nanog mailing list archives
Re: TTY phone fraud and abuse
From: Sean Donelan <sean () donelan com>
Date: Sun, 11 Apr 2004 18:55:12 -0400 (EDT)
On Sat, 10 Apr 2004, Scott Call wrote:
My point was that my $20 GE telephone cannot be made into a liability for my telephone provider without my explicit participation, whereas a $20 a month dialup (or $50 a month DSL, etc) customer can be a liability for me just by being turned on.
Although Bell Labs avoided publishing papers about weakness in the telephone system, it doesn't mean they don't exist. The Communications Fraud Control Assocation has a decent publication on communications fraud. http://www.cfca.org/CCSP_dictionary_orderform.htm They cover numerous opportunities for mischief which can occur with your explicit, implicit, and even without your participation. In most cases it is the equipment connected to the line (i.e. CPE), not the line itself vulnerable to mischief. An answering machine with a default remote access code, a cordless telephone without "digital security", an insecure PBX, etc. The telephone network also offers other mischief opportunites such as call forwarding, voice mail, conference bridges, calling cards, third-party billing, collect calls and more.
Can people abuse the phone system? yes, of course it can, but the criteria for response are much higher, and in general the nature of the network (low concurrent session limit, point to point, voice only) as it is exposed to most people limits the damage that can be casually incurred.
There is a difference between crimes against the telephone system and crimes using telephones. The Department of Justice estimates Telemarketing fraud is a $40 Billion a year problem. But telemarketing fraud doesn't necessarily reflect a security vulnerability in the telephone system per se. Or at least not a security vulnerability that can be solved solely by the telephone system.
Current thread:
- Re: Lazy network operators, (continued)
- Re: Lazy network operators Richard Cox (Apr 10)
- Re: Lazy network operators Eric A. Hall (Apr 10)
- Re: Lazy network operators jlewis (Apr 10)
- Re: Lazy network operators Suresh Ramasubramanian (Apr 10)
- Re: Lazy network operators Sean Donelan (Apr 10)
- Re: Lazy network operators Dan Hollis (Apr 10)
- Re: Lazy network operators Jeff Workman (Apr 10)
- Re: Lazy network operators Scott Call (Apr 10)
- TTY phone fraud and abuse Sean Donelan (Apr 10)
- Re: TTY phone fraud and abuse Scott Call (Apr 10)
- Re: TTY phone fraud and abuse Sean Donelan (Apr 11)
- Re: TTY phone fraud and abuse Steven M. Bellovin (Apr 11)
- Re: TTY phone fraud and abuse Suresh Ramasubramanian (Apr 11)
- Re: TTY phone fraud and abuse Steven M. Bellovin (Apr 11)
- Re: TTY phone fraud and abuse Stephen Sprunk (Apr 11)
- Re: TTY phone fraud and abuse Iljitsch van Beijnum (Apr 12)
- Re: TTY phone fraud and abuse Suresh Ramasubramanian (Apr 12)
- Re: TTY phone fraud and abuse Niels Bakker (Apr 12)
- Re: TTY phone fraud and abuse Patrick W . Gilmore (Apr 14)
- Re: Lazy network operators Sean Donelan (Apr 10)
- Re: TTY phone fraud and abuse Patrick W . Gilmore (Apr 14)
- Re: TTY phone fraud and abuse Laurence F. Sheldon, Jr. (Apr 15)