Fraud attack and ITU

[MrM]

We had a Fraud attack aginst us last week and the calls for a lot of $ where made to the numbers below.

When looking it up, most of them goes under World Premium Telecom and as mentioned earlier in this forum, the ITU doesn't do anything about this fraud. They where also calling a lot of other numbers that have been mentioned in this forum earlier. But also a lot of other numbers that looks lite world premium telecom numbers.

And as an example, if there so called customers have a Sierre Leone number, prefix 232 *, they pays $140 for 1000minutes and for Inmarsat Global region 881 Globalstar they pays 530euro per 1000 minutes.

Some of the numbers that are so called “test-numbers” for world-premium-telecom.com are below and were called for big money.

881842011140
3727010131
3727080120
23172355002
261229002041
9607983290
9743920202
37877312200
25260900000
886951164610

The hole list of numbers, that was called fraud-attack is listed below. The IP-numbers was swapped and cycled all the time, and most of them came from ISP was Bell Teleservices India Pvt. Ltd. AS45648, Palestine Telecommunications Company (PALTEL) AS12975 and Cellcom Israel Ltd. AS 9117. But even some traffic from other ISP and countries lite Egypt was involved.

881835211041, 881835211044, 881835211063, 881842011140, 881935211039, 881935211056, 3727010131, 3727052228, 3727052229, 3727052271, 3727080120, 3727090808, 2207711814, 972597401900, 972597776897, 972599779715, 23722258480, 85092896153, 85092899054, 2314198008, 23172355002, 261221000960, 261221900107, 261221900200, 261221900237, 261229002041, 9607983290, 9607983291, 9743920202, 37877311217, 37877311218, 37877311219, 37877311220, 37877312200, 37877312219, 37877312220, 37877312225, 37877312238, 37877312239, 23222270470, 23222270473, 23222272200, 23222272751, 23222272823, 23222276307, 23222276308, 23222276311, 23222276312, 23222276318, 23222276337, 23222276338, 23222276339, 23222276354, 23222276355, 23222276356, 23222276358, 23222276360, 23222276361, 23222276362, 23222276363, 23222276364, 23222276365, 23222276366, 23222276367, 23222276370, 23222276374, 23222276375, 23222276376, 23222276377, 23222276378, 23222276381, 23222276382, 23222276383, 23222286701, 23222288108, 23222288147, 23222288153, 23222288175, 25260900000, 27851006020, 886951164610, 68824040, 14042605390, 14042605391, 6787780053, 6787780339, 263912794868, 263912794873, 263912798012, 263912798015, 263912798019, 43820893626, 43820893627, 6703305092

Then the strange part in this, both Sierre Leone, Inmarsat Global region 881 Globalstar, Estland premium service numbers, North Korea, San Marino service number, Zimbabwe and so on, was mostly called to ie. World-premium-telecom.com is ITU a joke or why don't ITU do anything about this?

[Hamlet]

Sorry. I am German and so I am not a native speaker. I guess you are also not a native speaker. To make it easy: I don't understand what was going on...
For ITU: They never care... But if I understand your problem better I may give you some mail addresses at ITU (please explain it again, try to make me understand it and... remember: I am German )

where do you come from? what was the scam about?

and who or what is "us"? Are you representing a company? what is that part with the IPs about?

[yogabba]

We had the same thing happen to us.

The attack was possible was due to SIP being available on our external internet facing interface. They guessed that account 100 had a password of 0000 (call manager express).

So needless to say, restrict your inbound SIP (5060 UDP/TCP) to static IPs, deny it altogether, or at the very minimum change the default pins to something more complex.

