Archive for the News Category

Bypass fraud using simboxes has received a lot of coverage recently, so I was intrigued to learn that LATRO, fraud detection specialists, claim to possess a new technology that will identify simboxes as soon as they connect to the network. In an interview with Dan Baker for Black Swan, LATRO CEO Lex Wilkinson said the following:

… we developed a technology that allows us to flag what we call the Protocol Signatures of SIM box devices vs. the devices a normal mobile subscriber uses.

… the information we are processing and analyzing is based on signaling data that is not available in CDRs.

Inevitably the technical details were not shared, but I would like to learn more about how this technology works, and I suspect there are plenty of victims of simbox fraud who will feel the same way.

Bookmark and Share

Prosecutors in the USA accuse two Vietnamese of hacking into 8 email providers, in order to unleash spam which generated USD2mn of revenues via the marketing websites of a Canadian conspirator. You can read the full story on our new website, Commsrisk.

Bookmark and Share

The Malawi Communications Regulatory Authority (MACRA) has announced its long-delayed national telecoms revenue assurance system will be implemented soon. Whilst MACRA calls it their Consolidated ICT Regulatory Management System (CIRMS), critics in the press and public have dubbed it a ‘spy machine’. Opponents of MACRA argue that the centralized collection of CDRs may be used to infringe the privacy of Malawi’s 6 million phone subscribers.

The project to acquire a CIRMS system was initiated in 2008, and MACRA purchased equipment in 2010. However, progress was halted due to a protracted legal battle which saw the High Court uphold an injunction that prevented MACRA from collecting CDRs. MACRA appealed to the Supreme Court, who finally overturned the High Court’s ruling in September 2014.

Many aspects of this row are similar to those found in other African countries. MACRA and the Malawi government argue that more control is necessary to assure taxes paid by telcos. These taxes include international termination fees and Value Added Tax. They also say their system will benefit telecoms customers. The Minister of Information, Civic Education and Tourism, Kondwani Nankhumwa, reportedly stated at a recent press conference:

… the machine will improve the quality of services…

In contrast, telcos state that other audits have shown no evidence of underpayment of taxes. Both sides have had plenty of time to rehearse their arguments; I see no substantial changes since I first covered the topic in 2011.

MACRA says the CIRMS system will cost USD14mn, and this will be covered by the amounts raised from international termination fees. In their press release, they state:

the benefits from utilizing the system outweigh the anticipated costs.

It is frustrating to see governments and regulators make claims like these without bothering to show any supporting evidence. You do not need to examine every CDR in the country to do a tax audit. If taxes are being cheated, a competent auditor should be able to find sufficient evidence from sample checks. MACRA’s persistence with this project suggests their decisions are driven by dogma instead of data. If they are wrong in their calculations, then every penny of the USD14mn cost will ultimately be paid by ordinary people, through higher call charges.

As for the argument that a central repository of CDRs will encourage a higher quality of service, I find that laughable. What magic does the regulator think it will do with all those CDRs, other than adding them up and reconciling them to the amounts of money they have received?

MACRA themselves state that:

… this project is unique with no off shelf (sic) alternative.

There is a reason this project is unique. It is because governments and regulators in other countries see no reason to collect every single CDR for every single call. If others do not have a system like this, how can Malawi’s authorities make extraordinary promises about improving services as well as gathering more taxes?

Awareness of the perils of CDR collection has moved on since MACRA initiated their project, even if MACRA’s arguments have not changed at all. The world can turn its eyes toward the example set by the USA, whose authorities also needed to justify blanket collection of CDRs. In that case, the leak of secret court orders revealed that the NSA was gathering huge swathes of call data. The subsequent justification offered by the NSA was that the data is needed to identify relationships between potential terrorists. In other words, the NSA gathers CDRs for the purpose of surveillance. Meanwhile, Malawi’s government says they will implement a comprehensive centralized database of CDRs, but they will not use it for surveillance purposes. Does this sound even remotely plausible? If they cannot audit a tax return without such an extensive data gathering operation, why would they deny themselves the opportunity to use the same data to fight terrorists, combat organized crime, or spy on customers for any other reason they see fit?

I do not doubt that Malawi’s government and regulator are legally entitled to do what they are doing, even if it took years of courtroom battles to confirm that. But they should treat Malawi’s citizens and phone subscribers with more respect, giving a proper explanation of why Malawi needs this system when other countries do not.

Bookmark and Share

The Wearable Technology Show 2015 showcased new devices which will collect vast amounts of new data, most of which will be stored in the cloud. Attendees recognized the risks, but the novelty of the tech was matched by an immaturity in knowing how all those risks will be managed. For an in-depth analysis of the new devices and the risks posed, read my conference report at Commsrisk.

Bookmark and Share

Customers of UK telco TalkTalk have seen a big increase in the number of malicious scam attempts after their data was stolen by hackers, according to The Register.

TalkTalk said the following about the security breach:

… we have now become aware that some limited, non-sensitive information about some customers could have been illegally accessed in violation of our security procedures.

We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly.

We want to reassure customers that no sensitive information, such as bank account details, has been illegally accessed, and TalkTalk Business customers are not affected.

The rise in attempted scams was first noticed at the end of last year. The UK’s Information Commissioner has now been informed. As ever, it must be a big relief to customers to know that telcos investigate security failings after they take place, and that months later a government bureaucrat will also be asked to attend meetings about what went wrong. That this is now a standard and recurring element of security procedures speaks volumes about the priorities of some businesses, and the value added by the Information Commissioner.

Bookmark and Share