Telephony Fraud – Still going strong

Who would believe, in the age of Skype, Whatsapp and Facebook – telephony fraud, one of the most lucrative and cleanest form of theft – is still going strong. Applications of the social nature are believed to be harming the world wide carrier market – and carrier are surely complaining to regulators – and for a legitimate reason. But having said that, looking at some alarming fraud attempt statistics, thing will show you a fairly different story.

So, analysing fraud is one of my things, I enjoy dropping honeypots around the world, let them live for a few days and then collect my data. My rig is fairly simplistic:

  1. A have a Homer (www.sipcapture.org) server to capture all my traffic
  2. A have an amazon AWS cloudformation script that launches up instances of Asterisk, FreeSwitch and Kamailio
  3. All instances are pre-configured to report anything back to Homer
  4. Upon receiving a call – it will be rejected with a 403

Why is this a good honeypot scheme? simple – it gives the remote bot a response from the server, making it keep on hitting it with different combinations. In order to make the analysis juicy, I’ve decided to concentrate on the time period between 24.12.2016 till 25.12.2016 – in other words, Christmas.

I have to admit, the results were fairly surprising:

  1. A total of 2000 attacks were registered on the honeypot server
  2. The 2 dominant fraud destinations were: The palestinian authority and the UK
  3. All attacks originated from only 5 distinct IP numbers

Are you wondering what the actual numbers are? Here is the summary:

Row Labels 185.40.4.101 185.62.38.222 195.154.181.149 209.133.210.122 35.166.87.209 Grand Total
441224928354 19         19
441873770007       204   204
76264259990     1     1
17786514103         2 2
972592315527   1774       1774
Grand Total 19 1774 1 204 2 2000

As you can see, the number 972592315527 was dailed 1774 from a single IP – 185.62.38.222. I can only assume this is a botnet of some sort, but the mix of IP numbers intrigued me. So, a fast analysis revealed the following:

Amsterdam? I wonder if it’s a coffee shop or something. The thing that also intrigued me was the phone number, why would the bot continue hitting the same mobile phone number? I couldn’t find any documentation of this number anywhere. Also, the 97259 prefix automatically suggests a mobile number in the PA, so my only conclusion would be that this is a bot looking for a “IPRN” loop hole – which is again fraudulent.

So, if this what happens in 48 hours – you can imagine what happens over a month or a year.

DISCLAIMER:

The above post contains only partial information, from a specific server on a network of worldwide deployed honeypots. The information provided as-is and you may extrapolate or hypothesize what it means – as you see fit. I have only raised some points of discussion and interest.

Should you wish to join the lively discussion on HackerNews, please follow this link: https://news.ycombinator.com/item?id=13354693 for further discussion.

 

 

 

Goodbye Elastix – we will miss you

Last week marked a sad point in the history of Open Source, the highly acclaimed and established Asterisk distribution was taken down from the Internet, leaving all of its users, followers, eco-system, resellers, integrators and more with a gigantic void to be filled.

While the void will be filled at some point, I can’t but help but observe the joy and cheerfulness of the proprietary telecommunications industry, as 3CX had rapidly taken over the Elastix business in such brutal manner. According to the various discussions in the Open Source community, the entire thing was cause by, a so called “violation of copyright” or “violation of IP” of some sort, within the Open Source communities. In the past, as far as I know, when various distributions or projects violated each other’s copyright, they would notify one another – and would ask to rectify the situation. Apparently, this hadn’t happened here – or if it happened, it wasn’t published in an open manner – as you would expect.

One of the things that the community started shouting was: “Elastix had been trixboxed”. Honestly, I don’t see the similarity between the two cases. When fonality acquired trixbox, they had a clear indication of where they are going. This is not 3CX acquired Elastix, this is 3CX obliterated Elastix. This is something completely different – and with major personas in the open source community indicating that a certain, well known and renowned, Open Source persona was involved in this happening, I can only be highly offended by the everlasting stench of people’s own ambition and personal hatred towards things that are not their own.