Reports > Call History
ID Start Time Originating Number Terminating Number Duration
1 07:46:38 AEST Tue Aug 10 2010 1 0001122590409167 <Unknown>
2 07:46:39 AEST Tue Aug 10 2010 1 0001122590409167 <Unknown>
3 07:46:36 AEST Tue Aug 10 2010 1 0001122590409167 <Unknown>
4 07:46:38 AEST Tue Aug 10 2010 1 0001122590409167 <Unknown>
5 07:47:53 AEST Tue Aug 10 2010 1 0001122590409167 <Unknown>
6 07:48:23 AEST Tue Aug 10 2010 1 0001122590409167 <Unknown>
7 07:49:19 AEST Tue Aug 10 2010 1 0001122590409168 <Unknown>
9 07:50:29 AEST Tue Aug 10 2010 1 0001122590409168 <Unknown>
10 07:51:18 AEST Tue Aug 10 2010 1 0001122590409150 00:00:04
11 07:52:45 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
12 07:52:38 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
13 07:52:43 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
14 07:52:46 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
15 07:53:33 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
16 07:54:02 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
17 07:54:04 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
18 07:54:05 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
19 07:54:05 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
20 07:54:45 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
21 07:55:13 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
22 07:55:28 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
23 07:56:20 AEST Tue Aug 10 2010 1 0001122590409171 <Unknown>
24 07:55:57 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
25 07:56:28 AEST Tue Aug 10 2010 1 0001122590409171 <Unknown>
26 07:57:09 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
27 07:57:35 AEST Tue Aug 10 2010 1 0001122590409170 <Unknown>
28 07:58:05 AEST Tue Aug 10 2010 1 0001122590409178 <Unknown>
29 07:59:28 AEST Tue Aug 10 2010 1 0001122590409178 <Unknown>
30 07:59:31 AEST Tue Aug 10 2010 1 0001122590409178 <Unknown>
31 08:00:35 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
32 08:00:36 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
33 07:54:06 AEST Tue Aug 10 2010 1 0001122590409170 00:06:52
34 08:01:33 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
35 08:00:36 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
36 08:00:44 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
37 08:02:01 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
38 08:02:02 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
39 08:02:02 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
40 08:02:04 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
41 08:02:05 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
42 08:02:07 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
43 08:01:32 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
44 08:01:32 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
45 08:01:41 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
46 08:02:50 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
47 08:02:51 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
48 08:01:50 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
49 08:02:49 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
50 08:02:50 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
51 08:02:49 AEST Tue Aug 10 2010 1 0001122590409177 00:01:32
52 08:04:46 AEST Tue Aug 10 2010 1 0001122590409177 <Unknown>
53 08:05:02 AEST Tue Aug 10 2010 1 0001122590409176 <Unknown>
54 08:05:06 AEST Tue Aug 10 2010 1 0001122590409176 <Unknown>
55 08:05:08 AEST Tue Aug 10 2010 1 0001122590409176 <Unknown>
56 08:05:09 AEST Tue Aug 10 2010 1 0001122590409176 <Unknown>
57 08:04:59 AEST Tue Aug 10 2010 1 0001122590409176 <Unknown>
58 08:05:15 AEST Tue Aug 10 2010 1 0001122590409176 <Unknown>
59 08:05:13 AEST Tue Aug 10 2010 1 0001122590409176 <Unknown>
60 08:04:57 AEST Tue Aug 10 2010 1 0001122590409176 <Unknown>
61 08:04:59 AEST Tue Aug 10 2010 1 0001122590409176 <Unknown>
62 07:52:12 AEST Tue Aug 10 2010 1 0001122590409170 00:00:04
63 07:46:37 AEST Tue Aug 10 2010 1 0001122590409167 00:05:40
64 07:52:47 AEST Tue Aug 10 2010 1 0001122590409170 00:00:06
65 07:52:42 AEST Tue Aug 10 2010 1 0001122590409170 00:00:10
68 08:01:32 AEST Tue Aug 10 2010 1 0001122590409177 00:00:06
69 08:00:37 AEST Tue Aug 10 2010 1 0001122590409177 00:01:01
70 08:04:59 AEST Tue Aug 10 2010 1 0001122590409176 00:16:51
74 09:06:42 AEST Tue Aug 10 2010 200 000119725974 <Unknown>
75 09:06:49 AEST Tue Aug 10 2010 200 00011972597401 <Unknown>
76 09:08:22 AEST Tue Aug 10 2010 200 00011972599349129 00:00:05
77 09:07:51 AEST Tue Aug 10 2010 200 00011972597401900 00:00:34
78 09:11:52 AEST Tue Aug 10 2010 200 00011972597721968 <Unknown>
79 09:12:24 AEST Tue Aug 10 2010 200 00011972597721968 00:00:04
80 09:12:01 AEST Tue Aug 10 2010 200 00011972597401900 00:00:24
81 09:26:02 AEST Tue Aug 10 2010 200 00011972597721968 00:00:06
82 09:25:42 AEST Tue Aug 10 2010 200 00011972597401900 00:00:24
84 09:27:21 AEST Tue Aug 10 2010 200 00011972597721968 00:00:08
85 09:27:00 AEST Tue Aug 10 2010 200 00011972597401900 00:00:24
92 10:05:08 AEST Tue Aug 10 2010 200 00011212654061694 00:00:07
93 10:04:23 AEST Tue Aug 10 2010 200 00011972599349129 00:00:55

[Hamlet]

what does that mean?
0001122590409167
is 00011 a part of the number or ist 0022590409167?

and please explain what's exactly happening. VoIP?

Main question:
Who would benefit from calls to that numbers?

Answer:
Go to the police, the police should go to your phone provider, your provider has to tell them who gets the money. If they are not able to they should refund you.