the role of phone numbers in
play

The role of phone numbers in Andrei Costin understanding - PowerPoint PPT Presentation

Apr 23, 2023 •137 likes •489 views

PST2013 The role of phone numbers in Andrei Costin understanding cyber-crime M. Balduzzi + A. Costin J. Isachenkova A. Francillon D. Balzarotti Eurecom, Sophia Antipolis, France + Trend Micro Research, EMEA July 11, 2013

  1. PST2013 The role of phone numbers in Andrei Costin understanding cyber-crime M. Balduzzi + A. Costin ∗ J. Isachenkova ∗ A. Francillon ∗ D. Balzarotti ∗ ∗ Eurecom, Sophia Antipolis, France + Trend Micro Research, EMEA July 11, 2013 1/34

  2. Introduction PST2013 Online/digital identifiers in cyber-crime Andrei Costin Mail Domain name/Web site Social networks/Nicknames profile Extensive studies: [LMK + 10, TGM + 11, KKL + 08, Ede03, CHMS06] Phone numbers Limited studies: [CYK10, STHB99, Pol05, Hyp] Studied mainly in context of premium short number mobile frauds Our main focus 2/34

  3. Introduction PST2013 Andrei Costin Phone number usages Mail signatures Extensively used in many businesses Offers less anonymization than other identifiers Links cyber domain to reality domain Commonly used in various online frauds, e.g.: Premium numbers fraud Scam fraud 3/34

  4. Introduction PST2013 Andrei Importance of cyber-crime and phone numbers – example Costin Banking Trojan.Shylock [symb] Injects code into banking websites Replaces telephone details into the contact pages of online banking websites 4/34

  5. Hypothesis PST2013 Andrei Costin Phone numbers are used in cyber-crime activities Can we find telecom operators preference? Can we find geographical preference? Phone numbers can be a stronger identification metric vs. other identifiers 5/34

  6. Goals PST2013 Andrei Costin Check those hypothesis against real data-sets Evaluate the reliability of automated phone numbers extraction and analysis Identify challenges and limitations Automatically find patterns associated with recurrent criminal activities Automatically correlate the extracted information for Telecom operator preference Geographic area preference 6/34

  7. Methodology PST2013 Andrei Costin 7/34

  8. Datasets I PST2013 Andrei Data Sources initially considered Costin SPAM Large and extremely noisy dataset Extremely challenging to extract and clean phone numbers WHOIS Focused on malicious domains High quality dataset (intl. format) Phone numbers are dummy or replaced by CERTs’ contact numbers 8/34

  9. Datasets II PST2013 Andrei Costin ANDROID Small and noisy dataset Mainly contained short premium numbers – open problem SCAM Large and high quality dataset Phone numbers are an important part of business model Focus on this dataset 9/34

  10. Phone Number Extraction I PST2013 Andrei Costin Success and Reliability of Extraction depend on How well formatted the number is Call: 0336 9505705 9 am - 5 pm Can be decoded as 2 valid numbers: +443369505705 or +33695057059 We aim at obtaining: Non ambiguous normalized number Fully qualified international format number 10/34

  11. Phone Number Extraction II PST2013 Andrei Costin How structured and easy to parse the information is WHOIS records (easy) vs. Malicious mobile binary (difficult) How noisy the data source is Spam messages are very noisy (to defeat anti-spam filters) Scam messages have almost no noise 11/34

  12. Phone Number Extraction Challenges Example Number obfuscation used [syma] PST2013 Andrei Costin 12/34

  13. Scam Message Sample PST2013 Andrei Costin 13/34

  14. SCAM Dataset PST2013 Andrei Costin Used user reports aggregator 419scam Data timespan: January 2009 – August 2012 Enriched and correlated with numbering plans (NNPC) databases Free ( libphonenumber ) Commercial (more detailed and updated) 14/34

  15. SCAM Email Categories PST2013 Emails classified in 10 categories Andrei 3 categories cover over 90% of the data Costin S c a m C a t ego r i e s F i nan c i a l sc a m ( 62 % ) F a k e l otte r y ( 25 % ) N e x t of k i n ( 8 % ) O the r ( 5 % ) 15/34

