22 Feb 10 Call Analytics – Beyond CDR analysis – Part I

“Oh, just get me the CDR’s and I’ll take it from there” – how many times have I heard these words before? I can’t even imagine the number of times in the past 15 years of IT/Telecom’s work that I’ve done and in the last 8 years of Asterisk in particular – when it comes to billing and fraud management, it would appear that the CDR’s are the Rosetta Stone of the industry.

Over the past 6 months, several of my friends and I had been asking ourselves this question: “Is there more to billing, fraud management and profit leakage? does it really all begins and ends with the CDRs?” – so, here we were, a group of 3 engineers dealing with telecom system and billing systems – we knew that the answer is a definite YES, however, how come most companies and system aren’t even aware of this, in such a way that causes them to leak telecom profits and waste their hard earned profit margins on simple accidental mis-interpretation of CDR records.

So, we’ve decided to sit down and start analyzing calls in real-time, trying to evaluate not only the CDR record that is received upon the completion of the call – but also understand the traversal path of the call, analyzing it in real time and evaluating it profit leakage potential. At the mean time, we’re concentrating our work on Asterisk, as it is the simplest for us to implement – however, we’re not focusing it only on that – we’ll looking at adding it to FreeSwitch, Yate, OpenSer/Kamailio, OpenSIPS and the various varients.

So, what have we done so far? well, one thing we never really had with any of the existing systems was a clear view of what’s going on “right-now” on our systems, so we said: “it would really be great if we could know how many call hits we’ve received during the past 15, 30, 45 or 60 minutes” – so here is what we made:

The above image shows our top 10 inbound DID numbers, as you can see these are in the 972 and 447 country codes (yes, we work mainly in Israel and the UK). At the backend, our servers are analyzing the data in real time, generating an active alert in the case a DID number’s statistics change in a somewhat drastic change, thus, establish a traffic anomaly. Another thing that interested us was our usage across multiple servers, which we are exhibiting in the below graph:

Now, as you can see, the top graph shows a discrete anomaly:

This anomaly indicates something went wrong on all our servers between 00:45 and 1:15, which gives us a fairly discrete period of time to seek for a problem in the system. What happened was that one of the guys updated a portion of the data traversal API – basically deleting it [we resumed full work after about 40 minutes].

So, where is it all going to? well simple, a new Open Source based service that we’ll be launching within a few months from now. Our intention is to provide a means for simple, straight forward, highly reliable, call analytics, fraud management and profit leakage analysis service. A service which is based upon a simple to use API on one hand and Open Source based data gathering agents. Our belief is that by analyzing large amounts of data, from multiple sources around the world, we’ll be able to ascertain the fingerprint of a telecom bound attack – being able to alert the respective users of the service and maybe in the later future, also provide a means to block the attack as it advances across the world.

I’ll be updating about our advancement as we go along, but for the time being, this is something I felt would interest you.

Tags: Application programming interface, Asterisk, Israel, opensource, Real-time computing, Rosetta Stone, Site Management, Statistics

21 Jan 10 Chinese Domain Scam Alert!

Over the years I’ve seen many scams running on the net. Ranging from the ever annoying chain mails to the ever popular Nigerian Sting – Internet fraud is all around us. Lately, I’ve been hit by a new type of fraud attack, a domain registration fraud attack – mainly located in China and Hong-Kong.

As you may know, I’m the owner and CEO of a company called GreenfieldTech, dealing with Asterisk and VoIP application and platform development. Now, we operate world wide and render services to some of the world biggest brand in the telecom industry. So, we take our copyright and brand very seriously, when we receive an indication that someone is or may be infringing our copyright or brand, we take a stand for it.

So, today I’ve received this email:

Dear CEO, 

We are a domain name registrar centre in HongKong,and in charge of the registeration in
Asia, We have something important need to confirm through your company. 

We received a formal application from a company called "Hempus International Holdings
Ltd" applying to register 

Internet keyword :     greenfieldtech 

Domain names :

 greenfieldtech.asia    
 greenfieldtech.cn    
 greenfieldtech.com.cn    
 greenfieldtech.hk    
 greenfieldtech.in    
 greenfieldtech.mobi    
 greenfieldtech.net.cn    
 greenfieldtech.tw

In China and also in Asia on January 21 2010. During our auditing procedure we find out
that the alleged "Hempus International Holdings Ltd" has no trade mark,Intellectual
property, nor patent even similar to that word. As authorized anti-cybersquatting
organization we hereby suspect the alleged "Hempus International Holdings Ltd" to be a 
domain grabber. Hence we need you confirmation for two things:

First of all, whether this alleged "Hempus International Holdings Ltd" is your business
partner or distributor in China.

