Telecom Fraud

HAILU TSEGA
APRIL 18, 2017
 Agenda
Introduction
What is Telecom Fraud
Factors Leading to Telecom Fraud
Types of Telecom Network Fraud
What is a Bypass Fraud?
Existence of Bypass Fraud
Bypass Fraud Network
Architecture
Hardware Used to Facilitate
Bypass Fraud
Ways Telecom pirates
Attempt to Avoid Detection
Methods Used to Detect
Fraud
Who Benefits from Fraud
Detection and Elimination?
Six Steps Regulators Should
Take to Control SIM Box Fraud
Conclusion
 Introduction
Telecom Fraud Offence Proclamation No. 761/2012
WHEREAS, considering that telecom fraud is increasing
and wide-spreading from time to time thereby
encumbering the telecom industry to play an essential
role in the implementation of peace, democratization and
development programs of the country;
WHEREAS, recognizing that telecom fraud is a serious
threat to the national security beyond economic losses;
WHEREAS, it has became imperative to legislate
adequate legal provisions since the laws presently in
force in the country are not sufficient to prevent and
control telecom fraud;
What is Telecom Fraud?
Telecom fraud most often refers to the illegal use
of network operator resources without paying the
service provider
It is an unceasing risk to network operators
revenue and it remains difficult to predict exactly
how, when, or where new fraud settings will
attempt to attack services.
It has created severe international problems for
GSM and PSTN service providers and its annual
impact has been observed to be billions of US
dollars
 Factors Leading to Telecom
Fraud
Failure to understand the complexity of new technologies
Dissatisfaction of employees due to a lack of experience with
new technology
Weaknesses in operation systems
Irresponsible business models
Money laundering
Political and ideological factors
Ineffective audit systems; a lack of follow up relating to
compliance reports presents opportunities for telecom pirates
Free financial Gain
 Types of Telecom Network Fraud
Telecommunication fraud encompasses a variety of illegal activities.
There are types of frauds, which adversely affect the carrier providers,
not only financially but also in terms of extensive voice bandwidth and
network resources.
These may include roaming, premium service (phishing), and
subscription frauds,
The most prevalent types of network frauds :
Bypass Fraud,
International Revenue Sharing Fraud (IRSF)
False Answer Fraud
 What is a Bypass Fraud?
Bypass Fraud is used to describe the use of various least cost
call termination techniques like SIM Boxes, Leakey (hacked)
PBXs etc. to bypass the legal call interconnection and
diverting international incoming calls to on or of network
GSM/CDMA/Fixed calls through the use of VoIP or Satellite
gateway, thus evading revenue for international call
termination which operators and government regulators are
entitled to
 Existence of Bypass Fraud
Bypass fraud occurs when international termination charges
become larger than the local mobile call charges.
It is also popular in the countries where international
gateways are monopolized by government operators.
As a result, calls are produced at the user end with either a
Calling Line Identity (CLI) manipulation number or with no
CLI.
Mostly, SIM Box operators use pre-paid SIMs to perform
these illegitimate acts because the ownership and address
of a pre-paid SIM is difficult to know.
 Bypass Fraud Evolution

These days bypass fraud perpetrators have evolved to a certain extent

that they are constantly changing their strategies to prevent detection.
Some of their tactics are:-
automatically changing the IMEIs of each channel in the SIMBOX
equipment
constantly changing operation locations (one location in the morning then
another in the evening)
operating in a moving Vehicle to avoid single Cell detection
operating in a certain time window especially after office hours and night
time
Types of Bypass Fraud
On-Net Bypass Fraud: On-Net Bypass Fraud is
a type of bypass fraud in which the fraud
committers use their own network connections
to terminate the bypassed calls.
Off-Net Bypass Fraud is a type of bypass
fraud in which the fraud committers utilize the
connections of competitors or any other means
for termination
Bypass Fraud Network
Architecture
Hardware Used to Facilitate
Bypass
Fraud
Telecom pirates use various methodologies to commit
bypass fraud.
They utilize:
a) SIM boxes,
b) VoIP Gateways, and
c) Session Internet Protocol devices to conduct
bypass fraud
respectively.
SIM Box
A SIM box is a device that holds a large number of
SIM cards, which are linked to a gateway but stored
separately from it.
Therefore, SIM boxes are used as part of a VoIP
gateway installation.
A SIM box comprises SIM cards of distinctive
network operators, thereby allowing it to function
with several GSM gateways situated at distant
locations.
The function of the SIM box is to make and
A Typical Sim Box Operator