I admit it, I never really used Elastix in my projects, I found it to be bloated, inflated with software that shouldn’t be there, too slow for my taste and with a lack of proper project leadership, patches went in and out like crazy. Yet, I can’t argue with their success and the acceptance of the product around the world. I remember being at VoIP2Today in Madrid only a few weeks ago, and there were Elastix boxes sitting on tables. Yes, Elastix wasn’t my first choice for an Office PBX, but yes, they were a choice – the idea of a commercial company coming in and removing that choice off the table – is just annoying and troubling at the same time.

My hope is that some Elastix developers will simply post the entire source code to Github or some other public repository, slapping a BSD/MIT license on their work – telling the world: “Here is our creation, the proprietary daemons decided it should die – but no one can kill an idea!” – and Elastix will keep on living in the Open Source like other projects. If the world will forget it, then so be its fate – but if the world needs it, let the world take it in two hands and raise it up to the sky and say: “You shall not die!”

 

42 is not the answer!

screen-shot-2016-12-01-at-14-35-15How disappointing – one of my favorite childhood books lied to me. I’m 42 today, really, today I’m 42 – and yet, I still don’t have answers to the my own personal ultimate questions of life. I’m truly disappointed, I guess the universe just decided to play a really horrible joke on all of us geeks out there – when reaching the age of 42….

But, having said that, I do believe that I don’t have answers to the ultimate questions – I think I have answers to some other questions – mainly, these are more related to my own personal growth, personal acceptance, tolerance and the things I believe in and willing to stand for.

No, I’m not Superman or have any super powers – and while I’m a firm believer in the “American Way”, I can’t stay that I stand for it. What I do stand for, well, I would say in global that if one would try to describe the thing I stand for the most – that would be “Tolerance”. Tolerance is the thing that differentiates us from animals, from barbarians, from little babies that want something that another baby holds – and will stop at nothing to get it. Tolerance is the ability to look at things from a Macro level, not a Micro level. Tolerance is the ability to look at systems (technical, human, organizational, etc) and say: “Yes, that part seems a little odd in that place, but it seems that another part performs much better due to that part”. It’s the ability to accept that other people are different than I – and most importantly, being able to accept the fact that while I’m confident I’m right, it doesn’t mean someone else is wrong.

Ok, I can be as sarcastic as anybody else – sometimes sarcasm actually helps us move things forward. But I’ve learned that when I direct my sarcasm towards myself, this is when I actually yield interesting and positive results – not because I put myself down, it’s because I allow myself the benefit of the doubt of saying: “Seriously? like really, this is what you are thinking?”, the minute I do that – I come up with a better concept, which moves me forward – in other words, I’ve learned to judge myself in a more efficient manner.

Honestly, I have ZERO tolerance to the following things:

  1. People who just learned a certain technology and without even understanding it, try to superimpose it into each and every aspect of their work. This is like trying to screw in a philips head screw with a hammer, you’ll get the job done – but the result is messy.
  2. People who can’t listen to other people – if you are talking to me only to hear yourself talking, then get the f*** out of my face, I have no interest in what you have to say.
  3. People who say: “Oh, just give this to me and I’ll fix it” – and are saying it to be funny, you have no idea how annoying that is.
  4. People who say: “You just need to do 1, 2, 3, 4, 5 and you’re done”, without actually ever doing it themselves. If you can’t do it, or hadn’t done it with your own two hands, don’t tell me it’s simple and don’t tell me how to do it – because your opinion, as much as I value it, means nothing at that point in time – apart from irritating me.
  5. People who told me they took a class about something, then without even doing anything in that field of education, feel the need to give advice and guidance. That would be like taking a doctor fresh out of med-school, without doing any real time work in the ER or a medical facility – and letting him do open heart surgery. He may know the various theories and methodologies – but hell am I’m gonna allow that f*** wad to touch me with a scalpel.

