On 2004-11-25 19:11:57 +0000 (Ted Harding) Ted.Harding@nessie.mcc.ac.uk wrote:
ALUGgers who watched this evening's "Look East" will have seen that dialup phone fraud is in the news again [...]
The victims connected insecure call-making devices to their phone line. While I think phone companies should set credit limits and bill monthly as a matter of course, the victims surely must have seen some news stories about Microsoft Windows insecurities?
What I'd like to ask knowledgeable folk is: how does it in fact work?
Anything from trojans through ActiveX control exploits and beyond. You don't even need to run code on the victim's machine: just persuade it to change any one of several settings which control dialling out. Usually it's done fairly crudely and all dialup is redirected through the international rate number. That gets the hijacker money until the next phone bill arrives. They use international numbers because there's currently no easy way for the victim's telco to withhold payment in international arbitrage.
If anyone has a legitimate reason to know how to do it, contact the Telecommunications UK Fraud Forum www.tuff.co.uk and ask for a copy of P Ray's article on rogue diallers that appeared in their journal last summer. You will have to tell them why you want it! It might cost a small amount for copying and posting.
Doing it through other browsers on Microsoft Windows is probably possible. As others have mentioned, most users of that OS are running with too much access to system configuration most of the time. I think most of the other browsers have better security records than IE, though.
It is possible but more difficult to do this on GNU/Linux. Mainly, dialup configuration is usually controlled by one program (chat) and that's usually only writeable by root. chat's config file is passed in by whatever program calls it (sometimes pppd, sometimes a frontend), so you need root access *and* to rewrite the right config file. This is why suid root ppp control programs worry me, as then you may only need to overwrite the right config file...
Finally, most people don't read the "dialling" dialogues very much.