Study Notes on IT and Telecom Frauds & Countermeasures – Cyber Forensics | Core Paper-VII SEM 2

Unit 1: Frauds in IT

• IT Frauds (Theft of Proprietary Information, Insider abuse of internet access, system penetration, unauthorized access to information, laptop/mobile theft, financial fraud, misuse of public web application, viruses, abuse of wireless network)
• Countermeasures

• IT Frauds:
  • Theft of Proprietary Information: Unauthorized acquisition of confidential business data.
  • Insider Abuse of Internet Access: Misuse of internal network privileges by employees.
  • System Penetration: Unauthorized access to secure systems or networks.
  • Unauthorized Access to Information: Illegitimate retrieval of sensitive data.
  • Laptop/Mobile Theft: Physical theft of mobile devices or laptops containing valuable information.
  • Financial Fraud: Manipulation of financial data or transactions for illicit gains.
  • Misuse of Public Web Application: Exploitation of vulnerabilities in publicly accessible web applications.
  • Virus: Malicious software designed to harm systems or steal information.
  • Abuse of Wireless Network: Unauthorized access or misuse of wireless network resources.
• Countermeasures:
  • Data Encryption: Protecting sensitive information by converting it into unreadable code.
  • Access Control Policies: Restricting access to systems based on user roles and permissions.
  • Intrusion Detection Systems (IDS): Monitoring and alerting for suspicious activities.
  • Multi-Factor Authentication (MFA): Adding an extra layer of identity verification for access.
  • Physical Security Measures: Securing laptops and mobile devices to prevent theft.
  • Firewalls: Establishing a barrier between a private internal network and external networks.
  • Regular Security Audits: Assessing vulnerabilities and ensuring compliance with security policies.
  • Employee Training:* Educating staff about security risks and best practices.
  • Endpoint Security Solutions: Protecting individual devices from security threats.
  • Incident Response Plan: A structured approach to managing and mitigating security incidents.
  • Wireless Network Security Measures: Implementing encryption and access controls for wireless networks.

Unit 2: Frauds in Software Development and Management

• Software industry frauds
• Countermeasures

• Software Industry Frauds:
  • Code Theft: Unauthorized acquisition or use of proprietary source code.
  • Software Piracy: Distribution or use of software without proper licensing.
  • Bait and Switch: Introducing a different, substandard product than advertised.
  • False Representation of Features: Misleading claims about software capabilities.
  • Kickbacks and Bribery: Illicit payments to influence software procurement decisions.
  • Data Manipulation: Unauthorized alterations to software code or data.
  • Insider Threats: Employees exploiting their position for fraudulent activities.
  • Plagiarism: Presenting someone else’s work as one’s own in the software development process.
• Countermeasures:
  • Code Version Control: Implementing tools to track changes and manage code versions.
  • License Management: Ensuring proper licensing for all software used in the development process.
  • Strict Access Controls: Restricting access to sensitive code repositories and development environments.
  • Code Reviews and Audits: Regularly reviewing and auditing software code for integrity.
  • Vendor Due Diligence: Thoroughly vetting third-party vendors and their software products.
  • Whistleblower Programs: Providing channels for reporting unethical practices internally.
  • Secure Development Practices: Integrating security into the software development life cycle.
  • Employee Training on Ethics:* Educating software developers on ethical conduct and consequences.
  • Use of Open Source Scanning Tools: Identifying and addressing security vulnerabilities in open-source components.
  • Legal Safeguards: Drafting contracts and agreements to protect against fraud and plagiarism.
  • Data Encryption in Software Development: Protecting sensitive data within the development environment.

Unit 3: Introduction to Telecom Frauds

• What is ‘Telecommunication Fraud’?
• Telecommunication Technologies referred (GSM, CDMA, GPRS, PBX, NGN Networks, Analog Networks)
• About Fraudsters
• Benefits to Fraudsters
• Using a service without – Call selling to others
• Root Causes of Fraud
• Mitigation and Demographics
• Penetration of new technology
• Staff Dissatisfaction – Illustrative cases