So, am I turning into a crank guy? maybe, I guess age has its merits and its issues. So, here’s to myself, raising a toast with a wonderful glass of an 18 year old Irish Whiskey – the race has just began…

 

We are all probably taking crazy pills!

Recently, I can’t but escape the feeling that a great portion of the high tech industry is taking crazy pills, as part of its morning diet. Seriously, if we are not taking crazy pills, you can’t explain the overload of Legacy Tech that is rapidly making a comeback – under a new name and flag. Yes, buzz-words were always a thing of this industry, but seriously, don’t you feel this is getting a little over-done lately?

What am I talking about? Well, let’s take a look at some recent buzz-words and go through them:

IoT – Internet of Things

If you lookup the term in Google, you will surely find the following on Wikipedia:

The Internet of Things (IoT) is the network of physical objects—devices, 
vehicles, buildings and other items—embedded with electronics, software, 
sensors, and network connectivity that enables these objects to collect 
and exchange data. The IoT allows objects to be sensed and controlled 
remotely across existing network infrastructure, creating opportunities 
for more direct integration of the physical world into computer-based 
systems, and resulting in improved efficiency, accuracy and economic 
benefit; when IoT is augmented with sensors and actuators, 
the technology becomes an instance of the more general class of 
cyber-physical systems, which also encompasses technologies such as smart 
grids, smart homes, intelligent transportation and smart cities. Each thing 
is uniquely identifiable through its embedded computing system but is able 
to interoperate within the existing Internet infrastructure. Experts estimate 
that the IoT will consist of almost 50 billion objects by 2020.
<sup id="cite_ref-9" class="reference"></sup>

Cool – isn’t it? Well, the Internet of Things existed far before the term was invented. It simply looked a little different. We had devices with SIM cards or devices with some other form of interaction technology – and we didn’t use IP, we used something else. But the minute it used IP, it got the name “Internet of Things”, simply due to the relation to the IP protocol. Almost 10 years ago, an Asterisk based plant irrigation project was shown on the web. Is that IoT? maybe not, but the overall result is similar. Actually, it is exactly the same, 10 years before IoT – but if you can’t see that it is the same, you are taking crazy pills.

Contextual/Task Oriented Chat Bots

Oh my god – when people showed me slack for the first time, I really didn’t understand why they are so excited about it. To me it looked mostly like a glorified mash-up between IRC, EggDrop and fancy Pseudo-Agile management system.

Chat bots that do stuff? really? In 2001 I worked at a company where I had to monitor and
control a set of servers, interconnected with 6 different SMS connections to various carriers. In order to get this stuff working and also get it working from my mobile phone, I used a combination of Nagios, Kannel, EggDrop and IRC. I used the IRC server as my command and control interface, EggDrop carried commands from the IRC server over to the Kannel Server and the Nagios servers, to run remote tasks and test various elements.

In 1999, I consulted a company that was called eNow (back then, ChatScan). They were scanning thousands of IRC channels to Internet trend analysis. Now, think about it, we scanned these IRC channels using EggDrop. Simple, TCL based, IRC Bots that would roam the IRC networks in search of interesting things.

If you are wondering what EggDrop is, check out: http://www.eggheads.org/

Over Virtualising

Can someone please explain me the following scenario: You lease a cloud based, small foot print server from any of the cloud companies, you then run Docker it and create additional virtual machines on the VM instance.

Dude, might as well just have your own server with Proxmox, KVM or some other virtualisation container. I just don’t get it, the fact that you can do something, doesn’t always mean that this is what it is meant for.

The following video just shows this is the funniest way ever:

 

 

 

Python should be the first language you learn!

For the better part of the past 15 years, I’ve been a PHP developer. Really, I’ve developed everything in PHP, ranging from server side services, web services, backends – you name it, I’ve probably done it with PHP. Don’t get me wrong, I love PHP and it will always remain my language of choice for doing things really fast.