Secondly, Whether do you need to protect the intellectual property right which should have
belonged to you?. (The alleged "Hempus International Holdings Ltd" will be entitled to obtain
a domain not needed by  original trademark owner.)
If you are not in charge of this please transfer this email to appropriate dept.in order to
deal with this issue better, please let someone who is  responsible for trademark or domain
name contact me as soon as possible.
_____________________________________________________________________________________________
 Confidentiality Notice: This is a letter for confirmation. If the mentioned third party is
 your business partner or distributor in China please DO NOT reply.  We will automatically
 confirm application from your business partner after this audit procedure.we have to notify
 you,and our registration organization are  not responsible for any dispute questions about
 trade mark,intellectual property nor patent after they succeed in registration.hope you can
 understand.thank you.
 ____________________________________________________________________________________________

Sincerely,
  kaka.xu

Sponsoring Registrar:sk holdings company ltd 
 Web:www.sk-dns.org/www.asia-gov.com
 Tel:00852-95660489 / 00852-95660103 
 Fax:00852-30696940

Email:kaka.xu@skdns.org/

Address: 3A, Units 20/F, Far East Consortium Bldg, 121 Des Voeux Road, Central, Hong Kong

kaka.xu

2010.01.21

So, this is obviously a scam, as when I searched the alleged company, I couldn’t find anything. However, the term “International Holdings Ltd.” had produced many scam alerts and related information popped up everywhere. Now, bear in mind that this is the 10th time them past 2 months that I’m receiving such emails. So, I’ve formulated the following response to them, and you are welcome to use it:

Dear Kaka,

Thank you for contacting us in regards to this matter, to be completely frank with you,
we’ve received over the past 2 months a similar request/demand from various Asian registrars
in China/Hong-Kong. Through our contacts in the far-east, we’ve concluded that your
request/demand is fraudulent, and that the company you indicated doesn’t even exist.
Please note that your approach to us claiming that someone wants to infringe our copyright
and brand had been noted and passed to our legal department. In addition, we’ve forwarded your
email and general company information to various SPAM, Abuse and Security teams that are in
contact with us around the world (mainly, [Mention your really BIG business partners and
large customers here - also through in some ISPs in the far-east, specifically China). Should
your company register ANY of the below mentioned domain names or keywords, following this email,
we shall be forced to follow legal actions in accordance to the laws of the state of [Put your
country here] and other countries where our company has representatives or local business
engaged partners.

P.S.

[Always add a personal note - and refer to something in the mail they sent, for example]

On a personal note, when sending emails to anyone in Israel, I would suggest that you choose a
different name, other than Kaka. Kaka in Hebrew is directly related to the bodily function of
purging waste – also known as taking a dump in the toilet.

Tags: Asia, China, Domain name registrar, economy, GreenfieldTech, HongKong, Intellectual property, internet, Israel, Law, Microsoft, Trademark, violations, Voice over Internet Protocol

13 Oct 09 Astricon 2009 – Glendale, AZ – Part I

Well, as some of you know, I’ll be speaking at this week’s AstriCon convention, being held in Glendale, AZ. I guess that in normal days I wouldn’t be starting to write about it prior to the actual convention, however, this time I decided to write about it earlier. I guess the title of this post can be changed to: Tosche Mark Spencer.

In order to understand what I’m talking about, we need to take a trip down memory lane, to be more exact – 2.5 years back memory lane.

Date: January 2007, Location: Tel-Aviv, Israel. Mark Spencer along side with Schuyler Deerman of Digium are on their way for their first time visit to Israel. Both of them are flying to Israel together after spending their Christmas holidays in the Middle East, mainly Egypt. Back at that time, I used to work for a company called Atelis – we were the Digium Israeli distributor. To make a long story short, Mark and Schuyler got held up at the airport for almost 4 hours, by Israeli security. The only thing that helped was for me to call my brother in-law, back then at the NY Israeli consulate, to try and find out what happend to both of them. Aparently, they were held up for questioning – without notifying anybody on the outside – who were waiting for them – what is going on.