• What is ‘Telecommunication Fraud’?
  • Definition: Illicit activities involving the unauthorized use or manipulation of telecommunication services for personal gain.
• Telecommunication Technologies Referred:
  • GSM (Global System for Mobile Communications): Widely used standard for mobile communication.
  • CDMA (Code Division Multiple Access): Another mobile communication standard.
  • GPRS (General Packet Radio Service): Mobile data service for 2G and 3G networks.
  • PBX (Private Branch Exchange): Telephone exchange within an organization.
  • NGN Networks (Next-Generation Networks): Advanced communication infrastructures.
  • Analog Networks: Traditional voice communication systems.
• About Fraudsters:
  • Characteristics: Individuals or groups exploiting vulnerabilities in telecommunication systems.
  • Motivations: Financial gain, unauthorized access, or disruption of services.
• Benefits to Fraudsters:
  • Monetary Gain: Profits from unauthorized usage or resale of telecommunication services.
  • Anonymity: Exploiting services without being easily traced.
• Using a Service Without – Call Selling to Others:
  • Unauthorized Usage: Fraudsters may use telecommunication services without paying.
  • Call Selling: Selling access to telecommunication services to others.
• Root Causes of Fraud:
  • Security Gaps: Vulnerabilities in telecommunication networks and technologies.
  • Weak Authentication: Inadequate user verification measures.
  • Insider Threats: Employees involved in fraudulent activities.
• Mitigation and Demographics:
  • Fraud Detection Systems: Implementing tools to identify and prevent fraudulent activities.
  • Demographic Analysis: Studying patterns and demographics of fraud incidents for targeted mitigation.
• Penetration of New Technology:
  • Emerging Risks: Assessing vulnerabilities introduced by the adoption of new telecommunication technologies.
  • Security Measures: Proactive measures to secure evolving networks.
• Staff Dissatisfaction – Illustrative Cases:
  • Employee Involvement: Cases where dissatisfied staff may participate in fraudulent activities.
  • Preventive Measures: Ensuring employee satisfaction and implementing measures to prevent insider threats.

Unit 4: Classification of Telecommunication Fraud

• Frauds in different segments of Telco operations (such as Customer Care, Operational Support Systems, Network Management Systems)
• Organizational or Non-Technical Fraud (involving Administration services, processes)
• Human Fraud
• Insider Fraud
• Call-sell Fraud
• Facilitation Fraud
• Creeping Fraud
• Chaining Fraud
• Calling-Card Fraud
• Phantom Account
• Partnership Fraud
• Process Fraud
• Ghosting
• Abuse of test or emergency lines or accounts
• Unauthorized Feature/Service Activation – Accounting
• Dealer or Reseller Fraud
• Subscription Fraud
• Roaming Subscription Fraud
• Premium-Rate Services Fraud- Illustrative Cases
• Technical Fraud (involving Network Systems, Billing Systems)
• Cloning – Tumbling
• Voice-mail Hacking
• PBX Hacking
• SIM Stuffing- Clip-on Fraud
• Line Tapping
• War Dialing
• Handset Fraud

• Frauds in Different Segments of Telco Operations:
  • Customer Care: Manipulation or exploitation of customer service channels.
  • Operational Support Systems: Frauds related to support systems for network operations.
  • Network Management Systems: Exploitation of systems overseeing network functionalities.
• Organizational or Non-Technical Fraud:
  • Administration Services, Processes: Manipulation or abuse of administrative services and processes.
  • Human Fraud: Fraudulent activities involving human interactions within the organization.
  • Insider Fraud: Unethical activities perpetrated by individuals within the organization.
  • Call-Sell Fraud: Unauthorized selling of telecommunication services.
  • Facilitation Fraud: Assisting or facilitating fraudulent activities.
  • Creeping Fraud: Gradual and subtle fraudulent activities.
• Chaining Fraud:
  • Calling-Card Fraud: Unauthorized use or manipulation of calling-card services.
  • Phantom Account: Creation of non-existent accounts for fraudulent purposes.
  • Partnership Fraud: Fraud involving collusion between individuals or entities.
  • Process Fraud: Manipulation of telecommunication processes for illicit gains.
  • Ghosting: Falsifying identity or accounts to operate undetected.
  • Abuse of Test or Emergency Lines or Accounts: Unauthorized use of testing or emergency functionalities.
• Unauthorized Feature/Service Activation – Accounting:
  • Unauthorized activation of telecommunication features or services for financial exploitation.
  • Dealer or Reseller Fraud: Frauds involving distributors or resellers within the telecommunication ecosystem.
  • Subscription Fraud: Acquiring telecommunication services through deceitful means.
  • Roaming Subscription Fraud: Fraudulent activities related to roaming services.
  • Premium-Rate Services Fraud – Illustrative Cases: Unauthorized access or manipulation of premium-rate services.
• Technical Fraud:
  • Cloning – Tumbling: Duplicating a mobile device’s identity to commit fraud.
  • Voice-Mail Hacking: Unauthorized access to voicemail systems.
  • PBX Hacking: Exploiting Private Branch Exchange systems.
  • SIM Stuffing – Clip-on Fraud: Unauthorized SIM card manipulations.
  • Line Tapping: Illicit interception of communication lines.
  • War Dialing: Automated dialing to find vulnerabilities in communication systems.
  • Handset Fraud: Frauds involving manipulation or misuse of mobile handsets.

