AusCERT 2018 – Hunting fraud in telecom networks

We don’t often think about how our mobile phone calls are rated between countries. But understanding how that happens is something carriers and telecommunications services think about constantly. And it turns out criminals also think about this. 

Vladimir Wolstencroft, the head of security research at Twilio, has looked at this closely and has found a new type of crime, called “interconnect bypass” is being used to defraud telecommunications providers of funds and to potentially capture our personal call and SMS data. 

This happens using a device called a SIM box. This is a GSM gateway that can hold SIM cards and has a HTTP interface as well as antennae. It can be used to defraud telecom providers by capturing calls and redirecting them over the public internet rather than carrier networks, to capture data from mobile phone users or to compromise PBX systems.

Wolstencroft spent a significant portion of his presentation on the second day of the AusCERT 2018 conference talking about interconnect bypass fraud.

One of the ways telecommunications networks derive profit is through termination fees they charge each other. When a call goes from one country to another, the country receiving the call, charges the sender a fee. Interconnect bypass fraud uses SIM boxes to traverse private cloud networks to bridge the calls between countries rather than the carrier network where the fees are charged. Wolstencroft said this fraud, sometimes called “grey routes” is the second biggest type of telecommunications fraud and costs the industry about $6B per year.