As the world around changes, services are rapidly changing from human rendered services, to bots and applications that run on your mobile device. Ranging from your local pizza shop, to a multi-billion corporation – all are rapidly moving to the bot/application economy paradigm – in order to facilitate growth and lower their TCO.

According to SkyHigh Networks study, the following may come as a shock to most – but most  enterprises will use up to 900 different cloud applications. These require an amazing number  of over 1,500 different cloud services in order to work. Out of these 1,500 cloud services, a group of 50 top-most cloud services can be observed, normally relating directly to infrastructure – we’ll call these “Super Clouds”.

The “Super Clouds” can be divided into several “Primary” groups:

– Infrastructure Clouds (Amazon AWS, Google Compute, Microsoft Azure, etc.)
– Customer Relation Clouds (Salesforce, ZenDesk, etc.)
– Real Time Communication Clouds (Twilio, Nexmo, Tropo, etc.)

It is very common for a company to work solely with various cloud services – in order to provide a service. However, using cloud services has a tipping point, which is: “When is a cloud service no longer commercially viable for my service?” – or in other words: “When do I become Uber for  Twilio?”

Twilio’s stock recently dropped significantly, following Uber’s announcement – http://bit.ly/2rVbzxG. Judging from the PR, Uber was paying Twilio over $12M a year for their services, which means that for same cash, Uber could actually buyout a telecom company to do the same service. And apparently, this is exactly what’s going to happen, as Uber works to establish the same level of service with internal resources.

Now, the question that comes to mind is the following: “What is my tipping point?” – and while most will not agree with my writing (specifically if they are working for an RTC Cloud service), every, and I do mean EVERY type of service has a tipping point. To figure out an estimate your tipping point, try following the below rules to provide an “educated guess” of your tipping point – before getting there.

Rules of Thumb

  • Your infrastructure cloud is the least of your worries
    As storage, CPU, networking and bandwidth costs drop world-wide – so does your infrastructure costs. IaaS and PaaS providers are constantly updating prices and are in constant competition. In addition, when you commit to certain sizing, they can be negotiated with. I have several colleagues working at the 3 main competitors – they are in such competition, where they are willing to pay the migration prices and render services for up to 12 or 24 months for free, in order to get new business.
  • Customer Relation Clouds hold your most critical data
    As your service/product is consumer oriented, your customers are your most important asset. Take great care at choosing your partner and make sure you don’t outgrow them. In addition, make sure that if you use one, you truly need their service. Sometimes, a simple VTiger or other self hosted CRM will be enough. In other words, Salesforce isn’t always the answer.
  • Understand your business
    If your business is selling rides (Uber, Lyft, Via, etc), tools like Twilio are a pure expense. If your business is building premium rate services or providing custom IVR services, Twilio is part of your pricing model. Understand how each and every cloud provider affects your business, your bottom line and most importantly, its affect on the consumer.

Normally, most companies in the RTC space will start using Amazon AWS as their IaaS and services such as Twilio, Plivo, Tropo and others as their CPaas. Now, let us examine a hypothetical service use case:

– Step 1: User uses an application to dial into an IVR
– Step 2: IVR uses speech recognition to analyze the caller intent
– Step 3: IVR forwards the call to a PSTN line and records the call for future transcription

Let us assume that we utilize Twilio to store the recordings, Google Speech API for transcription, Twilio for the IVR application and we’re forwarding to a phone number in the US. Now, let’s assume that the average call duration is 5 minutes. Thus, we can extrapolate the following:

– Cost of transcription using Google Speech API: $0.06 USD
– Cost of call termination: $0.065 USD
– Cost of call recording: $0.0125 USD
– Cost of IVR handling at Twilio: $0.06 USD

So, where is the tipping point for this use case? Let’s try and separate into 2 distinct business cases: a chargeable service (a transcription service) and a free service (eg. Uber Driver Connection).

  • A Chargeable Service
    Assumption: we charge a flat $0.25 USD per minute
    Let’s calculate our monthly revenue and expense according to the number of users and minutes served.

– Up-to 1,000 users – generating 50,000 monthly minutes: $12,500 – $9,625 = $2,875
– Up-to 10,000 users – generating 500,000 monthly minutes: $125,000 – $96,250 = $28,750
– Up-to 50,000 users – generating 2,500,000 monthly minutes: $625,000 – $481,250 = $143,750

Honestly, not a bad model for a medium size business. But the minute you take in the multitude of marketing costs, office costs, operational costs, etc – you need around 500,000 users in order to truly make your business profitable. Yes, I can negotiate some volume discounts with Twilio and the Google, but still, even after that, my overall discount will be 20%? maybe 30% – so the math will look like this:

– Up-to 1,000 users – generating 50,000 monthly minutes: $12,500 – $9,625 = $2,875
– Up-to 10,000 users – generating 500,000 monthly minutes with a 30% discount: $125,000 – $48,475 = $57,625
– Up-to 50,000 users – generating 2,500,000 monthly minutes with a 30% discount: $625,000 – $336,875 = $288,125

But, just to be honest with ourselves, even at a monthly cost of $48,475 USD, I can actually build my own platform to do the same thing. In this case, the 500,000 minutes mark is very much a tipping point.