  16. SCAM Phones Categories PST2013 ˜67k unique normalized phone numbers Andrei Classified using numbering plans (NNPC) databases Costin N u m be r t y pe b r ea k do w n U K P R S ( 51 % ) M ob il e ( 44 % ) O the r ( 5 % ) 16/34

  17. SCAM Communities/Identity Links Used clustering techniques, discovered identity links PST2013 Identified 102 communities Andrei Costin Supports the hypothesis that phone numbers are a good metric to study scammers 17/34

  18. PST2013 Andrei Costin ANALYSIS OF MOBILE PHONE NUMBERS 18/34

  19. Questions and Hypothesis PST2013 Andrei Costin For how long are phone numbers used? Are phone numbers reused or discarded? If discarded, after how long? Are phone numbers used in roaming? If roaming, to which extent? We try to answer these questions with HLR queries 19/34

  20. HLR Querying PST2013 HLR=Home Location Register Andrei Costin Important component of Mobile Network Operators 20/34

  21. Single HLR Queries PST2013 In Aug 2012, querying once for all mobiles encountered in : Andrei Jan – Jun 2012 Costin Jul 2012 M ob il e phone s ne t w o r k s t a t u s 90 80 70 60 P e r c en t age 50 J an − J un 2012 40 J u l 2012 30 20 10 0 E RR O FF O N R O A M N e t w o r k s t a t u s 21/34

  22. Repeated HLR Queries Performed HLR queries PST2013 For 1400 numbers Andrei Every 3 days Costin During Jul – Aug 2012 Hypothesis1: Possibility of a link with the Nigerian groups Hypothesis2: May be used to conceal location 22/34

  23. Phone Numbers Reuse PST2013 Question: Andrei For how long a scam number is used? Costin P hone nu m be r r eu s e 18 16 14 R eu s e pe r c en t age 12 10 8 6 4 2 0 3 2 1 A ge o f r eu s ed phone nu m be r ( y ea r s ) 23/34

  24. PST2013 Andrei Costin ANALYSIS OF UK PRS PHONE NUMBERS 24/34

  25. What are UK PRS numbers? I PST2013 Andrei Costin Definition Premium rate services (PRS) are a form of micro-payment for paid content, data services and value added services that are subsequently charged to user phone bill UK PRS is a 800 Mil. GBP bussines (2009) 25/34

  26. What are UK PRS numbers? II PST2013 Andrei Usages Costin Conceal geographic location of real phone, via call forwarding Earn revenue from calls to these numbers Challenges Hard to trace the ”service provider” Hard to trace the real phone number behind forwarding Hard to detect or prove that fraud is involved 26/34

  27. Range of UK PRS numbers PST2013 ˜34k unique phone numbers in UK range of 07x Premium Rate Services numbers Andrei Costin 4 operators (out of 88) provide more than 90% of fraud-related UK PRS numbers ˜5% of one operator allocated range is fraud-related T op 4 U K P R S T e l e c o m s p r o v i d i ng nu m be r s f ound i n f r aud 60 50 40 S ha r e o f t he f r aud i n P e r c en t age ope r a t o r ’ s 30 nu m be r i ng r ange O pe r a t o r s ha r e i n 20 t o t a l f r aud 10 0 M ag r a t hea O pen T e l e c o m F l e x T e l I n v o m o T e l e c o m N a m e 27/34

  28. Conclusion – Results PST2013 Andrei Costin Phone numbers are a strong digital identifier in some cyber-crime activities Phone numbers help in automated scammer community detection HLR lookups help in identifying identify recurrent cyber-criminal business models to study phone numbers’ geographical use and activity patterns 28/34

  29. Conclusion – Future Work PST2013 Andrei Phone number extraction is an open, non-trivial Costin problem Improve matching algorithms and their context-awareness PRS phone numbers are opaque is a ”traceroute” of PRS phone numbers possible? learn business models behind them Short number extraction and evaluation Open and challenging, non-trivial problem Becomes a growing concern with mobile malware 29/34

  30. Questions? PST2013 Andrei Costin Contacts: Software and System Security Group @ EURECOM S3.eurecom.fr Thank you! 30/34

  31. References I PST2013 Duncan Cook, Jacky Hartnett, Kevin Manderson, and Andrei Costin Joel Scanlan, Catching spam before it arrives: domain specific dynamic blacklists , Proceedings of the 2006 Australasian workshops on Grid computing and e-research, ACSW Frontiers ’06, vol. 54, 2006. Nicolas Christin, Sally S. Yanagihara, and Keisuke Kamataki, Dissecting one click frauds , CCS ’10, ACM, 2010. Eve Edelson, The 419 scam: information warfare on the spam front and a proposal for local filtering. , Computers & Security 22 (2003), no. 5. 31/34

  32. References II PST2013 Mikko Hypponen, Malware Goes Mobile , Andrei Costin http://www.cs.virginia.edu/~robins/Malware_ Goes_Mobile.pdf . Christian Kreibich, Chris Kanich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, and Stefan Savage, On the spam campaign trail , LEET’08, 2008. Olumide B. Longe, Victor Mbarika, M. Kourouma, F. Wada, and R. Isabalija, Seeing beyond the surface, understanding and tracking fraudulent cyber activities , CoRR abs/1001.1993 (2010). 32/34

  33. References III PST2013 Andrei Craig Pollard, Telecom fraud: Telecom fraud: the cost of Costin doing nothing just went up , Network Security 2005 (2005), no. 2. J. Shawe-Taylor, K. Howker, and P. Burge, Detection of fraud in mobile telecommunications , Information Security Technical Report 4 (1999), no. 1. Evolution of Russian Phone Number Spam , http://www.symantec.com/connect/blogs/ revolution-russian-phone-number-spam . 33/34

Recommend

Transportation Authority Travel Training Freedom to Important Phone Numbers CCRTA Customer

Transportation Authority Travel Training Freedom to Important Phone Numbers CCRTA Customer

Corpus Christi Regional Transportation Authority Travel Training Freedom to Important Phone Numbers CCRTA Customer Service Monday Friday 7:00am to 6:00pm 361.883.2287 ccrta.org Important Phone Numbers CCRTA Security 24 hours

150 views • 13 slides
BY THE NUMBERS BY THE NUMBERS BY THE NUMBERS BY THE NUMBERS BY THE NUMBERS BY THE NUMBERS

BY THE NUMBERS BY THE NUMBERS BY THE NUMBERS BY THE NUMBERS BY THE NUMBERS BY THE NUMBERS

BY THE NUMBERS BY THE NUMBERS BY THE NUMBERS BY THE NUMBERS BY THE NUMBERS BY THE NUMBERS Pre-roll, Outstream, Video Production, OTT, Social Video Display, Audience Extension, Mobile Precise, Programmatic, Retargeting, Social, Native SEM,

476 views • 31 slides
ST. PETERSBURG OFFICE ADDRESS PHONE NUMBERS One Progress Plaza, Suite 2300 Phone: 727.821.7000

ST. PETERSBURG OFFICE ADDRESS PHONE NUMBERS One Progress Plaza, Suite 2300 Phone: 727.821.7000

ST. PETERSBURG OFFICE ADDRESS PHONE NUMBERS One Progress Plaza, Suite 2300 Phone: 727.821.7000 200 Central Avenue Toll Free: 888.821.9191 St. Petersburg, Florida 33701-4352 DIRECTIONS TO CARLTON FIELDS ST. PETERSBURG OFFICE AT ONE

312 views • 3 slides
ORLANDO OFFICE ADDRESS PHONE NUMBERS CNL Center at City Commons, Suite 500 Phone: 407.849.0300

ORLANDO OFFICE ADDRESS PHONE NUMBERS CNL Center at City Commons, Suite 500 Phone: 407.849.0300

ORLANDO OFFICE ADDRESS PHONE NUMBERS CNL Center at City Commons, Suite 500 Phone: 407.849.0300 450 S. Orange Avenue Toll Free: 888.849.9191 Orlando, Florida 32801-3336 DIRECTIONS TO CARLTON FIELDS ORLANDO OFFICE AT CNL CENTER AT CITY

602 views • 3 slides
ATLANTA OFFICE ADDRESS PHONE NUMBERS One Atlantic Center Phone: 404.815.3400 1201 W. Peachtree

