Mark Collier
2014-03-21 01:21:38 UTC
Thanks for the information !
From: Roberta Aronoff <***@CohnReznick.com<mailto:***@CohnReznick.com>>
Date: Sunday, March 9, 2014 at 2:09 PM
To: "***@transnexus.com<mailto:***@transnexus.com>" <***@transnexus.com<mailto:***@transnexus.com>>, 'Paul Timmins' <***@timmins.net<mailto:***@timmins.net>>
Cc: 'Christopher Aloi' <***@gmail.com<mailto:***@gmail.com>>, Mark Collier <***@securelogix.com<mailto:***@securelogix.com>>, "***@voipsa.org<mailto:***@voipsa.org>" <***@voipsa.org<mailto:***@voipsa.org>>, "***@voiceops.org<mailto:***@voiceops.org>" <***@voiceops.org<mailto:***@voiceops.org>>
Subject: CFCA - GSMA Hot B List
Jim –
I have been in contact with David Maxwell who is my counterpart with the GSMA Fraud Forum and he has responded as follows:
“CFCA vendor members may only incorporate the list of numbers and ranges into solutions that are provided to CFCA or GSMA members that already receive (or are entitled to receive) the information from CFCA or GSMA. The CFCA vendors may not share or incorporate the information into solutions that are made available to non-members of GSMA or CFCA.”
Please email or call me if you have any questions.
Regards,
Roberta
Roberta Aronoff
Director
CohnReznick Advisory Group
Tel: 973-871-4036
Mobile: 201-965-1270
Fax: 973-871-4075
***@CohnReznick.com<mailto:***@CohnReznick.com>
[cid:***@0694ab72.48b1eaae]<http://www.cohnreznick.com>
From: Jim Dalton [mailto:***@transnexus.com]
Sent: February 24, 2014 1:15 PM
To: 'Paul Timmins'
Cc: 'Christopher Aloi'; 'Mark Collier'; ***@voipsa.org<mailto:***@voipsa.org>; ***@voiceops.org<mailto:***@voiceops.org>; ***@cfca.org<mailto:***@cfca.org>
Subject: RE: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
The CFCA may not want that information shared publicly. It would be best to ask them directly at ***@cfca.org <mailto:***@cfca.org%A0>
From: Paul Timmins [mailto:***@timmins.net]
Sent: Monday, February 24, 2014 1:04 PM
To: ***@transnexus.com<mailto:***@transnexus.com>
Cc: 'Christopher Aloi'; 'Mark Collier'; ***@voipsa.org<mailto:***@voipsa.org>; ***@voiceops.org<mailto:***@voiceops.org>
Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
How many entries are on the list, and how quickly are they added? Mulling over the $2500 cost of membership to gain access.
On Mon, 02/24/2014 12:43 PM, "Jim Dalton" <***@transnexus.com<mailto:***@transnexus.com>> wrote:
It is a list of subscriber numbers that have been identified as destinations for fraudulent calls. The list is compiled by members of the GSM Fraud Forum and the CFCA.
In addition to the subscriber number, the list identifies the organization that submitted the number and the reason why.
Jim Dalton
TransNexus
From: Christopher Aloi [mailto:***@gmail.com]
Sent: Monday, February 24, 2014 10:50 AM
To: Jim Dalton
Cc: J. Oquendo; Hiers, David; ***@voiceops.org<mailto:***@voiceops.org>; Mark Collier; ***@voipsa.org<mailto:***@voipsa.org>
Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
What does the "International Revenue Fraud Number Database" on cfa.org<http://cfa.org> contain?
I agree it's tricky to block based on hosts, you hit one and the others start popping up.
-- Christopher Aloi
-- ***@gmail.com<mailto:***@gmail.com>
On Fri, Feb 21, 2014 at 4:17 PM, Jim Dalton <***@transnexus.com<mailto:***@transnexus.com>> wrote:
One option maybe to cooperate with the Communications Fraud Control
Association (www.cfca.org<http://www.cfca.org>). They do vet their members, but they do not
have a mailing list. The association also has an annual membership fee.
Jim Dalton
-----Original Message-----
From: VoiceOps [mailto:voiceops-***@voiceops.org<mailto:voiceops-***@voiceops.org>] On Behalf Of J.
Oquendo
Sent: Friday, February 21, 2014 3:38 PM
To: Hiers, David
Cc: ***@voiceops.org<mailto:***@voiceops.org>; Mark Collier; ***@voipsa.org<mailto:***@voipsa.org>
Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
Indeed which is why I stated:
1) Private mailing list - to prevent talks from being seen
2) NON freemail addresses - easier to establish that this individual works
for this company, therefore its highly unlikely he is going to throw
himself, and or his company, under the bus passing bogus information.
The "private mailing list" is not to try to start some secret club, VoIP
Gestapo. It is merely to be able to share data, methods, etc., with other
peers in an effort to keep our networks from piping out 100s of thousands of
dollars in toll fraud. PERIOD. ANYONE is open to participate, with the
clause that we want to, and NEED to be able to trust data. Otherwise it will
never work.
I will re-think this over the weekend and have a take two.
I think it could, and would work. I do also believe that there are likely
individuals even on this list, that would not like the idea much, so hosting
decisions need be met, etc., in order to keep away DDoS attacks, reputation
based attacks, and so forth. That's my train of thought though.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of real peace" -
Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
_______________________________________________
VoiceOps mailing list
***@voiceops.org<mailto:***@voiceops.org>
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
***@voiceops.org<mailto:***@voiceops.org>
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
***@voiceops.org<mailto:***@voiceops.org>
https://puck.nether.net/mailman/listinfo/voiceops
CohnReznick LLP
Circular 230 Notice: In compliance with U.S. Treasury Regulations, the information included herein (or in any attachment) is not intended or written to be used, and it cannot be used by any taxpayer for the purpose of i) avoiding penalties the IRS and others may impose on the taxpayer or ii) promoting, marketing or recommending to another party any tax related matters.
The information in this transmission is privileged and confidential and intended only for the recipient listed above. If you are not the intended recipient, please advise the sender immediately by
reply e-mail and delete this message and any attachments without retaining a copy. If you are not the intended recipient, you are hereby notified that any disclosure, copying or distribution of this message, or the taking of any action based upon it, is strictly prohibited. Thank you.
From: Roberta Aronoff <***@CohnReznick.com<mailto:***@CohnReznick.com>>
Date: Sunday, March 9, 2014 at 2:09 PM
To: "***@transnexus.com<mailto:***@transnexus.com>" <***@transnexus.com<mailto:***@transnexus.com>>, 'Paul Timmins' <***@timmins.net<mailto:***@timmins.net>>
Cc: 'Christopher Aloi' <***@gmail.com<mailto:***@gmail.com>>, Mark Collier <***@securelogix.com<mailto:***@securelogix.com>>, "***@voipsa.org<mailto:***@voipsa.org>" <***@voipsa.org<mailto:***@voipsa.org>>, "***@voiceops.org<mailto:***@voiceops.org>" <***@voiceops.org<mailto:***@voiceops.org>>
Subject: CFCA - GSMA Hot B List
Jim –
I have been in contact with David Maxwell who is my counterpart with the GSMA Fraud Forum and he has responded as follows:
“CFCA vendor members may only incorporate the list of numbers and ranges into solutions that are provided to CFCA or GSMA members that already receive (or are entitled to receive) the information from CFCA or GSMA. The CFCA vendors may not share or incorporate the information into solutions that are made available to non-members of GSMA or CFCA.”
Please email or call me if you have any questions.
Regards,
Roberta
Roberta Aronoff
Director
CohnReznick Advisory Group
Tel: 973-871-4036
Mobile: 201-965-1270
Fax: 973-871-4075
***@CohnReznick.com<mailto:***@CohnReznick.com>
[cid:***@0694ab72.48b1eaae]<http://www.cohnreznick.com>
From: Jim Dalton [mailto:***@transnexus.com]
Sent: February 24, 2014 1:15 PM
To: 'Paul Timmins'
Cc: 'Christopher Aloi'; 'Mark Collier'; ***@voipsa.org<mailto:***@voipsa.org>; ***@voiceops.org<mailto:***@voiceops.org>; ***@cfca.org<mailto:***@cfca.org>
Subject: RE: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
The CFCA may not want that information shared publicly. It would be best to ask them directly at ***@cfca.org <mailto:***@cfca.org%A0>
From: Paul Timmins [mailto:***@timmins.net]
Sent: Monday, February 24, 2014 1:04 PM
To: ***@transnexus.com<mailto:***@transnexus.com>
Cc: 'Christopher Aloi'; 'Mark Collier'; ***@voipsa.org<mailto:***@voipsa.org>; ***@voiceops.org<mailto:***@voiceops.org>
Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
How many entries are on the list, and how quickly are they added? Mulling over the $2500 cost of membership to gain access.
