[VOIPSEC] Is there a anti-phishing "blackhole list" of phone numbers?

Jonathan K. Creasy JCreasy at voxitas.com
Tue Jun 2 11:20:40 EDT 2009


In many of the cases I have witnessed the source number is that of an innocent victim. Many cases involve systems that are hacked because of poor security and the outbound calls are placed using the credentials of a phone on their network.

Keeping that source number in a database doesn't do you much good because any future calls are likely to be legitimate because most victims will usually get their system secured after they run up a $20,000 phone bill in one weekend.

So, good idea, but mileage may vary.

-Jonathan

Jonathan Creasy
Voxitas
Sr. VOIP Engineer
Programmer - Internal Tools
314-266-4000 x109


-----Original Message-----
From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On Behalf Of Dan York
Sent: Tuesday, June 02, 2009 9:42 AM
To: Voipsec
Subject: [VOIPSEC] Is there a anti-phishing "blackhole list" of phone numbers?

VOIPSEC readers,

This isn't a VoIP question, per se, but it is a security question.  I
recently had someone who was setting up an IP-PBX for a small business
ask me if there was any kind of automated service which he could use
that would have phone numbers that have been reported as being used in
phishing scams that he could then block his users from dialing. He was
interested in helping protect his users from getting deceived by a
phishing email or web site that included a phone number to call.

It occurred to me that there could be a service like the DNS
"Blackhole Lists" that have historically been used for blocking e-mail
spam.  For those not familiar, the basic idea (and yes, I'm
simplifying, and yes, DNSBLs are controversial to some) is that before
you accept inbound email from some mail server, you send the IP
address of the sending server to one of these DNSBL services to see if
it is on the black list.  If it is on the black list, you may choose
to reject the email before it arrives at your server. Similarly, you
can do the same thing for sending out to an address.  More details
here: http://en.wikipedia.org/wiki/DNSBL

Or perhaps it's more like anti-virus definitions - some organization /
agency compiles a database of phone numbers that are used in phishing
scams.  A company could download a local database like a virus
definition database that would be updated periodically from some
central site.  If a phone number is in that database, the company's
phone system would not let it the number be dialed.

I could see all sorts of issues with a service like this... how do you
verify the authenticity of the report of a number being used in a
phishing email?  How do you ensure someone doesn't maliciously add
"good" numbers to the database?  How does a number get OUT of the list
if it's found to not be a phishing scam? Still, it could be an
interesting option for companies to use as part of their overall
defense strategy.

I see services out there like PhishTank -  http://www.phishtank.com/ -
that have databases of IP addresses associated with phishing scams
which you could access to block phishing *web sites*.   Similarly the
Anti-Phishing Working Group - http://www.antiphishing.org/ - also
seems to be focused on web sites.  Unless I missed it, I don't see
anything on either of those sites about a list of the phone numbers
used (when voice is part of the phishing attack).

Anyone seen anything out there like this that maintains a database of
phone numbers using in phishing scams?  (I couldn't find anything in
some quick searches.)

Seems like an interesting (although undoubtedly controversial) idea.

Regards,
Dan

--
Dan York  dyork at lodestar2.com
http://www.danyork.com/   skype:danyork
Phone: +1-802-735-1624

Disruptive Telephony - http://www.disruptivetelephony.com
Disruptive Conversations - http://www.disruptiveconversations.com/
Blue Box: The VoIP Security Podcast - http://www.blueboxpodcast.com/
Voice of VOIPSA - http://www.voipsa.org/blog
Voxeo weblogs - http://blogs.voxeo.com/
Twitter - http://twitter.com/danyork

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org




More information about the Voipsec mailing list