  • A Free Service
    Assumption: we charge a flat $0.00 USD per minute
    Let’s calculate our monthly revenue and expense according to the number of users and minutes served.

– Up-to 1,000 users – generating 50,000 monthly minutes: $9,625
– Up-to 10,000 users – generating 500,000 monthly minutes with a 30% discount: $48,475
– Up-to 50,000 users – generating 2,500,000 monthly minutes with a 30% discount: $336,875

In this case, there is just no case in building this service using Twilio or a similar service, because it will be too darn expensive from the start. Twilio will provide a wonderful test bed and PoV environment, but when push comes to shove – it will just not hold up the financial aspects.This is a major part why services such as Uber, Lyft, Gett and others will eventually leave Twilio type services, simply due to the fact that at some point, the service they are consuming becomes too expensive – and they must take the service back home to make sure they are competitive and profitable.

When Greenfield started working on Cloudonix – we understood from the start the above growth issue, and that’s why Cloudonix isn’t priced or serviced in such a way. In addition, as Cloudonix includes the ability to obtain your own slice of Cloudonix or even your own on premise installation – your investment is always safe.

To learn more about our Cloudonix CPaaS and our On-premise offering, click here.

Following yesterday’s post, I’ve decided to take another set of data – this time following the start of the year, with a specific data profile. What is the profile? I will describe:

  1. The honeypot server in this case was a publically accessible Kamailio server
  2. The honeypot changed its location and IP every 48 hours, over a period of 2 weeks
  3. The honeypot was always located in the same Amazon AWS region – in this case N.California
  4. All calls were replied to with a 200 OK, followed by a playback from an Asterisk server

In this specific case, I wasn’t really interested in the attempted numbers, I was more interested to figure out where attacks are coming from. The results were fairly surprising:

The above table shows a list of attacking IP numbers, the number of attempts from each IP number – and the origin country. For some weird reason, 97% of potential attacks originated in Western Europe. In past years, most of the attempts were located in Eastern European countries and the Far-East, but now this is Mainland Europe (Germany, France, Great Britain).

Can we extrapolate from it a viable security recommendation? absolutely not, it doesn’t mean anything specific – but it could mean one of the following:

  1. The number of hijacked PBX systems in mainland Europe is growing?
  2. The number of hijacked Generic services in mainland Europe is growing?
  3. European VoIP PBX integrators are doing a lousy job at securing their PBX systems?
  4. European VPS providers pay less attention to security matters?

If you pay attention to the attempts originating in France, you would notice a highly similar IP range – down right to the final Class-C network, that is no coincidence, that is negligence.

Now, let’s dig deeper into France and see where they are attempting to dial:

So, on the face of it, these guys are trying to call the US. I wonder what are these numbers for?

Ok, that’s verizon… let’s dig deeper…

Global Crossing? that is interesting… What else is in there???

 

So, all these attempts go to Landlines – which means, these attempts are being dialed most probably into another hijacked system – in order to validate success of finding a newly hijacked system.

Well, if you can give me a different explanation – I’m all open for it. Also, if any of the above carriers are reading this, I suggest you investigate these numbers.

 

 

Who would believe, in the age of Skype, Whatsapp and Facebook – telephony fraud, one of the most lucrative and cleanest form of theft – is still going strong. Applications of the social nature are believed to be harming the world wide carrier market – and carrier are surely complaining to regulators – and for a legitimate reason. But having said that, looking at some alarming fraud attempt statistics, thing will show you a fairly different story.

So, analysing fraud is one of my things, I enjoy dropping honeypots around the world, let them live for a few days and then collect my data. My rig is fairly simplistic:

  1. A have a Homer (www.sipcapture.org) server to capture all my traffic
  2. A have an amazon AWS cloudformation script that launches up instances of Asterisk, FreeSwitch and Kamailio
  3. All instances are pre-configured to report anything back to Homer
  4. Upon receiving a call – it will be rejected with a 403

Why is this a good honeypot scheme? simple – it gives the remote bot a response from the server, making it keep on hitting it with different combinations. In order to make the analysis juicy, I’ve decided to concentrate on the time period between 24.12.2016 till 25.12.2016 – in other words, Christmas.

I have to admit, the results were fairly surprising:

  1. A total of 2000 attacks were registered on the honeypot server
  2. The 2 dominant fraud destinations were: The palestinian authority and the UK
  3. All attacks originated from only 5 distinct IP numbers

Are you wondering what the actual numbers are? Here is the summary:

Row Labels 185.40.4.101 185.62.38.222 195.154.181.149 209.133.210.122 35.166.87.209 Grand Total
441224928354 19         19
441873770007       204   204
76264259990     1     1
17786514103         2 2
972592315527   1774       1774
Grand Total 19 1774 1 204 2 2000

As you can see, the number 972592315527 was dailed 1774 from a single IP – 185.62.38.222. I can only assume this is a botnet of some sort, but the mix of IP numbers intrigued me. So, a fast analysis revealed the following:

Amsterdam? I wonder if it’s a coffee shop or something. The thing that also intrigued me was the phone number, why would the bot continue hitting the same mobile phone number? I couldn’t find any documentation of this number anywhere. Also, the 97259 prefix automatically suggests a mobile number in the PA, so my only conclusion would be that this is a bot looking for a “IPRN” loop hole – which is again fraudulent.

