Bohdan Hopanchuk is an ethical hacker, based in Kyiv, Ukraine. That’s the reason he’s in a darkened room, at night they black out. Like the UK did during World War II. We were prepared to pause recording if the air raid siren went off, fortunately it did not.
Bohdan is a fan of the TADSummit Podcast, his objective for this podcast is to add value, by bringing his experiences to the body of work we’ve amassed. He brings both cyber security and messaging expertise. In particular Bohdan wants to help young route managements understand the industry and make the right decisions.
Bohdan brings the coal face experiences for setting up routes, and how to buy, sell, and test those routes. He knows how to set up zero hop direct routes, and the testing, for example whether the DLR (delivery receipt) are real or fake. This is one of the methods used to steal from the customer. Claiming delivery, when there was none.
Such simple fraud is widespread. 80% of the DLRs could be fake, only 20% real, yet all are charged. This enables extremely high margins by some CPaaS. Bohdan share the reality of inter CPaaS deals, where they share traffic, customers, revenues, margins and commitments. Essentially its AIT, we are going to come back to this in Part 2 of the Bohdan interview.. BUT Bogdan draws the line at phishing SMS, this leads to serious losses and security issues. Young managers should NOT transport phishing.
Bohdan has been contacted directly by scammers, who are premier sponsors of industry events. There are vastly too many events, even down to a country level. As Robert Vis has said on the TADSummit Podcast the scammers are on the board of some industry bodies.
Bohdan makes clear some well known wholesalers (gateways) at these events are continuously transporting scams. He then raises the question on why SIM boxes are allowed to continue to exist, and can be bought so easily on Amazon. Carriers generally use drive test and other core solutions for their networks, which are not ideal for catching SIM boxes. While solutions like Wadaro, as shared at TADSummit last month, are effective. Telcos could report vendors for selling SIM boxes in their countries of operations. They could use Wadaro to close down SIM boxes. It’s simply a matter of motivation to protect their customers.
Bohdan also highlight how SIM boxes can be used to mix good and bad traffic. So called ‘optimized routing’ can include 90% zero hop and 10% SIM box. Its illegal, but it’s become accepted practice. Carriers need to report such activities on their network. They have to act like the network police to protect their customers as the wholesalers (firewall / gateway providers) have multiple decades of not acting in the best interests of the carriers’ customers (all of us).
The cost of the fraud is tens of billions. But can it be stopped? Johnny is doubtful, so concludes, live with it. We’ve described in the Honest CPaaS Review, the necessary steps and the critical role carriers must play. As we see with BT Group and DT. Others can join their leadership.
Bohdan shared how he is contacted by people from Asia with requests to test routes with sample content and specific sender IDs. To check if the content will be delivered through his routes. It was phishing traffic to banks across many countries. Naturally, Bogdan blocked that traffic.
After that experience he built a firewall that search for keywords, and used AI to get around scammers tricks of using mis-spellings and special characters. We discussed with with Ameed Jamous about OpenTextShield. There are solutions to limit scammers, it is a game of cat and mouse, but carriers can protect their networks and customers.
Johnny came back to his point, it can not be stopped. While Bohdan believes is can be stopped in the future. Johnny raised SS7 is broken, Bogdan explained SS7 is only signalling. It should not be used for transport. Use direct routes. Carriers see the problems with SS7 on their dashboards. But enforcement is the issue, again carriers have to take control of their network.
This then brings the issue of social engineering and human factors, In the limit it bribery. Carriers needs to trust and educate their people, enforcement is important. Catch a cheating employee, it goes to court, similarly with catch a cheating CPaaS, fine them under the terms of the contract, like we see with BT Group.
Interestingly, Bohdan thinks the crypto-industry will be one of the drivers for bringing honesty to telecommunications. However, Bohdan sees Africa as under control over China. So it a significant threat, again carriers must protect their networks from the rest of the telecoms industry.
In part 2 we’ll delve into AIT and all the shenanigans there. The future of SIM/eSIM, hacking QR codes, building huge BOT-networks via telecom routes, and infected devices.