Infrastructure needed
An internet connection
-1Mb allows for +- 60 concurrent
calls
-DSL
-VSAT (satellite)
-Datacenter
Router to connect to internet
GSM Gateway to convert calls into
mobile calls
SIM cards

Typical companies
Small 2 person operations
Carriers sometimes also deploy SIM Boxes
Some companies use PBX also for
terminating traffic
VoIP Gateways
VoIP Gateways are telecommunication devices
through which calls from fixed or mobile
telephone networks are routed directly over
VoIP to the targeted GSM network.
A modern GSM VoIP gateway installation can
support hundreds of mobile SIM cards,
functional SIM rotation, pre-paid recharging
and off-site SIM card storing
Session Internet Protocol Devices
Session Internet Protocol devices are used to
enable VoIP.
They are employed to connect a cellular network
directly to an Internet Telephony Service Provider
(ITSP).
This permits VoIP to function as well as other real-
time media such as voice, video, and web
conference without the requirement of any IP-
PSTN Gateway or Digital gateway.
Ways Telecom pirates Attempt to
Avoid Detection
Detection avoiding schemes may become
troublesome for telecom pirates as they
often demand large investments.
There are a number of ways that telecom
pirates use to intercept phone calls and
texts. Some of these are explained below
 Bit Stuffing of False CLI
Telecom pirates use different methodologies to
manipulate the caller ID.
Within telecommunications, bit stuffing is the
insertion of non-information bits.
Therefore, if a number is dialed showing the
country code, the telecom pirate can manipulate
that number by adding or deleting digits from it.
As a consequence, the called party cannot
recognize the actual number.
CLI Stuffing
Deletion of CLI
CLI Deletion is another type of telecom
fraud in which telecom pirates remove the
CLI of the incoming call.
In this way, the telephone number of the
originating party will not be shown on the
Caller ID Box.
Accordingly, the immediate affected parties
are: the operators, end users, and
regulators.
CLI Detection
Methods Used to Detect Fraud
Operators and regulators have devised several
fraud detection schemes for generated
revenue assurance

a) TCG Test Call Generation

b) Fraud Management System (FMS) with CDRs
to create user-based profiling CDR Analysis
and Analytics
 TCG Test Call Generation
Test phone numbers are set up within the local market where the
bypass fraud is occurring.
Then test calls are generated from many different countries via various
interconnect voice routes around the world including VOIP services,
Calling Cards, wireless and fixed line services.
This establishes from where the grey routes are originating and the
paths they use to reach SIM boxes in the affected country.
Test Call Generation is all about probability.
The more routes you test and the more test calls you make, the higher
the chance of finding SIM boxes.
Fraud Management Systems
(FMS) and CDR Analysis
In SIM box detection, the FMS uses Call Data
Records (CDRs) to create usage based profiles that
distinguish the SIMs used in SIM boxes versus those
used in legitimate subscriber handsets.
FMS and similar CDR analysis platforms have also
been effective in detecting SIM boxes, but in recent
years, fraudsters have found clever ways to evade
usage profile detection.
Who Benefits from Fraud
Detection and Elimination?
A. Consumers
Quality: Effective detection and elimination
of fraud ensures improved quality of service to
consumers.
Safety: consumers will experience legal calls
with no interference of eavesdroppers, denial of
service (DoS) attackers, caller ID theft, or SIM
cloning through authorized GSM gateways
during short and long distance call services .
Operators
Revenue Generation: By underpinning the
detection and elimination techniques, revenue
can be recovered effectively
Stop Losing Revenues
Branding and Image Maintenance: the
quicker the fraud is detected, the more likely the
desired services can be provided to the consumer.
 Governments (Regulators and Ministries)

Safety Support: Implementing fraud detection

and elimination techniques better enable
stakeholders to incur the required investments in
network financial service
Revenue Managements: A well-structured
detection and elimination system will allow
regulators to manage revenue effectively without
compromise in regards to customer protection.
 Six Steps Regulators Should Take
to Control SIM Box Fraud
1. Write Laws that Make Bypass Fraud a Costly Crime
to Commit.
2. Gain National Visibility over SIM Box Fraud Activity
3. Coordinate the Use of Vendor SIM Box FM Systems
& Services
4. Audit the FM Performance of Mobile Operators
5. Reward & Penalize Operators to Ensure Policy
Compliance
Conclusion
The volume and versatility of new network
technologies have created many
opportunities for telecom pirates
Telecom operators must stay one step
ahead.
There is an immense need to boost research
awareness, and devise prudent fraud
management systems to detect such frauds,
which impose irreplaceable harm to the
Thank you!!