This can't be just one guy. They hit us the first time about a month ago from Egypt, Jordan, and Paltel. We canceled all their accounts early on and blocked Egypt and Jordan completely, so they gave up and moved on.
They do come back occasionally using proxies, but since then we've managed to cancel their accounts before they managed to make any calls.
You are absolutely right- I believe they go through myvoipprovider.com and just hit every provider on there. That's how they got to us.
There is an easy way to tell it's them. It's quite obvious but given this is a public list I don't want to post and "ruin it". email me privately if you want this info (although you're probably aware of it already).
-- Nitzan
--- On Mon, 4/21/08, SIP <sip@arcdiv.com> wrote:
> From: SIP <sip@arcdiv.com>
> Subject: Re: [asterisk-biz] FRAUD: BE AWARE
> To: "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz@lists.digium.com>
> Date: Monday, April 21, 2008, 8:15 AM
> Good to know he's picking on someone else. ;)
>
> For the last 3 years, we've been getting one particular
> individual (or
> small group) from Egypt that does the same thing. If you
> follow their
> traces back as far as you can go, they all ultimately
> originate from
> accounts on Link.net in Egypt. We've worked with the
> FBI and British
> Authorities to try and track things down. The Egyptian
> authorities have
> been little help. Link.net is either woefully ignorant or,
> more likely,
> complicit in the activities.
>
> The charges come in from IPs all OVER the world (proxies
> galore out
> there), but connections can be traced back to Egypt,
> Jordan, and Paltel
> (Link.net is firewalled out completely from our services).
>
> It comes in waves. We'll see nothing for a month, and
> then a spate of
> several days of concerted charges (sometimes as many as
> 30-40 attempted
> charges in a day). From the looks of it, it looks like
> someone's going
> through a VoIP directory one by one in a circuit. When he
> gets to us, we
> get hit. When enough of his charges don't go through or
> we've notified
> enough people that his cards begin to get cancelled and he
> feels the
> pinch, he moves on. Until the next time 'round.
>
> We've seen some posts on militant fora out there with
> the accounts that
> had charged stolen cards, advertising that this guy (who,
> from his
> colloquial Arabic, seems to be in his young 20's) is
> willing to offer
> hacked accounts to anyone who wants to, in essence, stick
> it to the
> Americans (even though we're not an American company).
>
> I keep hoping that one day he'll get hit by a bus, but
> alas... it hasn't
> happened yet.
>
>
> N.
>
>
> Justin Case wrote:
> > Hi List,
> > I made the mistake of having auto payments via PayPal.
> Just had some
> > one put in payments and have them all denied. So far
> this person send
> > in funds from:
> > julie tosh - juliert@hotmail.com
> <mailto:juliert@hotmail.com>
> > David Somerville - davso@nbnet.nb.ca
> <mailto:davso@nbnet.nb.ca>
> > Gaetane Fortier - fortier.3075@videotron.ca
> > <mailto:fortier.3075@videotron.ca>
> > ray stewart - dragonr2262@hotmail.com
> <mailto:dragonr2262@hotmail.com>
> > Cédric Girard - realm415@hotmail.com
> <mailto:realm415@hotmail.com>
> >
> > The IP's I have are 213.6.185.243
> <http://213.6.185.243> and
> > 83.233.182.229 <http://83.233.182.229>.
> >
> > The seem to be calling Palestine Mobile.
> >
> > /J
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > --Bandwidth and Colocation Provided by
> http://www.api-digital.com--
> >
> > asterisk-biz mailing list
> > To UNSUBSCRIBE or update options visit:
> >
> http://lists.digium.com/mailman/listinfo/asterisk-biz
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by
> http://www.api-digital.com--
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>
http://lists.digium.com/mailman/listinfo/asterisk-biz
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz