used to work for a company which wrote & sold telco switch management
software. Mostly is was for automatically calculating the Least Cost Route,
given a list of carrier price sheets and rates for prefix bands.

We had a few local clients with slightly complicated setups, so we got to
implement some matching logic for Call Data Records. Their local end had three
switches attached to external trunks (to other carriers) and trunked to each
other, and a few digi-boxes which voiped to (say) Afghanistan (telcos always
use Afghanistan for examples, since it's the first country in the price
sheet).

They would list a cheap per-minute price to +93, accept incoming calls &
terminate them at the digi-box (closing the CDR & generating a revenue event).
The remote digi-box would then start a new outbound call (and CDR) from their
partner's facility and (hopefully) get to a subscriber line without going
through too many carriers.

The trick is (and we never asked or found out) is that most of the time the
remote digi-box is actually a carousel of SIM cards with unlimited local
calls. The carousel is used to automatically distribute the calls over the
SIMs to impede fraud detection by the mobile carrier.

These setups are pretty common & are called grey routes.

~~~
rsync
"The trick is (and we never asked or found out) is that most of the time the
remote digi-box is actually a carousel of SIM cards with unlimited local
calls. The carousel is used to automatically distribute the calls over the
SIMs to impede fraud detection by the mobile carrier."

I have seen this in action ... I was working late at night in our (rsync.net)
Zurich datacenter and there was a man who had a _very tall_ stack of SIM cards
that he was punching out and inserting into these long PCI cards ... I
couldn't _not_ ask him what he was doing.

He was a little cagey about it, but I got the general idea (thanks, Swiss
folks, for all speaking english!).

The thing I don't understand is, to whatever degree running all those cards
through a single SIM is a fraud alert, then I would think running all of those
calls through _a single tower_ would be an even bigger fraud alert. And yet,
that doesn't seem to be a problem.

~~~
metilda
Yeah, the thing is telecom and especially cellular fraud detection is often a
manual process when you get to that cell or tower level. Carrier backends are
not friendly toward it for the fraud detection employees, thus it rarely is
done.

Specifically in Switzerland and Germany, call termination costs are a great
deal higher, where I'm paying .0014min avg in North America, I am paying a few
multiples of that minimum in either country.

------
nwilkens
Last year I recorded a bunch of calls on a hacked pbx.. I wasn't expecting to
hear regular calls of folks who didn't even know they were being routed
through a hacked pbx system.

[https://www.mnxsolutions.com/security/i-accidentally-
recorde...](https://www.mnxsolutions.com/security/i-accidentally-recorded-
your-phone-calls.html)

~~~
TrueGeek
Thank you for this. I had no idea this was possible.

------
rm_-rf_slash
The problem with stopping fraud is that people generally do not fight fraud as
hard as fraudsters fight to keep their income.

~~~
wpietri
Definitely. There's also the same sort of issue with gazelles and cheetahs.
Both are fast, but for the cheetah to get its dinner, it only has to be faster
than the slowest gazelle. I'm sure some of the phone companies are reasonably
fraud-resistant, but securing a whole industry is harder.

~~~
bduerst
Well, in that case the companies just have to not be the slowest gazelle,
right? That doesn't seem like _much_ effort involved, so the problem is
probably in knowing what the other companies are doing so you're not the mark.

~~~
rm_-rf_slash
I think in this example the slowest gazelle is the sucker that has to pay
exorbitant international calling fees for a service they did not receive.

The companies themselves have little incentive to change things if it costs
them money to do so and there's limited downside for doing nothing.

------
acveilleux
The "free" phone conference service work in a somewhat similar way. There's a
fee charged for long distance call even in the US/Canada. The fee is low
enough that most people now get free long distance.

The free phone conference services are terminated at tiny little telcos that
charge a much higher than normal fee for a north american long distance and
the fee is split between the conference service operator and the telco (which
may or may not be the same.)

