[VOIPSEC] When Convienence/Obscurity Goes Wrong
Dustin D. Trammell
dtrammell at breakingpoint.com
Mon Feb 9 15:52:31 CST 2009
On Mon, 2009-02-09 at 15:37 -0600, J. Oquendo wrote:
> $30,000,000.00 / 86400 (minutes in a day) = 347.22 per call.
> Not even porn operators charge that much. Remember, he said
> it was one person making that call, and it also stated in
> one night. So if we have the time frame, he'd of paid $694.00
> or so per minute for a 12 hour period, and so on and so forth.
I don't think the overages were due to the single repeated call. If I
read the story right, the one guy repeatedly calling caused them to not
receive notices of toll increases for some of their carriers, so they
didn't remove them (or prioritize them correctly) from their routes.
Then those carriers noticed they were still being used and
opportunistically hiked once again. The total overages occurred from
their legitimate customers being routed over carriers that became
super-expensive without them noticing (due to not receiving the
notices).
--
Dustin D. Trammell
Security Researcher
BreakingPoint Systems, Inc.
More information about the Voipsec
mailing list