On Mon, 02/24/2014 12:43 PM, "Jim Dalton" <***@transnexus.com<mailto:***@transnexus.com>> wrote:
It is a list of subscriber numbers that have been identified as destinations for fraudulent calls. The list is compiled by members of the GSM Fraud Forum and the CFCA.
In addition to the subscriber number, the list identifies the organization that submitted the number and the reason why.
Jim Dalton
TransNexus
From: Christopher Aloi [mailto:***@gmail.com]
Sent: Monday, February 24, 2014 10:50 AM
To: Jim Dalton
Cc: J. Oquendo; Hiers, David; ***@voiceops.org<mailto:***@voiceops.org>; Mark Collier; ***@voipsa.org<mailto:***@voipsa.org>
Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
What does the "International Revenue Fraud Number Database" on cfa.org<http://cfa.org> contain?
I agree it's tricky to block based on hosts, you hit one and the others start popping up.
-- Christopher Aloi
-- ***@gmail.com<mailto:***@gmail.com>
On Fri, Feb 21, 2014 at 4:17 PM, Jim Dalton <***@transnexus.com<mailto:***@transnexus.com>> wrote:
One option maybe to cooperate with the Communications Fraud Control
Association (www.cfca.org<http://www.cfca.org>). They do vet their members, but they do not
have a mailing list. The association also has an annual membership fee.
Jim Dalton
-----Original Message-----
From: VoiceOps [mailto:voiceops-***@voiceops.org<mailto:voiceops-***@voiceops.org>] On Behalf Of J.
Oquendo
Sent: Friday, February 21, 2014 3:38 PM
To: Hiers, David
Cc: ***@voiceops.org<mailto:***@voiceops.org>; Mark Collier; ***@voipsa.org<mailto:***@voipsa.org>
Subject: Re: [VoiceOps] [VOIPSEC] Tackling VoIP fraud, new idea
The key is vetting the participants. Even the feds have a hard time with
that...Indeed which is why I stated:
1) Private mailing list - to prevent talks from being seen
2) NON freemail addresses - easier to establish that this individual works
for this company, therefore its highly unlikely he is going to throw
himself, and or his company, under the bus passing bogus information.
The "private mailing list" is not to try to start some secret club, VoIP
Gestapo. It is merely to be able to share data, methods, etc., with other
peers in an effort to keep our networks from piping out 100s of thousands of
dollars in toll fraud. PERIOD. ANYONE is open to participate, with the
clause that we want to, and NEED to be able to trust data. Otherwise it will
never work.
I will re-think this over the weekend and have a take two.
I think it could, and would work. I do also believe that there are likely
individuals even on this list, that would not like the idea much, so hosting
decisions need be met, etc., in order to keep away DDoS attacks, reputation
based attacks, and so forth. That's my train of thought though.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of real peace" -
Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
_______________________________________________
VoiceOps mailing list
***@voiceops.org<mailto:***@voiceops.org>
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
***@voiceops.org<mailto:***@voiceops.org>
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
***@voiceops.org<mailto:***@voiceops.org>
https://puck.nether.net/mailman/listinfo/voiceops
CohnReznick LLP
Circular 230 Notice: In compliance with U.S. Treasury Regulations, the information included herein (or in any attachment) is not intended or written to be used, and it cannot be used by any taxpayer for the purpose of i) avoiding penalties the IRS and others may impose on the taxpayer or ii) promoting, marketing or recommending to another party any tax related matters.
The information in this transmission is privileged and confidential and intended only for the recipient listed above. If you are not the intended recipient, please advise the sender immediately by
reply e-mail and delete this message and any attachments without retaining a copy. If you are not the intended recipient, you are hereby notified that any disclosure, copying or distribution of this message, or the taking of any action based upon it, is strictly prohibited. Thank you.