Right, hopefully the real point of this article has made its way across to you.
Cyber Crime can be prevented before the crime is affluent, this is done by
- Replicating the crime/coming up with a potential crime
- Recognising upcoming industry changes
- Identifying ways to prevent the crime
- Identifying ways to notify that the crime is being committed (alarm monitoring system)
- Consumer Education
So consumer awareness is not the first step for pro-active cyber crime prevention, it is the last step.
That leaves two choices for our approach
- Wait for criminals to come up with and use the method
- Come up with the method yourself, then prevent it
Relatively simple concept, but lets recap this article and wrap it up
How the crime
is will be committed
History aside and the short of it is
I am taking advantage of ease of access to services and ease of configuration to services that are available to consumers.
My likely route is by pretending to be the consumer, this can be done by accessing their network, a malware scenario, or by accessing their email address that is associated to their VoIP provisioning server.
I am not focusing solely on listening to the calls, this is simply another thing that I would check for or take advantage of if gaining access to a customers email address.
I then manipulate high risk services that, arguably, the consumer does not ever want or need to be assigned to their extensions.
In short, I am committing the crime in a really simple way, because while all the benefits for the consumer have been automated, the crime has also been automated, but the crime prevention methods have not been automated.
What a consumer can do to prevent it
Not a huge amount in the grand scheme of things.
So whether you are a small business, enterprise business, residential consumer, this is possible to do to any of you, so right now, you would need a bit of old school advice.
- Make sure accounts are secure, your VoIP Provisioning/Billing portal and your email accounts, use strong passwords etc.
- Don’t store passwords in non-secure methods (if you use Gmail, this may have stored your password for your VoIP Provisioning portal in plain text)
- Check your bills each month for changes (this can be bypassed, so not a silver bullet)
- Periodically check for services that have been applied to the extensions that are high risk, so your accounts department, office admin, all the people who would generally talk to your financial institutions, people relaying sensitive information.
- Call Recording
- Call Listen/Call Barge/ Silent Call Barge
- Call Notify
- Calling Plans
- Call Redirect services
- CoS (Class of Service)
- Make sure you do not leave emails that provide information in your inbox for no valid reason. So the vast majority of your staff when switching to VoIP will have received an email that their VoIP extension has been set up and with the URL, make sure this email gets deleted.
What the industry can do to prevent it
You are the only people who can at the end of the day
A balance is required between ease of access and security, if your application is genuinely that easy to use, then this is a security risk for you, it means anyone who gains access, either legitimately as a malicious employee of any level in your hierarchy, or non-legitimately as a malicious outsider, can manipulate the services and essentially do what they want.
So introduce methods to keep your customers safe
- Alarm Monitoring systems need to be in place for at risk features and configuration
- IF an at risk account has its password reset, this also needs to notify other individuals in the group.
- A user of the same level cannot administer another user of the same level, it must always come from the level above.
- You need to cluster at risk features for an activation process in the first instance
Additional considerations for developers of OSS/BSS solutions are also needed
Pro-active cyber security will always fail while the pro-active level remains so limited to consumer education.
While that approach maintains, you will always rely on cyber criminals to come up with the methods for you to educate consumers on, that is a never ending losing battle.
It is possible to identify market shifts ahead of time, and to implement suitable solutions to stop a crime becoming affluent.
While the crime may be currently being committed by cyber criminals, these will be far and few in between, as on the variety of today’s technology, it is limited to experts.
When technology becomes easier for consumers, it becomes easier for a criminal enterprise, you will then open up more consumers to risk, subsequently making a trend, then creating a profitable criminal endeavour, that is easy for anyone to manipulate.
Anyway, thanks for reading, this particular article falls back into our PSTN switch off concerns and a petition we have around PSTN, this will be added as an update to that petition as a further concern around the PSTN switch off resulting in a shift in cyber crime.
Links below to get back to more cyber crime, or have a look at some PSTN switch off concerns in our residential section
Residential Information (Telecoms)