|© 2016 Black Swan Telecom Journal||•||protecting and growing a robust communications business||• a service of|
|Email a colleague|
Crowd sourcing is an awesome tool for gathering intelligence. The most striking example for me is Wikipedia, the most popular website in the world and a site whose content is written by a crowd of global researchers who receive no compensation other than the bragging rights of being on the Wikipedia team.
Well, now I’m pleased to say that crowd sourcing is coming to telecom fraud and security management through a cVidya mobile app for the Android called FraudView CyberHub.
The purpose of the app is to detect, block, and report premium rate fraud numbers and spyware -- often the result of malware and malicious app infection of the mobile device. The crowd intelligence is supplied by the mobile users themselves who report actual and suspected malicious numbers and apps. Their reports are going to a cloud based server in which automatic algorithms backed up by our experts analyse it and distribute the info to all FraudView CyberHub users, wherever they may be on the globe.
We’ve completed most of the research needed to launch it and judging by the feedback we got at the TM Forum event where we announced it, lots of operators are intrigued with the idea including the two sponsors of the Catalyst: AT&T and Telstra.
We are targeting two main threats: Premium Rate Service (PRS) and spyware. In many cases, the attacker uses malware to take control of the device to either automatically generate phone calls, SMSs and even data sessions to high cost (premium) phone numbers. Likewise, spyware will communicate to cloud servers that the criminals use to gather intelligence, steal ID numbers / passwords, and the like.
While CyberHub does not prevent the PRS or spyware infection, it will provide early warning of trouble and help security and fraud professional track down malware / PRS criminals.
According to the CFCA, PRS (also known as International Revenue Share Fraud) is the third largest fraud loss category for telecoms after PBX and subscription fraud. In PRS, the money comes from terminating phone calls to those premium priced numbers. A couple parties usually team up on the scheme and share the revenue. One party drives the traffic and inflates it; the other collects the money. Each operator who routed the call passes the premium charge to the previous operator in the chain. The operator who eventually takes the revenue hit is the one whose network initiated the call.
Bottom line with PRS: it’s the volume that matters. The trick is to push as many calls, as much traffic volume as they possibly can -- and do so before the operators catch on to the con game.
Getting timely updates on the blacklisted numbers is critical to stop the bleeding. International associations like the GSMA, CFCA and TM Forum help with standards, but carriers are largely left to their own devices to stop the fraud from occurring through fraud management software.
But there’s another issue, too: operators feel the pain when lots of customers call to complain about fraud charges. Higher call center costs are one issue, then there’s the sheer hassle and time it takes to sort out the issue and make good by the customer. The operator is always perceived as liable in such issues, despite the fact he has nothing to do with it.
Readers will see parallels to the way crowd sourcing is used in the cyber security world. A very familiar one is where Microsoft anonymously collects data on PC-resident malware so it can develop and send security patches for Windows.
cVidya is discussing two deployment models. The first one is a telco-centric model where the operator enables, distributes, and charges for the mobile app. And in the second model cVidya takes the lead and interacts directly with the mobile users.
Behind the scenes, we maintain the hot-listed numbers that the mobile devices access in a cloud-based server we call CyberHub. Users with the Fraud CyberHub app on their mobile devices simply report any number /app they suspect or know to be malicious. Once that number is uploaded, cVidya algorithms on the server automatically analyze the suspicious number. Meanwhile cVidya experts are standing by to validate results and continuously enhance the model and algorithms. Then we update the global blacklist so it can be downloaded to all the mobile app users through a push-like service.
Now it’s obviously important to screen the numbers going into that blacklist. For instance, a business might try to block all calls to its competitors. Or two people get into an argument and one them tries to block all personal calls to the other guy to get revenge.
The prototype we demoed it at the TM Forum Catalyst is real simple to use: just type in the number, press a button, and the malicious number is saved as hot listed and pushed into the cloud.
The application works in the background. When the user dials a number, receives a call, and receives/ sends an SMS, the app bounces the address against the hot list and either blocks the traffic or warns the user about the danger.
In a single click, the mobile user can also selects how often they want the updated hot lists downloaded to their phone -- monthly, weekly, daily, whatever. The user can also maintain his own private list of numbers of incoming or out coming calls or SMSs that he wants to block.
In the past two years, the industry has seen a dramatic increase in mobile user complaining about malicious apps. Often the mobile phone is hijacked and starts dialling premium rate numbers on its own without the user’s knowledge.
The mobile app we’ve developed is designed to shut down all know PRS activity for the community of app users. The app works in the background: when the user dials a number, receives a call, and receives/send an SMS, the application analyses it and if there is something suspicious it blocks/warns about it
Now the user can fully opt out of reporting their malicious numbers and apps to us. That’s their choice. They still get the blacklist protection whether they help us or not. Each user’s contribution enriches our data, but the blacklist will be maintained with or without them.
While it’s true that the user usually doesn‘t have to pay the premium fee because the operator removes the fraudulent charges or at least share the cost, dealing with PRS it’s often a big inconvenience for the user. So that’s certainly one key incentive for the mobile user helping us: they save themselves some trouble.
When the bill arrives or the user checks his balance, that’s when the bill shock hit as they read the huge charges for unknown calls, say, to a small island in the South Pacific.
Future versions of CyberHub will serve an enterprise’s need to protect the BYOD devices of their employees.
Our industry statistics over the past 2 years points to Premium Rate Share (PRS) fraud as the most common malware reported by mobile users. Crowd sourcing shows promise as a way to gain greater control over the problem. The mobile users essentially become fraud and security management partners to the service provider.
Copyright 2013 Black Swan Telecom Journal