ATLANTA OFFICE ADDRESS PHONE NUMBERS One Atlantic Center Phone: 404.815.3400 1201 W. Peachtree

ATLANTA OFFICE ADDRESS PHONE NUMBERS One Atlantic Center Phone: 404.815.3400 1201 W. Peachtree Street N.W., Toll Free: 866.755.9191 Suite 3000 Atlanta, Georgia 30309 DIRECTIONS TO CARLTON FIELDS ATLANTA OFFICE AT ONE ATLANTIC CENTER

140 views • 3 slides
Secondary Education: Measuring Secondary Uses of 2FA Phone Numbers Min Hee Kim , Christina Yeung,

Secondary Education: Measuring Secondary Uses of 2FA Phone Numbers Min Hee Kim , Christina Yeung,

Secondary Education: Measuring Secondary Uses of 2FA Phone Numbers Min Hee Kim , Christina Yeung, Daniel Salsburg, Joseph A. Calandrino Office of Technology Research and Investigation Federal Trade Commission The views expressed are not

342 views • 10 slides
know that you have attended. 2.Please fill in the emergency contact sheet with 2 phone numbers

know that you have attended. 2.Please fill in the emergency contact sheet with 2 phone numbers

PARENTS: 1.Please ensure you have signed in so we know that you have attended. 2.Please fill in the emergency contact sheet with 2 phone numbers that are available 24/7 Geography Tour to Iceland Monday 13 th February to Thursday 16 th February

650 views • 48 slides
Some useful tasks involving language Find all phone numbers in a text, e.g., occurrences such

Some useful tasks involving language Find all phone numbers in a text, e.g., occurrences such

Some useful tasks involving language Find all phone numbers in a text, e.g., occurrences such as Finite-State Machines and Regular Languages When you call (614) 292-8833, you reach the fax machine. Find multiple adjacent occurrences of the

83 views • 4 slides
What to do at the Compulsory Ed Violation (CEV) Notification Meeting Have

What to do at the Compulsory Ed Violation (CEV) Notification Meeting Have

What to do at the Compulsory Ed Violation (CEV) Notification Meeting Have parents/guardians sign your copy of the CEV meeting letter. Verify current address/phone/work phone/cell phone numbers View the CEV power point presentation

231 views • 9 slides
Methods to Deal with Non-Working Matched Phone Numbers in an Address Based Sample Survey

Methods to Deal with Non-Working Matched Phone Numbers in an Address Based Sample Survey

Methods to Deal with Non-Working Matched Phone Numbers in an Address Based Sample Survey Anna Fleeman & Tiffany Henderson 67 th Annual Conference of the American Association of Public Opinion Research Background Traditional

673 views • 15 slides
Page 1 of 5 CFS AUTHORITIES AND AGENCY DIRECTORY / HEAD OFFICE PHONE NUMBERS First Nations of

Page 1 of 5 CFS AUTHORITIES AND AGENCY DIRECTORY / HEAD OFFICE PHONE NUMBERS First Nations of

Page 1 of 5 CFS AUTHORITIES AND AGENCY DIRECTORY / HEAD OFFICE PHONE NUMBERS First Nations of Northern Manitoba Child and Family Services Authority.................................................................................. 204-623-4472

419 views • 5 slides
From OCaml to Javascript at Skydeck jake.donham@skydeck.com What is Skydeck? a tool for

From OCaml to Javascript at Skydeck jake.donham@skydeck.com What is Skydeck? a tool for

From OCaml to Javascript at Skydeck jake.donham@skydeck.com What is Skydeck? a tool for managing your mobile phone reads your mobile phone call log presents it back to you in a useful way attach people to phone numbers view calls by person

401 views • 17 slides
Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or binary code are used by computers and digital devices to talk to each other. It is used to give commands to the computer or a way to enter data

165 views • 12 slides
District Role in Ballot- Related Activities \ Shayna van Hoften Phone: 415-995-5880 Email:

District Role in Ballot- Related Activities \ Shayna van Hoften Phone: 415-995-5880 Email:

District Communications in Election Environments, District Role in Ballot- Related Activities \ Shayna van Hoften Phone: 415-995-5880 Email: svanhoften@hansonbridgett.com East Contra Costa Fire Protection District Board of Directors