Unit 5: Frauds in Fixed Network & Mobile Network

• Fixed network Fraud
• The development of Fixed Networks
• Common types of Frauds affecting Fixed-line telcos
• Subscription Fraud
• Physical attacks on networks
• Premium rate fraud
• PBX/DISA fraud
• Threat of SS7 attacks
• Methods of mitigating the risks these practices present
• Mobile network Fraud
• The security of mobile networks
• Frauds in wireless domain
• Before Pre-Call Validation
• After Pre-Call Validation
• Fraud Detection Systems
• Subscription Fraud
• The best ways to reduce the risk of mobile network fraud

• Fixed Network Fraud:
  • The Development of Fixed Networks: Evolution of infrastructure supporting landline telecommunication.
  • Common Types of Frauds Affecting Fixed Line Telcos:
    • Subscription Fraud: False or stolen identity used to obtain telecom services.
    • Physical Attacks on Networks: Vandalism or sabotage to disrupt services.
    • Premium Rate Fraud: Unauthorized access to premium-rate services for financial gain.
    • PBX/DISA Fraud: Exploitation of Private Branch Exchange or Direct Inward System Access.
    • Threat of SS7 Attacks: Vulnerabilities in Signaling System No. 7 protocol.
  • Methods of Mitigating the Risks These Practices Present:
    • Advanced Authentication: Implementing robust identity verification measures.
    • Network Monitoring: Surveillance to detect and respond to unusual activities.
    • Security Protocols: Enhancing protocols to withstand physical attacks.
    • Encryption: Protecting sensitive communications from interception.
    • SS7 Security Measures: Implementing safeguards against SS7 vulnerabilities.
• Mobile Network Fraud:
  • The Security of Mobile Networks: Ensuring the integrity and confidentiality of mobile communications.
  • Frauds in Wireless Domain:
    • Before Pre-Call Validation: Assessing risks before initiating communication.
    • After Pre-Call Validation: Evaluating risks during or after the call.
    • Fraud Detection Systems: Implementing tools to identify and prevent fraudulent activities.
    • Subscription Fraud: Unauthorized acquisition of mobile services using false information.
  • The Best Ways to Reduce the Risk of Mobile Network Fraud:
    • Enhanced User Verification: Implementing multi-factor authentication.
    • Regular Audits: Periodic reviews of user accounts and activities.
    • Real-time Monitoring: Surveillance for suspicious patterns in call and data usage.
    • Collaboration with Law Enforcement: Reporting and cooperating in investigations.
    • User Education: Educating users about security best practices.

Unit 6: Common Telecommunication Frauds

• Clip-on and Boxing Fraud
• EPABX Hacking
• Unauthorized disclosure of information
• Unauthorized amendment of data
• Denial of Service attack
• Toll Fraud (call theft)
• Mailbox abuse
• Fax abuse
• Vulnerabilities and their Impact
• Controls
• Security Policy
• Managing the Risks
• Awareness Training
• Controlling Physical Access
• Controlling Logical Access
• Illustrative Cases
• Calling-Card Theft
• Call Forwarding Scams – Cloning
• Cloning in GSM Networks
• Tumbling or Magic Phones
• Dealer or Reseller Fraud
• Pre-paid Fraud
• Social Engineering and Friendly Fraud
• Insider Fraud
• Identity Theft – Delinquency
• Local Subscription Fraud
• Roaming Subscription Fraud
• Content and Value Added Services (VAS) Fraud
• Common Fraud Techniques used today
• Frauds in 3G Networks
• Introduction to 3G Technology and Services
• The 3G Business Model
• Telecom Frauds in a 3G environment
• Subscription Fraud
• Credit-card Fraud on M-commerce
• Micro-payment Fraud
• Premium rate Services (PRS) Frauds
• Copyright Infringement and content resale frauds (‘piracy’)
• IP Security issues in 3G – Hacking
• DOS Attacks
• Virus, Worms and Trojans
• Data Interception
• Database attacks – Spam
• How network security needs to change with the move to 3G
• Security and Law Enforcement Issues in 3G – Fraud Management Perspective – A Strategic Perspective
• Telecom Laws – Domestic and International
• Fraud Management System
• Architecture of an FMS solution