Some of these services cannot be dialed via some VOIP providers (like Google
Talk) for that reason.

~~~
Declanomous
>Some of these services cannot be dialed via some VOIP providers (like Google
Talk) for that reason.

I always knew this was the case, but I was never really bothered by it. Both
the law (see intercarrier compensation[1]) and the subsequent ban make sense.

However I've recently run it to a rash of people who I can't call because my
carrier and Google Voice block their numbers. Each of them has a Puerto Rican
area code. They are all cell phone numbers, they all live in Chicago like me,
but I can't call or text them because their phone number is Puerto Rican. It
doesn't make any sense, because Puerto Rico is a part of the United States, we
are both in the US, and we each ostensibly have US phone numbers.

[https://en.wikipedia.org/wiki/Telecommunications_Act_of_1996](https://en.wikipedia.org/wiki/Telecommunications_Act_of_1996)

~~~
SixSigma
> Puerto Rico is a part of the United States

PR is an unincorporated territory i.e. not part of the United States.

[https://en.wikipedia.org/wiki/Unincorporated_territories_of_...](https://en.wikipedia.org/wiki/Unincorporated_territories_of_the_United_States)

~~~
__derek__
That's a distinction without a difference for the purposes of the comment to
which you replied.

~~~
SixSigma
Not really. As it has its own administration and ergo telecoms system. It
makes as much sense as "the UK is part of the US"

~~~
emodendroket
Right, yeah, who could forget how the US has sovereignty over the UK? What a
nonsensical comparison.

------
z0r
When i was travelling in italy with a lycamobile sim card, i experienced what
i think is something like this - when i tried to call numbers i would often
get a busy signal or unavailable phone number message, but repeated attempts
after a wait would sometimes go through. It became apparent that not all was
on the level when i heard the real versions of those messages and figured out
that lycamobile (at least i assume it was them, who else can i blame here?)
was part of the time intentionally failing to allow calls to go through and
masking that action by making it seem like the telephone number was wrong or
unavailable. Often calls that did go through were dropped after 1 - 3
minutes... And that's just the worst part of the experience i had with them
(the most charitable interpretation of how far the service fell short of what
their website promised would be that they hire solely non-native english
writers for all their marketing copy, but i suspect they are actively
attempting to deceive prospective customers)

------
at-fates-hands
Interesting to note that Phreaking is still very much alive and kicking.

Most of the hackers I know gave up on Phreaking once hacking became popular in
their circles. To me, there will always be something more fascinating about
the telephone infrastructure.

~~~
razakel
>Interesting to note that Phreaking is still very much alive and kicking.

Any sites you'd suggest?

~~~
at-fates-hands
[http://www.oldskoolphreak.com/](http://www.oldskoolphreak.com/)

[https://www.hackcanada.com/homegrown/telecom/index.html](https://www.hackcanada.com/homegrown/telecom/index.html)

[https://www.hellboundhackers.org/forum/42-phreaking_0.html](https://www.hellboundhackers.org/forum/42-phreaking_0.html)

[http://null-byte.wonderhowto.com/how-to/phreak-basics-016101...](http://null-
byte.wonderhowto.com/how-to/phreak-basics-0161011/)

[http://web.textfiles.com/phreak/phreaking.txt](http://web.textfiles.com/phreak/phreaking.txt)

[http://www.aboutphone.info/lib/phreak/boxes-2.html](http://www.aboutphone.info/lib/phreak/boxes-2.html)

[http://www.textfiles.com/phreak/BOXES/](http://www.textfiles.com/phreak/BOXES/)

That should give you a good head start. . .

~~~
razakel
>That should give you a good head start. . .