191 views • 15 slides
VimPhone 2018 Prepared by: rattcv Introduction I wrote an article titled "Make a phone call

VimPhone 2018 Prepared by: rattcv Introduction I wrote an article titled "Make a phone call

VimPhone 2018 Prepared by: rattcv Introduction I wrote an article titled "Make a phone call from Vim" in Vim Advent Calendar 2012 . It was to search for phone numbers and make a phone call by using Vim that works on a terminal

470 views • 12 slides
Review of Natural Numbers, Review of Irrational Numbers Real Numbers Properties of Exponents

Review of Natural Numbers, Review of Irrational Numbers Real Numbers Properties of Exponents

Slide 1 / 178 Slide 2 / 178 Algebra I The Number System & Mathematical Operations 2015-11-02 www.njctl.org Slide 3 / 178 Slide 4 / 178 Table of Contents Review of Natural Numbers, Whole Numbers, Integers and Rational Numbers Review of

849 views • 30 slides
Phone System Integration with Synergy Enterprise Phone Integration This Phone Integration

Phone System Integration with Synergy Enterprise Phone Integration This Phone Integration

Phone System Integration with Synergy Enterprise Phone Integration This Phone Integration allows a VOIP phone system to link with Synergy. The phone system may be either an on-premises or a hosted service. Incoming Calls pull up the

408 views • 28 slides
Welcome to the CSLC Orientation Webinar! While you are in the lobby Unmute your phone and

Welcome to the CSLC Orientation Webinar! While you are in the lobby Unmute your phone and

Welcome to the CSLC Orientation Webinar! While you are in the lobby Unmute your phone and say hello!! Please complete the poll and share your STATE, AGENCY, and ROLE in the chat 1 Childrens Safety Network April 8 & 9, 2020

757 views • 63 slides
Some useful tasks involving language More useful tasks involving language Find all phone

Some useful tasks involving language More useful tasks involving language Find all phone

Some useful tasks involving language More useful tasks involving language Find all phone numbers in a text, e.g., occurrences such as Look up the following words in a dictionary: Finite-State Machines and Regular Languages When you call

178 views • 3 slides
Signed numbers Goals unsigned numbers - non-negative integers signed numbers - positive/negative

Signed numbers Goals unsigned numbers - non-negative integers signed numbers - positive/negative

Signed numbers Goals unsigned numbers - non-negative integers signed numbers - positive/negative numbers represent negative numbers Chapter 10: Signed Addition twos complement representation Many ways to represent signed numbers add &

301 views • 7 slides
Complex Numbers Complex Numbers 1 / 19 Complex Numbers Complex numbers ( C ) are an extension of

Complex Numbers Complex Numbers 1 / 19 Complex Numbers Complex numbers ( C ) are an extension of

Complex Numbers Complex Numbers 1 / 19 Complex Numbers Complex numbers ( C ) are an extension of the real numbers. z C takes the form z = x + i y x , y R Complex Numbers 2 / 19 Complex Numbers Complex numbers ( C ) are an extension of

577 views • 31 slides
Real Numbers and their Properties Types of Numbers Z + Natural numbers - counting numbers - 1

Real Numbers and their Properties Types of Numbers Z + Natural numbers - counting numbers - 1

Real Numbers and their Properties Types of Numbers Z + Natural numbers - counting numbers - 1 , 2 , 3 , . . . The textbook uses the notation N . Z Integers - 0 , 1 , 2 , 3 , . . . The textbook uses the notation J . Q Rationals

344 views • 31 slides
Classes of Real Numbers All real numbers can be represented by a line: 1/2 1 0

Classes of Real Numbers All real numbers can be represented by a line: 1/2 1 0

Classes of Real Numbers All real numbers can be represented by a line: 1/2 1 0 1 2 3 4 The Real Line integers rational numbers real numbers non-integral fractions irrational numbers

528 views • 29 slides
The Basics 1 -1 Real Numbers

The Basics 1 -1 Real Numbers

The Basics 1 -1 Real Numbers Real numbers are used in everyday life to describe quantities such as speed, area, prices, age, temperature, and population. Real numbers are

357 views • 18 slides

More recommend