[AusNOG] High number of inbound automated Chinese language calls on AAPT CTS

Andrew Yager andrew at rwts.com.au
Sat Oct 28 14:54:30 EST 2017


They are spoofing source CLI so masking/monitoring CLI is useless. We have had downstream customers whose business has been significantly impacted by having their CLI used recently as an advertised number in scams similar to this at least twice this year.

Someone has loose ACLs on their inbound and doesn’t check their customers properly... :(

And yes, it definitely isn’t limited to AAPT. Just had one today to my DID on a Symbio inbound number.

Andrew

Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of Mark Stewart <mark at nabc.com.au>
Sent: Friday, October 27, 2017 5:12:18 PM
To: Matt Perkins; jay binks; AusNOG at lists.ausnog.net
Subject: Re: [AusNOG] High number of inbound automated Chinese language calls on AAPT CTS

Had a conversation with my Telstra guys this week in relation to phone system hacking where phone systems were being breached and then systematically being used to autodial numbers.

The breaches can be occurred via –

Voicemail port hack is where their default pin number for their voicemail is the same has their 100 dial in number.

SIP / VoIP credentials can be hacked / obtained and then assume that SIP network.

Alternatively, their entire network has been hacked and the hacker is sniffing for IP Phone system and then interface into it to make calls.


From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Matt Perkins
Sent: Friday, 27 October 2017 12:33 PM
To: jay binks <jaybinks at gmail.com>; AusNOG at lists.ausnog.net
Subject: Re: [AusNOG] High number of inbound automated Chinese language calls on AAPT CTS

Hi Jay,
 Unwelcome Communications procedure only work when you have the source numbers. It's hard to give the CTS provider ~10,000 source numbers ;) They are trying however to chase it up.  No it's not coming from a sip gateway. This equipment is not on the internet.

Matt.


On 27/10/17 3:22 pm, jay binks wrote:
There are methods for dealing with unwelcome or nuisance calls.
It's not always effective, but its worth a try.

If your calls fit the definition of an "UNWELCOME COMMUNICATIONS" you may be able to utilise http://www.commsalliance.com.au/Documents/all/codes/c525.

The OP may have a claim to this with 3000 calls within 4 hours.
Contact your CSP.  "C/CSPs must assist end users in receipt of unwelcome messages where it is reasonably possible to do so "

They may only pass the complaint on to the originating carrier, but you might get lucky.

The other thing I initially thought of when I saw this ( but it seems like its probably not the case after reading other peoples accounts ).
Make sure your SIP equipment only accepts SIP from your SIP provider. Sometimes you find people scanning your network, doing this sort of thing.

Good luck !

Jay

On 27 October 2017 at 14:12, Matt Perkins <matt at spectrum.com.au<mailto:matt at spectrum.com.au>> wrote:
The volumes we are getting are stunning if it's not targeted at AAPT.  as it appears it's not from some of the on/off list responses. We have had over 3000 calls in the last 4 hours. This has been going on for almost 4 days.


Matt.



On 27/10/17 2:51 pm, Tom.Minchin at csiro.au<mailto:Tom.Minchin at csiro.au> wrote:
We are getting runs of these to a Sydney and a Melbourne site. We are Telstra inbound.


On Fri, Oct 27, 2017 at 1:55 PM +1100, "Andrew Yager" <andrew at rwts.com.au<mailto:andrew at rwts.com.au>> wrote:
Hi Matt,

We have seen multiple instances of this over the last couple of months to different number blocks.

It's usually a Mandarin message claiming to be from the ATO.

Have logged a few complaints on a few of them; have not got anywhere useful because each number is called "once" and doesn't meet the threshold for a nuisance claim.

If any of my upstreams want to care though… I'm happy to provide more details… :) (nudge… nudge…)

Andrew


On 27 October 2017 at 13:34, Matt Perkins <matt at spectrum.com.au<mailto:matt at spectrum.com.au>> wrote:
Here's some Friday fun.

Are there any people with AAPT CTS that are receiving very high volumes (500 an hour)  of a Chinese language automated message. Numbers dialed in appear to be random within a routed ranges they also appear to be using random calling id's some start with 028009XX. Im told that the message says it's from the Chinese consulate and ask you to push zero.  I suspect they are trying to determine which numbers have Chinese language speakers answer for some later scam. But only appears to be on AAPT CTS. We have CTS with a few other carriers and seeing nothing on those inbound.

Interested to see if others are receiving same.

Matt.



--
/* Matt Perkins
        Direct 1300 137 379<tel:1300%20137%20379>        Spectrum Networks Ptd. Ltd.
        Office 1300 133 299<tel:1300%20133%20299>        matt at spectrum.com.au<mailto:matt at spectrum.com.au>
                                   Level 6, 350 George Street Sydney 2000
        Spectrum Networks is a member of the Communications Alliance & TIO
*/

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog



--
Andrew Yager, CEO (BCompSc, JNCIS-SP, MACS (Snr) CP)
Real World Technology Solutions - IT People you can trust
Voice | Data | IT Procurement | Managed IT
rwts.com.au<http://rwts.com.au> | 1300 798 718<tel:1300%20798%20718>

[Image removed by sender.]
Real World is a DellEMC Gold Partner

This document should be read only by those persons to whom it is addressed and its content is not intended for use by any other persons. If you have received this message in error, please notify us immediately. Please also destroy and delete the message from your computer. Any unauthorised form of reproduction of this message is strictly prohibited. We are not liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt. Please consider the environment before printing this e-mail.



--

/* Matt Perkins

        Direct 1300 137 379<tel:1300%20137%20379>        Spectrum Networks Ptd. Ltd.

        Office 1300 133 299<tel:1300%20133%20299>        matt at spectrum.com.au<mailto:matt at spectrum.com.au>

                                   Level 6, 350 George Street Sydney 2000

        Spectrum Networks is a member of the Communications Alliance & TIO

*/

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog



--
Sincerely

Jay



--

/* Matt Perkins

        Direct 1300 137 379        Spectrum Networks Ptd. Ltd.

        Office 1300 133 299        matt at spectrum.com.au<mailto:matt at spectrum.com.au>

                                   Level 6, 350 George Street Sydney 2000

        Spectrum Networks is a member of the Communications Alliance & TIO

*/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20171028/cfba8b35/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20171028/cfba8b35/attachment.jpg>


More information about the AusNOG mailing list