(keitai-l) Re: interesting scam

From: Benjamin Kowarsch <benjk_at_mac.com>
Date: 12/01/01
Message-Id: <E0840B9D-E61B-11D5-B3C4-003065501888@mac.com>
Rating engines of telecom billing systems are built on A-B number 
analysis, that is they check out where a call is coming from based on 
the A-number (originating number) and where it goes to based on the 
B-number (terminating number). Billing systems for mobile networks also 
often include cell-site ID in their rating tables in order to allow for 
discounted tariffs based on where the mobile is at the time of the call.

In any event, the B-number is looked up based on its area code and any 
two numbers with the same prefix are not normally distinguishable for 
charging purposes by the rating engine. All 03 numbers are generally in 
the same tariff group. There are some techniques that allow for 
discounts (i.e. closed user group membership) and tariff groups could be 
broken down further, i.e. 03-5xxx-xxxx is a different tariff group than 
03-3xxx-xxxx, but the principle remains.

Therefore, premium rate numbers are given special area codes to create a 
new tariff group, i.e. 0990 in Japan. This, too can be broken down 
further in order to allow for different tariffs, i.e. 0990-1 for tariff 
1, 0990-2 for tariff 2 etc etc.

If you wanted to make a particular number in a local tariff group into a 
premium rate number you would have to override the ordinary rating rules 
by way of translating that number into a premium rate number. This may 
be possible within the rating table, but more likely you would have to 
do this on the switch level, that is, you would need to configure the 
exchange to convert the B-number into a 0990 number so that the rating 
engine will treat it as a premium rate number. But even if you did that, 
there would unlikely be any tariff group with a charge as high as 
suggested. In most countries the maximum charge for premium rate 
services is fixed by law or by regulation.

Furthermore, even if you manage to overcharge in this way, there would 
still be the problem how the holder of the B-number would benefit from 
the charges incurred. This is because that number is within the domain 
of the wireline provider (probably NTT) and they need to claim charges 
through inter-carrier settlement, a process outside of the domain of 
each company's retail billing systems.

In other words, you would have to

a) modify one or more exchanges in the mobile phone network
b) modify the rating table of the mobile phone company's retail billing 
system
c) modify the rating table of the wireline carrier's inter-carrier 
billing system
d) probably modify or disable alerts on both company's fraud detection 
systems
e) if a clearing house is involved, modify tariff tables in the clearing 
house

A scam that involves that many different fraudulent actions over 
multiple departments in more than one company is rather unlikely in 
Japan. In Africa, yes, those things happen anyday everywhere. African 
telcos are an auditor's paradise (or nightmare depending on viewpoint), 
but Japan ? Also, if it was indeed a scam, would they make it that 
obvious ? Probably not. They'd put a small charge there so that people 
wouldn't necessarily notice and complain.

Well, ok, never say never, fair enough. But instead of a well organised 
multi-company scam, at first sight, I would assume that something like 
this happening in Japan is due to a weird coding error or data 
corruption in the mobile phone company's rating engine respectively its 
rating tables. Having evaluated Japanese built telecom billing systems, 
I wouldn't be at all surprised if this was a glitch in some COBOL 
mask ;-)

Come to think of it, COBOL uses "09999" to denote a mask for a four 
digit number with a leading zero (IIRC), so it might well be that 
somehow one of these masks "0990" made it into the wrong place and in 
combination with one of those famous COBOL patches anything might 
happen. I don't know if DoCoMo, or NTT use COBOL in their rating 
engines, but even if they don't, out of tradition, they might be using 
some other CODASYL conforming tool somewhere in the processing chain, in 
which case the chance is that even fewer people will understand what it 
does and how it is supposed to work.

rgds
benjamin


On Saturday, December 1, 2001, at 02:12 , Jason Pollard wrote:

> How can it cost so much to connect to a 03* number?  They're Tokyo 
> local,
> right?  Not on Mars I assume.  Does the party on the other end have 
> some method
> to decide how much you the caller have to pay to connect?  Seems like 
> the
> providers are partly to blame in this scam.  Nobody's actually having 
> to pay
> that amount, I hope.  If I had an i-mode phone, I'd call each number in 
> the
> list, several times, just to see how high I could rack up the 
> charges...Storm
> into the office with a million yen phone bill...start raising some 
> serious
> gaijin hell....
>
>
> --Jason
>
>
> --- Marc Printz <Marc.Printz@724.com> wrote:
>> I think its more an interesting hoax actually.
>> A hoax following precisely the same pattern went around in Germany last
>> month or so.
>> Different phone numbers though :-)
>>
>>
>>> -----Original Message-----
>>> From: Thomas O'Dowd [mailto:tom@nooper.com]
>>> Sent: Friday, November 30, 2001 3:28 PM
>>> To: Keitai List
>>> Subject: (keitai-l) interesting scam
>>>
>>>
>>> Hi all,
>>>
>>> We were talking about spam email before and then got onto the subject
>>> of cases where you're phone would ring once and when you'd call the
>>> number back, you'd get a message. Well, it seems to be becoming a bit
>>> of a problem... 100,000 yen ouch!
>>>
>>>> Problem: Extremely high charge (reportedly approx. JPY 100,000 per
>>>>          call) which is very difficult to recover.
>>>>
>>>> Description: You receive a call from one of the numbers on
>>> the list (a
>>>> number is displayed upon receipt) which hangs up on the
>>> first ring or right
>>>> after you pick up the call, leaving an entry in " Received
>>> Record ". Calling
>>>> back to this number, intentionally or inadvertently, even
>>> for a fraction of
>>>> time imposes a large amount of usage charge on your bill
>>> (Once connected,
>>>> you will hear a tape-recorded voice message).
>>>>
>>>> Numbers identified as part of this scam:
>>>>
>>>> 03-3227-2828    03-3984-6761    03-5724-2929
>>>> 03-3280-7660    03-5340-8877    052-733-1288
>>>> 03-3355-7550    03-5340-9330    052-733-1551
>>>> 03-3444-6555    03-5340-9381    052-733-8488
>>>> 03-3444-6710    03-5340-9382    052-735-7300
>>>> 03-3446-0990    03-5348-4441    0534-27-3172
>>>> 03-3446-4567    03-5391-7600    06-4968-3114
>>>> 03-3448-4760    03-5420-4466    06-6300-0702
>>>> 03-3551-4330    03-5423-2570    06-6301-1999
>>>> 03-3793-7552    03-5679-7844    06-6301-7778
>>>> 03-3851-4141    03-5679-7848
>>>>
>>>> *More numbers may exist
>>>>
>>>> Resolution: Ignore calls from any of the numbers listed
>>> above and DO NOT
>>>>             call back. Best practice is never to call a
>>> number that you
>>>>             do not know.
>>>>
>>>> Status: The problem has been confirmed, but yet to be
>>> officially recognized
>>>> by mobile phone providers and is currently under investigation.
>>>
>>> --
>>> Thomas O'Dowd. - Nooping - http://nooper.com
>>> tom_at_nooper.com - Testing - http://nooper.co.jp/labs
>>>
>>> [ Need archives? How to unsubscribe?
>> http://www.appelsiini.net/keitai-l/ ]
>>
>> [ Need archives? How to unsubscribe? 
>> http://www.appelsiini.net/keitai-l/ ]
>>
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
> http://geocities.yahoo.com/ps/info1
>
> [ Need archives? How to unsubscribe? 
> http://www.appelsiini.net/keitai-l/ ]
>


[ Need archives? How to unsubscribe? http://www.appelsiini.net/keitai-l/ ]
Received on Sat Dec 1 07:30:54 2001