• Clip-on and Boxing Fraud:
  • Unauthorized manipulation or attachment to communication lines for fraudulent activities.
• EPABX Hacking:
  • Exploiting vulnerabilities in Electronic Private Automatic Branch Exchange systems.
• Unauthorized Disclosure of Information:
  • Improper release of confidential information to unauthorized individuals.
• Unauthorized Amendment of Data:
  • Illicit changes or alterations to telecommunication data.
• Denial of Service Attack:
  • Disrupting telecommunication services to prevent legitimate use.
• Toll Fraud (Call Theft):
  • Unauthorized use of telecommunication services, resulting in financial losses.
• Mailbox Abuse:
  • Improper use or manipulation of voicemail systems.
• Fax Abuse:
  • Unauthorized use or manipulation of fax services.
• Vulnerabilities and Their Impact:
  • Identification of weaknesses in telecommunication systems and the potential consequences.
• Controls:
  • Implementation of security measures to mitigate vulnerabilities.
• Security Policy:
  • Established guidelines and rules to safeguard telecommunication operations.
• Managing the Risks:
  • Strategies and actions to proactively address and mitigate risks.
• Awareness Training:
  • Educating stakeholders about security risks and best practices.
• Controlling Physical Access:
  • Restricting physical entry to critical telecommunication infrastructure.
• Controlling Logical Access:
  • Managing digital access to telecommunication systems.
• Illustrative Cases:
  • Real-life examples illustrating various telecommunication fraud scenarios.
• Calling-Card Theft:
  • Unauthorized acquisition or manipulation of calling-card services.
• Call Forwarding Scams – Cloning:
  • Fraudulent activities related to call forwarding and mobile device cloning.
• Cloning in GSM Networks:
  • Unauthorized duplication of mobile device identities in GSM networks.
• Tumbling or Magic Phones:
  • Techniques involving frequent changes of mobile identities to evade detection.
• Dealer or Reseller Fraud:
  • Fraudulent activities involving distributors or resellers within the telecommunication ecosystem.
• Pre-paid Fraud:
  • Frauds related to manipulation of pre-paid telecommunication services.
• Social Engineering and Friendly Fraud:
  • Deceptive practices exploiting human psychology for fraudulent purposes.
• Insider Fraud:
  • Unethical activities perpetrated by individuals within the telecommunication organization.
• Identity Theft – Delinquency:
  • Illicit acquisition and use of someone’s identity for fraudulent activities.
• Local Subscription Fraud:
  • Unauthorized acquisition of local telecommunication services.
• Roaming Subscription Fraud:
  • Fraudulent activities related to roaming telecommunication services.
• Content and Value Added Services (VAS) Fraud:
  • Fraudulent manipulation of content and value-added services.
• Common Fraud Techniques Used Today:
  • Overview of prevalent fraud techniques in contemporary telecommunication environments.
• Frauds in 3G Networks:
  • Introduction to frauds specific to 3G networks.
• Introduction to 3G Technology and Services:
  • Overview of 3G technology and services.
• The 3G Business Model:
  • Understanding the business model associated with 3G technology.
• Telecom Frauds in a 3G Environment:
  • Fraud scenarios specific to 3G telecommunication networks.
• Subscription Fraud:
  • Unauthorized acquisition of telecommunication services in a 3G context.
• Credit-Card Fraud on M-commerce:
  • Unauthorized credit card transactions in mobile commerce.
• Micro-payment Fraud:
  • Fraudulent activities related to small-value transactions.
• Premium Rate Services (PRS) Frauds:
  • Unauthorized manipulation of premium-rate services.
• Copyright Infringement and Content Resale Frauds (‘Piracy’):
  • Fraudulent activities related to copyright infringement and content resale.
• IP Security Issues in 3G – Hacking:
  • Security vulnerabilities and hacking threats in 3G networks.
• DoS Attacks:
  • Denial of Service attacks targeting 3G networks.
• Virus, Worms and Trojans:
  • Malicious software threats in the context of 3G telecommunication.
• Data Interception:
  • Unauthorized access to and interception of telecommunication data.
• Database Attacks – Spam:
  • Manipulation of databases and the threat of spam in 3G networks.
• How Network Security Needs to Change With the Move to 3G:
  • Adaptations required in network security measures in the transition to 3G.
• Security and Law Enforcement Issues in 3G – Fraud Management Perspective – A Strategic Perspective:
  • Strategic considerations in managing security and law enforcement in 3G environments.
• Telecom Laws – Domestic and International:
  • Overview of domestic and international laws governing telecommunication.
• Fraud Management System:
  • Architecture and components of a Fraud Management System (FMS) solution.