Kuwait, 14.4.2014.
www.infobip.com
Introduction
www.infobip.com
The
The first
first SMS
SMS message
message ever:
ever:
by
Vodafone
UK
by Vodafone UK
on
on 33 December
December 1992
1992
from
from Neil
Neil Papworth
Papworth of
of Sema
Sema Group
Group
using
using aa personal
personal computer
computer
to
to Richard
Richard Jarvis
Jarvis of
of Vodafone
Vodafone
using
an
Orbitel
901
using an Orbitel 901 handset
handset
text
was
Merry
Christmas.
text was Merry Christmas.
The
The first
first commercial
commercial SMS
SMS message:
message:
Initally
Initally only
only free
free network
network notification
notification
First
commercial
SMS
in
First commercial SMS in 1993
1993
by
Radiolinja(Telia)
Finland
by Radiolinja(Telia) Finland
Only
Only NOKIA
NOKIA supported
supported SMS
SMS
Slow
Slow adoption
adoption due
due to
to fraud
fraud (0.4
(0.4
SMS/sub/month
SMS/sub/month in
in 1994)
1994)
On-net
only
by
1999
On-net only by 1999 due
due to
to SMS
SMS
spoof
spoof
In
In 2000.
2000. averages
averages 25
25 SMS/sub/month
SMS/sub/month
Described in:
SMS Fake
Denial of
Service (DoS)
Fraud
Unexpected
DLR
www.infobip.com
Own GT fake
GSMA defined
fraud
SMS Spoof
SMS
phishing
GT Scanning
SMS Spam
...perception
...value
...integrity
Operational...
www.infobip.com
...cost
...load
...efficency
Service...
Network...
...stability
...credibility
...delivery
...cost
...load
...stability
www.infobip.com
Collectio
n
Analysis
Alerting
Actions
SS7 probes
SCCP and
MAP
Real-time
Contact
roaming
partner
Existing STP
add-ons
Behevioral
Near-real time
Block source
Dedicated
STPs
Volumetrics
Internal
Report
NRTRDE
TAP validation
3rd party
Rate collection
Operator C
SMS-MO
SMSC
Signalling
Provider
Signalling
Provider
SS7
Operator B
SMS-MT
www.infobip.com
SMS Fake
FSM_ACK
>2%
A
FSM_SM
SMS Spoof
MSISDN Criteria
B
Location Criteria
SS7 criteria
Incorrect Carrier Link Set Criteria
Comparison MAP SCCP criteria
A
Manipulated SMS MO from foregin VLR to home SMSC
www.infobip.com
GT Scanning
www.infobip.com
SMS flooding
10
www.infobip.com
11
www.infobip.com
Incident
Report to
source
Respond.
in 24 hrs
NO
Sanctions
YES
NO
Report
Resolved
in next 24
hours
YES
Resolution
12
www.infobip.com
Prevention 1. educate
Fraudsters will usually know how well your network is protected before
attack, so:
1. Real-time live detection systems and NRTRDE, rather than black
box
2. Use real-time alarming and dedicated response personnel (own or
managed)
3. Ask your provider on possible exchange of data with foreign probes
4. Monitor both SS7 layers SCCP and MAP, track consistency
5. Keep awareness of all SS7 channels SMS, USSD and HLR
6. Keep track of CDR, SMS filter, 7726 and TAP files correlations
Sanctions
1. Reporting Company Information
Name:
Company:
Address:
Contact Phone:
E-mail:
2. Suspected Fraudulent Operator Information (Please provide all Information known)
CTO Name or other
contact:
Company:
Address:
Contact Phone:
E-mail:
3. Criteria Identified
Yes/No
Proof/Comments/Traces/Information
1.1 SMS Fake SS7
1.1.1
1.1.2
1.2 SMS Fake Other
1.2.1
2.1 SMS Spoof SS7
2.1.1
2.1.2
2.1.3
2.2 SMS Spoof Billing
2.2.1
2.3 SMS Spoof Other
2.3.1
2.4 Signalling
Providers
2.4.1
2.4.2
3.0 Operator Behaviour
Conclusion
Thank you!