Fraud investigations

We can assist operators with investigating complex fraud scenarios that are affecting their network, and developing sucessful countermeasures .

For example network in emerging countries have been faced with data fraud, where users are able to consume data without charge by using advances curcumvention techniques.

Key circumvention techniques include:

  • DNS Tunneling: This is one of the most common methods. It involves encapsulating internet traffic within Domain Name System (DNS) queries. Since MNOs often do not bill for the data used for DNS lookups (which are essential for web Browse), users can leverage this to create a “tunnel” for their regular internet traffic, effectively making it invisible to the billing system. Specialized applications and software are used to establish and manage these tunnels.

  • Custom VPNs and HTTP Injectors: Applications like HTTP Injector are popular tools for creating custom Virtual Private Network (VPN) connections that can bypass MNO firewalls and billing systems. These apps work by injecting custom HTTP headers or using Secure Shell (SSH) tunnels to disguise data traffic. Users often share configuration files for these applications, which contain the specific settings needed to exploit loopholes on a particular mobile network. These configurations often target “bug hosts” or zero-rated domains to channel their traffic through.

  • Exploiting “Bug Hosts” and SNI Loopholes: Savvy users identify specific domains or subdomains that are zero-rated by the MNO, often for legitimate purposes like accessing the carrier’s self-care portal or specific partner services. By using techniques like Server Name Indication (SNI) spoofing within a VPN tunnel, users can make it appear as though all their internet traffic is destined for these “bug hosts,” thereby avoiding data charges. Lists of such hosts are often shared in online forums and social media groups.

  • Carrier Billing Exploitation: While less common for direct data consumption, vulnerabilities in carrier billing systems can be exploited. This might involve finding ways to subscribe to services without proper authorization or exploiting flaws in the billing logic to gain access to premium content or services that might otherwise require a data plan.

If you would like us to create a custom consulting engagement to research, identity and remediate any costly fraud scenarios that are occurring within your network, please contact us.