I read all this as a kid... :)

------
ikeboy
Sounds like the solutions needs to be orders of magnitude larger fines than
the amount that would be gained. If each individual user is only losing $1-3,
they won't or can't fight it, and the company also won't in many cases. If the
minimum payout/fine for such a scam was, say, $100 per occurrence and that was
written into all the contracts, there'd be enough incentive at every stage for
companies to clean up their act.

~~~
a3n
> Sounds like the solutions needs to be orders of magnitude larger fines than
> the amount that would be gained.

With so many frauds and crimes, corporate death sentences should be available
for extreme, large or persistent cases.

~~~
hulahoof
A forced end to fraudulent business' would work wonders for the economy
(IANAE).

------
telesilla
A colleague had a $700 telco bill because of a scammer making calls to Cuba
via his PBX. He had never changed the default password. Hard lesson to learn.

------
chrischen
So is it _that easy_ to establish as a call operator? Considering how much
secure stuff we do over the phone, this seems highly insecure.

~~~
metilda
Yeah, lots of businesses will use greyroutes from "Freddy's Swiss SIM Bank"
cause it's 1 cent a minute versus 2.7 cents directly.

------
spraak
I still don't understand, how do the scammers actually get paid?

~~~
roymurdock
The scammers are the "last stop" telco carriers. They charge high, Cuban rates
to connect someone who thinks they are calling Cuba to a cheap/free recording.
They arbitrage the cost of playing a recording (0) against the cost of
actually connecting the customer to a party in Cuba (non 0).

These rates are passed up the carrier chain until they reach the caller's main
carrier. If international calls are covered in the caller's contract, the
carrier picks up the tab. If not, the caller is charged int'l rates for simply
listening to a recording.

There should be some way for the main carriers to identify and block these
shady "last stop" telcos but it seems as if they have no incentive to as they
are probably cheaper to partner with than reputable carriers, and the customer
ultimately pays the fee in one form or another.

------
OliverJones
FreeConferenceCall (dot) com has a version of this as their business model.

~~~
chipperyman573
What do they do?

------
hipaulshi
the end of the story just made me smile :)

~~~
MarkMc
Yes it was a clever ending. I wish I could write that well.

------
nashashmi
tl;dr This summarizes it perfectly.

    
    
      My phone call [to a disconnected number] never actually made it to Cuba. The fraudsters make money because the last carrier simply pretends that it connected to Cuba when it actually connected me to the audiobook recording. So it charges Cuban rates to the previous carrier, which charges the preceding carrier, which charges the preceding carrier, and the costs flow upstream to my telecom carrier. The fraudsters siphoning money from the telecommunications system could be anywhere in the world.

------
codewiz
lol: "Global capitalism abhors a vacuum."

~~~
bbcbasic
Shame that global capitalism doesn't abhor US dev salaries being double Aussie
or European ones. :-[

~~~
exolymph
Reason: place is still important to productivity.
[https://smile.amazon.com/Gated-City-Kindle-Single-
ebook/dp/B...](https://smile.amazon.com/Gated-City-Kindle-Single-
ebook/dp/B005KGATLO/)

~~~
bbcbasic
I doubt it is to do with productivity. More like supply and demand.

~~~
exolymph
Supply and demand aren't disconnected from productivity.

~~~
bbcbasic
Can you explain? High demand causes employees to be more productive?

~~~
emodendroket
I'm going to take a wild guess and say the relationship being posited is that
people are willing to pay more for more productive workers

~~~
bbcbasic
Yes thanks but I'm not seeing any interesting analysis here beyond the one
liners. Why are American employees more productive than in the countries.
Better education? Work ethic?

I don't think this is right. I think the compensation difference has more to
do with investor money, addressable market, culture etc.

~~~
emodendroket
If you go back up this thread you'll find the claim that location increases
productivity. If we accept that, and if we accept that people are willing to
pay more for higher productivity, well, presto, we've explained why US wages
should be higher.

~~~
bbcbasic
I don't accept the claim though. Oh nevermind!

~~~
emodendroket
That's fine, but you seemed confused about how the argument fit together
rather than interested in arguing about the claims it's built on.