However, for the past year I’ve been increasingly developing with Python. I’ve always dabbled with Python, but never really had the chance to truly get down and dirty with it. Due to a couple of projects during the past year, specifically ones that involve Google AppEngine, I’ve had to sharpen my Python skills and get to a point where I can develop with the same agility that I have with PHP. Honestly, it wasn’t simple – sometimes I truly wanted to strangle someone with various errors a framework can spit at you. However, once you get around to reading the various cryptic messages Python may spit at you, getting around it and working with it is truly a delight.

So, why do I think Python should be the first language one learns? so here are my thoughts:

I started my coding days with BASIC, to be more accurate GW-BASIC (yes, I am that old). From that I moved to Pascal (Turbo Pascal to be more accurate), then C, then C++, C++ Builder, Visual C++ (yes, I did MFC at some point in my life as well). I then decided that my life is in the open source world – and thus, the track then went to PERL, JAVA and of course PHP. Honestly, somewhere around 2005, the mixture of C, JAVA and PHP truly gave me all the power I needed to do my job – so, I didn’t really find the time to learn a new language.

Then, about a year ago, I decided it’s high time to learn something new – specifically, I became increasingly interested in the Google AppEngine platform. Yes, I’ve been using Google Compute and other cloud platfroms for a few years now, I’ve used most of Amazon’s services, ranging from EC2 up to RedShift and their hosted Hadoop clusters. But when Google AppEngine came out, it only had Python, Java and GO to work with. Java is the least favorite language in my tool box – honestly, I hate it. I’ve never coded in GO, and didn’t really feel like starting out with it. And Python, well, I dabbled with it – but can’t say I’ve done something too serious with it. In 2014, Google added PHP support to Google AppEngine. Damn, that sounds cool – let’s play around with that. So, I built a few applications atop of AppEngine and the PHP SDK. I rapidly realized that while the PHP SDK gives you some power, Python is the more natural choice for AppEngine. So, I more or less sat my ass down for 3 days and decided to teach myself proper Python.

Took me about 3-4 days to get around the quirks of AppEngine and how to get it up and running using PyCharm (if you use Python, by far the best IDE I’ve seen). Then building up my first application, then migrating an existing application (a fairly big one), from PHP to Python on AppEngine. I then rapidly moved along to using easy_install, pip and the other Python tools that make life so easy for developers – honestly, right now, I can’t figure out why use anything else other than Python for shell environment tools. But, regardless of that, I honestly think Python is the first language you should teach students, not C/C++, not JAVA, not Ruby and surely not PHP (and I’m a huge PHP advocate).

Why do I say this? here are my main reasons:

  1. Python is objected oriented from the ground up, which means, that teaching object oriented programming using Python is easy and straight forward for new comers.
  2. Python is strong typed, which means that syntactical issues are dealt harshly – promoting proper usage of syntax, indentation, capitalization, variable handling – all the nice things that make good code – readable code.
  3. Python’s physical typing construct, where blocks of code must be tabulated in specific manner in order to make the code work in specific manner – is GENIUS. I’m very much a “Source Code Nazi” (Imagine that coming from a Jew, right?). For me, indentation, proper loop blocks, proper case blocks, making sure things are wrapped really tight without too many white spaces – this is what makes code look nice.
  4. Python is interpreted, not compiled – but yet, it is strong enough to hold the most complex multi-threaded of tasks.

In other words, if you take the above and teach to a new developer, someone who writes code for the first time in his life – your result will be a developer, that may not dish the best code at first (after all, a beginner), but it will be readable, manageable and maintainable. Python automatically promotes these by its structure, by its rigidness and by its agility at the same time.

As part of my academic studies, I’ve studied education and how to teach computer science to high school students. I’ve learned that you should start with Pascal or C, then move to Object Oriented, then move to more advanced stuff. I have one thing to say: BULLSHIT! Honestly, the first thing you need to teach is Python, after Python, the rest are just syntax. Nothing more, nothing less – pure, simple, straight forward syntax.

Would love to hear your opinion on this one…