Where is my money or fraud in cellular networks
Surely, many of you had a question that was put in the first part of the title of this article. Indeed, it is often difficult to keep track of costs, especially if there are a lot of telephone conversations. However, these expenses may not always be paid with your knowledge.
So, you are interested in, where the money recently deposited to the account went, ordered the call detailing from your mobile operator and saw something like this in it:
You are trying to remember if you are familiar with the number of details and come to the conclusion that, perhaps, you see it for the first time. This is a typical fraud case of high-tech fraud.
As can be seen from the detailing, at certain intervals, a gprs-session occurs from the subscriber number, and then sending an SMS to a foreign number. The eternal question of the Russian intelligentsia arises: what to do? The only answer is: write a statement to the security department of your mobile operator. He is obliged to conduct an internal investigation and by its results give an opinion. Possible reasons for this, except for the deliberate actions of the subscriber (Everybody lies © House MD):
1. Clone of the subscriber's SIM card.
2. Java-virus caught in the vast global network.
3. Fraud nearest subscriber environment.
Based on what can such conclusions be made? I hope you can guess that the cellular operator has much more information about the subscriber’s conversations than is provided to him in detail? In particular, the carrier for a particular call has records not only of the source and destination phone numbers, but also the IMEI of the source phone and, most importantly, the IMSI of its SIM card. Comparing the IMSI parameter with the reference, i.e. those that are registered to the subscriber, the operator can conclude that the subscriber was involved in making the call. In other words, check if the subscriber’s sim card has not been cloned. On Habré there was already a wonderful article devoted to sim-cards, therefore, according to "Occam's razor" I will not dwell on the technological side of the issue. I will only make a reservation that they clone old SIM cards with a vulnerability in the old version of the A8 algorithm (COMP128-1).
So, if the investigation has established the fact of cloning, the carrier will block the IMSI clone, possibly compensating you for the costs. (Automatic blocking does not occur for a simple reason: several IMSIs can be tied to one number, for example, you deliberately made a clone of a SIM card for the phone and the on-board computer of your car). Naturally, in the case of cloning you will be offered to replace the sim-card with a more modern one.
If the fact of cloning is not established, the operator does not compensate the costs - there is no formal reason for this. All actions are performed from your device, the operator has rendered you a service and has the right to charge for it. It remains for you to find out who spent your money.
You can remove the Java virus by installing the appropriate software on your phone or by sending the device to a service center for a flashing. (The variant with the java-virus in this particular case was not confirmed, the subscriber's device did not support Java).
The situation is more complicated if there is a suspicion of the closest surrounding of the subscriber. Alas, the story knows examples of calls to paid numbers by the beloved grandson from the grandmother’s phone, and the dishonesty of colleagues paying for sms-sending horoscopes from the victim’s phone. The powers of the telecoms operator end in issuing an opinion on the results of the investigation. After that, the victim should contact the Office of Special Technical Activities (TSM) of the Ministry of Internal Affairs at the place of residence.
So, to conclude this article, we can formulate several security rules in cellular networks, which are obvious, but often forgotten:
1. Do not leave your phone unattended. This advice concerns not only its security, but also the security of your data.
2. Many mobile operators offer the function of managing communication services over the Internet. Do not use it in an Internet cafe or at work - it is highly likely that your confidential information may become available to a third party.
3. Get the rule to control your expenses. For smartphones there are software products that allow you to keep a history of expenses, which will greatly facilitate your life.
PS I did not understand the reason for the transfer of the article from "Information Security" to "I resent." Dear Habr will explain?
So, you are interested in, where the money recently deposited to the account went, ordered the call detailing from your mobile operator and saw something like this in it:
You are trying to remember if you are familiar with the number of details and come to the conclusion that, perhaps, you see it for the first time. This is a typical fraud case of high-tech fraud.
As can be seen from the detailing, at certain intervals, a gprs-session occurs from the subscriber number, and then sending an SMS to a foreign number. The eternal question of the Russian intelligentsia arises: what to do? The only answer is: write a statement to the security department of your mobile operator. He is obliged to conduct an internal investigation and by its results give an opinion. Possible reasons for this, except for the deliberate actions of the subscriber (Everybody lies © House MD):
1. Clone of the subscriber's SIM card.
2. Java-virus caught in the vast global network.
3. Fraud nearest subscriber environment.
Based on what can such conclusions be made? I hope you can guess that the cellular operator has much more information about the subscriber’s conversations than is provided to him in detail? In particular, the carrier for a particular call has records not only of the source and destination phone numbers, but also the IMEI of the source phone and, most importantly, the IMSI of its SIM card. Comparing the IMSI parameter with the reference, i.e. those that are registered to the subscriber, the operator can conclude that the subscriber was involved in making the call. In other words, check if the subscriber’s sim card has not been cloned. On Habré there was already a wonderful article devoted to sim-cards, therefore, according to "Occam's razor" I will not dwell on the technological side of the issue. I will only make a reservation that they clone old SIM cards with a vulnerability in the old version of the A8 algorithm (COMP128-1).
So, if the investigation has established the fact of cloning, the carrier will block the IMSI clone, possibly compensating you for the costs. (Automatic blocking does not occur for a simple reason: several IMSIs can be tied to one number, for example, you deliberately made a clone of a SIM card for the phone and the on-board computer of your car). Naturally, in the case of cloning you will be offered to replace the sim-card with a more modern one.
If the fact of cloning is not established, the operator does not compensate the costs - there is no formal reason for this. All actions are performed from your device, the operator has rendered you a service and has the right to charge for it. It remains for you to find out who spent your money.
You can remove the Java virus by installing the appropriate software on your phone or by sending the device to a service center for a flashing. (The variant with the java-virus in this particular case was not confirmed, the subscriber's device did not support Java).
The situation is more complicated if there is a suspicion of the closest surrounding of the subscriber. Alas, the story knows examples of calls to paid numbers by the beloved grandson from the grandmother’s phone, and the dishonesty of colleagues paying for sms-sending horoscopes from the victim’s phone. The powers of the telecoms operator end in issuing an opinion on the results of the investigation. After that, the victim should contact the Office of Special Technical Activities (TSM) of the Ministry of Internal Affairs at the place of residence.
So, to conclude this article, we can formulate several security rules in cellular networks, which are obvious, but often forgotten:
1. Do not leave your phone unattended. This advice concerns not only its security, but also the security of your data.
2. Many mobile operators offer the function of managing communication services over the Internet. Do not use it in an Internet cafe or at work - it is highly likely that your confidential information may become available to a third party.
3. Get the rule to control your expenses. For smartphones there are software products that allow you to keep a history of expenses, which will greatly facilitate your life.
PS I did not understand the reason for the transfer of the article from "Information Security" to "I resent." Dear Habr will explain?
')
Source: https://habr.com/ru/post/127757/
All Articles