SIP Trunk Fraud Case Decided
A recent article in PrintWeek caught our attention for its story about a small printing company’s phone system getting hacked.
Frip Finishing was the target of a fraud carried out by unknown third-party hackers over the Halloween weekend in 2011 that resulted in it being invoiced for call charges totaling GBP29,631.50 for the month of October 2011. (Frip’s normal phone bill was £10.) Over one holiday weekend, 10,366 telephone calls were made, the majority of which were to a premium rate number in Poland.
Frip’s VoIP service provider, VoiceFlex, attempted to sue the print company for the money owed, claiming that Frip failed to “take all reasonable steps to secure its network, so as to prevent unauthorized access to [Voiceflex’s] SIP trunks system.”
After a two-year legal battle, Frip was cleared of any liability for the fraud and awarding its legal costs in defending the claim brought by its VoIP telephone service provider. Presumably leaving VoiceFlex stuck paying for the fraudulent telephone calls, as well as the additional legal costs.
This telecom fraud attack is a classic scenario: a subscriber does not properly protect their access to a network, gets hacked during a time when no one is paying much attention, and a fraudster pumps traffic to a premium rate number.
Telecom subscribers today look at telecom fraud like they do credit card fraud, expecting not to have any liability over fraudulent behavior. This leaves service providers as the party that is most hurt by fraud, as they must still pay for terminating services.
Telecom service providers can protect themselves by proactively monitoring their network with software, like TransNexus’s SDReporter. If VoiceFlex had been using SDReporter, the software would have detected the unusual spike in traffic to the premium number in Poland, and would have alerted VoiceFlex in real time. SDReporter could also automatically block the fraudulent calls, stopping the incident long before it racked up tens of thousands of pounds in fraud charges.