Fast forward…

Date: October 2009, Location: Philadelphia, USA. I’m being held for a seconday inspection and the immigration control at the US border. The funny thing is, this is not my first trip to the US this year – I was here last February. The immigration officer looks at me and decideds that I’m a candidate for an illegal worker for some reason. Maybe the fact that I came in on an e-Ticket and didn’t have my itenirary printed throw him off, maybe the fact that I looked somewhat young to him, or maybe the fact that I’m continuing to Phoenix flagged me – I don’t know, in any case,
I’m now being held in secondary inspection, while I have only 50 minutes to get to my connecting flight – talk about turning up the heat. So, here I am, infront of this immigration officer, who I had to admit does his best to be polite and correct about the way he does his job. I gotta hand it to these guys, I guess they come across some of the worst scums in the world, and yet, they are able to sustain a professional and polite manner at all times – brava. Any way, he starts questioning me about my travel to the US, who paid for it, where am I going, where do I work, etc, etc. So, I
start explaining to him what AstriCon is, giving the guy the 5 minute “Asterisk is” introduction, and for some reason, it doesn’t really cut it with him. So, I decide to pull out the ultimate weapon – The Internet. I ask him if he’s able to logon to www.astricon.net and see that my picture is on the website. He looks the site up and indeed my picture is on there. The guy is now convinced that I’m here to lecture and nothing more – thank god. I get my passport back, pick up my stuff and run like the wind to my connecting flight – getting to it right before they close the boarding doors.

So, although I didn’t get the same 4th degree Mark/Schuyler did, I understand what they must have felt like in there. I guess it could have been worse, another guy that was in there with me got deported back to where he came in from (don’t know where that was) – not a very pleasent scenario.

Points for travelers

1. You’re coming to the USA, have your itenirary printed and ready
2. Have you flight invoices printed and hotel reservations printed – it may be required
3. If you are staying with friends, not at a hotel – state that when asked, don’t hide it.
4. If you had memorized your answers, these guys will pick up on it really easy – they know their job.
5. If you are lecturing in a convention or tradeshow, make sure you can point the officer to an online mention of your talk – this helps smooth things faster.

Tomorrow’s update – AstriCon Cloud Computing class

Tags: Asterisk, Border Control, Cloud computing, Immigration, Israel, Mark Spencer, Passports, Schuyler Deerman

01 Apr 09 Asterisk updates, rants and raves

Well, I guess it’s time for another Israeli Asterisk update post – one that was well due a long time now. This post was written after the recent hectic 3 weeks of Asterisk events and news here in Israel. So, I guess we’ll open with some news – beep, beep, beep.

Asterisk based Contact Centers

EasyRun, a world wide provider of Call Center and Contact Center solutions had announced the availability of its EpicAcce solution.

EasyRun Partners with Xorcom to Offer the Industry’s First Enterprise Grade PBX Agnostic Contact Center

EPICAcce Delivers the Industry’s First PBX Agnostic Enterprise Grade Contact Center Solution

For those in the know, the EpicAcce solution is based upon the Asterisk Open Source PBX system, bundled inside a Xorcom XR3000 appliance. I’m proud to say that I had some involvement in the development of this product, mainly, having trained the EasyRun lead developers in the workings of Asterisk – in the first Asterisk Bootcamp that was held in Israel last year. The EpicAcce appliance is defined as a PBX agnostic contact center solution, thus, it will work in any type of PBX or enterprise installation – making it the ideal solution for any company wishing to embed a contact center to their customer care, without the requirement of changing their entire company telephony infrastructure. In addition, the same unit can also be used as a the company PBX system – after all, it is based on Asterisk underneath and FreePBX as the management interface for Asterisk.

Asterisk gains recognition by the TheMarker.Com

About 3 weeks ago, I got interviewed by Amitai Ziv, a telecom reported from the TheMarker.Com IT news section. The interview (in hebrew) is available at the following URL:

http://it.themarker.com/tmit/article/6255

Now, while the article had mentioned about 25% of the actual interview and also summed up various statements from other people two, in general, it was very supportive of the Asterisk initiative and movement in Israel. I guess, well at least from my point of view, this article is a valid turning point – where the Israeli main stream industry acknowledges Asterisk as a valid business viable solution. In addition, as the founding father of the Israeli Asterisk users forum (www.asterisk.org.il) it is a great honor to be interviewed for this magazine. Sure, I make a living from promoting Asterisk and developing Asterisk based platforms, but having your face (although a horid picture) in the paper and having your name mentioned in a positive manner – is always a good thing.

Israeli Telecom Manager Club recognizes Asterisk

Yesterday I attended the “Israeli Telecom Manager’s Club” quarterly meeting, which was focused entirely on the viability of Asterisk and other Open Source based solutions. While most of the audience was made of large companies and captains of industry (Coca-Cola, TEVA, Israeli Electric Company, others) – I didn’t get the dreaded lazy eye I got almost 3 years ago.

When I started promoting Asterisk in Israel, almost 7 years ago, people looked at me as the crazy guy that has no idea what he was talking about. After all, I was an IP/Web technologies engineer, suddenly, starting to talk about telephony – in a world where 50 year old engineers were controlling and dominating entirely. Suddenly, a new kid on the block comes in and says: “Listen, Open Source can do it as good – if not better“. Yesterday was a turning point, suddenly, all these people came in to listen to me, preach and promote, both Asterisk and proper Open Source adoptation and GPL compliancy.