So, if this what happens in 48 hours – you can imagine what happens over a month or a year.

DISCLAIMER:

The above post contains only partial information, from a specific server on a network of worldwide deployed honeypots. The information provided as-is and you may extrapolate or hypothesize what it means – as you see fit. I have only raised some points of discussion and interest.

Should you wish to join the lively discussion on HackerNews, please follow this link: https://news.ycombinator.com/item?id=13354693 for further discussion.

 

 

 

Last week marked a sad point in the history of Open Source, the highly acclaimed and established Asterisk distribution was taken down from the Internet, leaving all of its users, followers, eco-system, resellers, integrators and more with a gigantic void to be filled.

While the void will be filled at some point, I can’t but help but observe the joy and cheerfulness of the proprietary telecommunications industry, as 3CX had rapidly taken over the Elastix business in such brutal manner. According to the various discussions in the Open Source community, the entire thing was cause by, a so called “violation of copyright” or “violation of IP” of some sort, within the Open Source communities. In the past, as far as I know, when various distributions or projects violated each other’s copyright, they would notify one another – and would ask to rectify the situation. Apparently, this hadn’t happened here – or if it happened, it wasn’t published in an open manner – as you would expect.

One of the things that the community started shouting was: “Elastix had been trixboxed”. Honestly, I don’t see the similarity between the two cases. When fonality acquired trixbox, they had a clear indication of where they are going. This is not 3CX acquired Elastix, this is 3CX obliterated Elastix. This is something completely different – and with major personas in the open source community indicating that a certain, well known and renowned, Open Source persona was involved in this happening, I can only be highly offended by the everlasting stench of people’s own ambition and personal hatred towards things that are not their own.

I admit it, I never really used Elastix in my projects, I found it to be bloated, inflated with software that shouldn’t be there, too slow for my taste and with a lack of proper project leadership, patches went in and out like crazy. Yet, I can’t argue with their success and the acceptance of the product around the world. I remember being at VoIP2Today in Madrid only a few weeks ago, and there were Elastix boxes sitting on tables. Yes, Elastix wasn’t my first choice for an Office PBX, but yes, they were a choice – the idea of a commercial company coming in and removing that choice off the table – is just annoying and troubling at the same time.

My hope is that some Elastix developers will simply post the entire source code to Github or some other public repository, slapping a BSD/MIT license on their work – telling the world: “Here is our creation, the proprietary daemons decided it should die – but no one can kill an idea!” – and Elastix will keep on living in the Open Source like other projects. If the world will forget it, then so be its fate – but if the world needs it, let the world take it in two hands and raise it up to the sky and say: “You shall not die!”

 

Developers! We are the modern day artists, the masters of the keyboard and the sculptors of algorithms and ideas. We turn obscure thought and imagination into real life creations, capable of doing things previously not done (well, at least not in the same form). As such, we are individuals and unique – each one of us in our own way. Whether we develop a mobile app or a web application, our unique style, way of thought, organization and coding style will be reflected into our creation – we can’t help it, this is who we are.

About 2 years ago I’ve done a project for a start-up company in Israel, where I developed a full blown switching environment for them. I worked on that project for around 9 months and how shall I put it, my name was all over the place. Normally, when I take a piece of code from the OpenSource/PublicDomain, I will document where it came from within the code – then I will add a simple remark next to my modifications.

So, the other day I met one of the new developers working on the project – who didn’t know I was the original developer. And he told me about some issue that he was having with his project – so, in a very natural way, I pointed out to him that the original code wasn’t meant to work like that, specifically, he should into a specific function to resolve the issue and add some additional code to make it work as he wanted. The guy was shocked – “What the hell? are you psychic or something? how can you know that?” – I replied – “Well, I wrote the damn code, I should know”, which followed by me showing him the original source code on my computer. The guy said: “Yes, that is the source code, but all the remarks of the original source code are gone”. Seems that following my departure from the project, someone went into great length in order to remove the various comments I’ve put into the code, to make its origins as unclear as possible.

So, on one hand, I truly understood it – after all, the guy running the show doesn’t want the new people to call up the previous developers and exposing new stuff to them – even if by mistake. On the other hand – Dude, are you really that lame? are you really the afraid that your team will know who wrote the original code?. Source code is a living organism, it is an unique as the person who wrote it and will evolve and change as more people write more code. The Asterisk project still contains remarks that Mark Spencer put back in 2002 – and they are no longer relevant to the existing code, but only to an obscure part of the original code – but it’s still there.

So, to sum up, I never remove remarks that other people wrote from my code – it’s rude, it’s bad practice and worst of all – it’s ugly and disrespectful. Developer will join and leave a project, show your minimal level of respect by respecting their code and their remarks, leave them where they are – removing them is just like performing an act of murder.