Israel is changing, companies start realizing that using GPL and modifying GPL products isn’t something to be taken lightly – it must be done with experts, and people that actually know what they are doing in the Open Source world. The old time Open Source geeks are starting to gain the industry recognition – Israel is finally starting to reach the state where the US and Europe are currently located at.

Digium announces availability of Support Services

This is not the first time Digium had tried doing this – first time was about 2.5 years ago. The current support services are based upon a signed service agreement, allowing the customer to receive phone based support services. According to the Digium website, the pricing model is as following:

                               SMB L1   SMB L2   Enterprise L3   Enterprise L4
Included Systems (Servers)        1         1          Up to 5         Up to 10
Included Cases (Incidents)        2         5             10           Unlimited
Additional Server Price           —         —          $495.00         $395.00
Named Contacts                    1         1             1                3
Price - 1 Year Subscriptions   $595.00  $1,995.00     $3,995.00        $7,995.00

Ok, not that I have a problem with that – I guess in the world people are willing to pay upto 300$ for a support incident – however, in Israel, that makes no sense. Judging from my experience supporting Asterisk, over 90% of the support calls can be resolved in less than 30 minutes. Charging an amazing price of 300$ for remote hands support, for an incident of 30 minutes – that is outragous. It’s true, I’m a Digium fan and I promote their products where ever I go, however, in Israel – this model will not cut it.

My company, started rendering Asterisk support services in Israel back in December 2008. Our support model is completely different – making it ideal for the Israeli market. Our support model is based upon a base line service agreement, indicating that you pay a total of 2,300 Israeli Shekels (around $500) for up to 10 hours of phone based and remote hands support services. These are rendered for a single server only – additional servers will cost you a couple hundrad more shekels, but the overall agreement in terms of time remains in tact. People in Israel know that support cases happen once every few months, so paying an identical price for getting 2 incidents handled simply doesn’t make any sense in the Israeli Market.

TDM400 Compatible GSM Module

A new product on the market introduces a GSM module to the ever popular Digium TDM400P card. The new module, available at http://www.asteriskgsmmodule.com/index.html is a plug-in for the TDM400P card, allowing it to accept a GSM SIM card – instead of the standard FXO module.

Finally, a plug-in for Asterisk that negates the need to work with a GSM converter. The bad thing is that it requires a patch to the wctdm.c Zaptel driver, and aparently, isn’t yet available for DAHDI at all – but I guess this will be fixed in the short future. I surely hope that these guys will contact Digium and maybe introduce the driver into the main stream driver distro, after all, Digium doesn’t make GSM modules – so it’s no competing with any Digium product.

Tags: Asterisk, community, digium, EASYRUN, EPICACCE, GPL, GSM, Israel, open source, OpenVOX, sangoma, Xorcom

01 Dec 08 Today is a historic day

Today is a historic day – and I’m not referring to the fact that my birthday is today!

Israel had finally adopted the anti-spam act, where companies are no longer allowed to send you spam email, unless you had specifically granted them the permission to do so. While the act in itself isn’t a new one in the world, it is surely a turning point in the Israeli market.

Over the course of the Internet’s existence in Israel, spam was more or less a given evil that all of us were required to endure. While initially is was more or less non-targeted, brute-force enabled spam, as the years progressed – it became more and more sophisticated and targeted. Unlike the US, where most ISP’s proud themselves by not allowing SPAM providers work with them – Israel went the exact way around.

I can easily recall a period of time I was working at one of Israel’s ISP’s, which was using a SUN Solaris based mail system. One of the customers wanted to utilize that system to send hundreds of thousands of emails to people, however, the system wasn’t able to carry the load. I was recruited to the task under the false pretence that the company (the ISP) needed additional mail-relays. I remember building one of the biggest mail relays I’ve even seen (well, at least in 1999) – a cluster of 6 Linux servers running Qmail. I later on learned that my highly evolved MX relay environment was actually re-configured to allow open relaying from specific IP numbers, thus, allowing spammers to spam from that specific ISP at ease. In addition, later on, the same ISP went on selling its email lists to spam databases as “verified email lists”, charging almost a dollar per email (over 50,000 subscribers in the list).

Over the course of the past 3 weeks, I’ve been getting emails from various emails I’ve been trying to get off from, asking me to confirm my membership with the list. I hadn’t confirmed these, simply waiting and lurking for the first spam message that comes in from one of these lists – and immediately following with a complaint to receive my 1000 Shekels for receiving their unsolicited spam.

So, in my book, December 1st 2008 is a day to remember and honor – and I will surely do so for the years to come (at least until some government ass-hole comes along and negates the act that is).

Tags: Anti-Spam Act, ISP, Israel, Qmail, Spam