BEWARE OF GEEKS BEARING GIFTS – SEASON 1

UDATE 3: 24th NOV. 2012:  Zain Bahrain investigated deeper and responded to my requests to check the IMEI numbers of the erroneous calls made and the bogus SMS we supposedly received and responded to.  Bingo!  Not us.  A mighty BIG thanks to Ruzaina and indeed Khalifa who with great pains, sifted through the mess and removed all charges.  That is not the end of it though, they are still determined to get to the bottom of this.   Bahrain Telecommunications (Batelco) supposedly investigated for a few minutes and came to the conclusion that I/we had made the calls and responded to the the SMS thus closed the case.  Lightspeed removed the charge after a huge battle, but are still convinced I/we made the calls or sent the SMS.  AMEN…..or maybe not.  Read the story below.

UDATE 2:  4th NOV. 2012:   Zain Bahrain just confirmed – so far 2 of my mobile numbers fraudulently charged.  A total of 95 scam SMS supposedly received and replied to during the last month,  plus calls to Madagascar, which defeats Lightspeed’s assessment that I was physically responsible for the calls. (See below Scam 1).  Total value of the theft now amounts to not far short of BD 200 (Over US$ 500)   This is is so serious now, it is a war. 

 

Geek warning!  (See update 1:  03 Nov 2012 below). Today’s blog is about you and me getting fleeced daily by criminals using perfectly legitimate telecommunication channels.  For good measure, I’ll throw in Jimmy Saville’s name  – the Briish disc jockey who is thankfully being posthumously … um…. buried for  fixing his jimmy where he shouldn’t have. A distasteful man who I well described, if not warned about 40  odd years ago. Owz abaht that then..?  Unlike a Pakistani marriage, the two subjects are not related. I know, I normally rattle on about media corruption or corruption in the media and the occasional telecom rant, but bear in mind telecommunications is everything media, it carries media, it is a medium, so in this case, the two subject are related.

To get your hackles up and battle dress on, let me inform you that you and me are paying through the nose for thin air and legally being ripped off big time by crooks manipulating our everyday communication systems.  My household (IP based) telephone has been hacked with someone making extraneous calls and nobody wants to admit it.  It never rains, it pours and our mobiles have been raped too.

Here’s a scenario; you’ve just received a massive phone bill demanding you pay a stupid amount above what you normally pay per month, or you’ve just topped up your credit on a prepaid system only to find

shortly after that you have no credit left. You grab your belligerent teenage kids and ask them if they have been eating up bandwidth by unnecessarily downloading movies; or shock horror – making ludicrously expensive phone calls  to jungle countries and sending text messages  to premium numbers for prizes that don’t exit. YES, IT IS HAPPENING and to YOU AS WELL  and like most of us, we sit there blissfully unaware of it!  The bill really does shock you and the kids swear to God they did no such thing but you don’t really believe them.  Well this time – believe them (maybe)!

As of this writing, it has been weeks  of intense, cankerous telecom scamming mayhem in Sharwarmaland and I am pretty sure that the story is the same in every town and city around the world, yet nobody is doing anything about it. I say that, but one  lovely Call Centre agent lady at  Bahrain’s Zain telecommunications company admitted that there was a problem and ‘there is a case with the ‘Ministry of Interior’. Oh good.  Global warming will probably have sunk us long before that case goes to court then, but we live in hope.  Oh yes, there is a problem ok and it is my belief that more than half the ticket numbers issued by these telecom Call Centres deal with extraneous text messages being received which ‘lack of law’ allows the receiver  **you** to pay for. This is blatant criminal extortion and thus the robbers are legally allowed to do it.   Governments should order Telecom companies not to be so greedy by allowing these scumbags access to ‘short codes’ for the broadcasting of unwanted, unsolicited SMS within the country concerned. Even if we cannot stop these SMS, surely the lack of law to stop it, equally applies to lack of law to force  ‘you’ to pay for them.  It is enough with Internet criminals,  but now we have blatant crooks sucking your phone credit dry or running up your mobile bills.  To make matters worse, this abysmal crime is much harder to control, especially with new network technology and I am convinced that most network service providers are not in the least bit interested in securing present technology against infiltration because through the back-bone they inadvertently and invisibly make revenue. Legality needs to catch up with this fast. Even on a tiny Island such as Bahrain, the major telco might have a million subscribers, if only half of them were targeted with money sucking text scams each day, that’s a lot of illegal money.

It is unbelievable that the Telecom Regulatory Authority has to ‘issue the right’ for subscribers to block unwanted text messages.  So what does that mean?  If they did not intervene, then the telecom companies would NOT allow you to block???  Just as the recession bites harder and harder by the day, I don’t know about you, but in Bahrain we have near mayhem affecting the little bit of business there is.  Many of us might be watching the pennies a lot closer these days and the last thing we want is to be ripped off by some telecom scam. Not that the criminals have selective mercy.

DON’T WALK THE TALK

In my rant today, I will expose at least 3 or more telecom scams which we should all be well aware of and we need to rally together to make a very loud noise to stop it.  I DON’T like being ripped off and I DON’T like poor people being ripped off and the wealthy and influential not in the least bit interested, so do buggar-all about it.   Calm down Geggy.  Oh Ok.

If you are confidently complacent reading this, thinking it a no brainer and that  ‘you’ are not stupid enough to get caught since you NEVER reply to unsolicited SMS or would ever RESPOND to some ‘if it sounds too good to be true – it surely is’ scam, then think again.  I am pretty telecom savvy and indeed work for the industry when not submerged in radio things and I too would NEVER get caught doing crap like that, but unfortunately, we/you/us don’t need to do anything, your phone doesn’t even have to be switched on – so read on.

Scam 1:   OMG!   While sitting in a café one fine afternoon waiting for my chino, I decided to pay my Lightspeed bill through the Call Agent.  WHAT!  ‘Come again’ I gulped in disbelief, ‘Are you sure you have the right account’?  Oh yes, it seems that dozens of calls had been made to Madagascar and were taking place when nobody was at home, on holiday or in the middle of the night .   MADAGASCAR – WHERE!!!!    Having cracked the café’s plastic chair as I fell off it in shock,  I questioned the Call Centre agent further and was advised that the calls were made from my home phone using my IP.  Of course, I immediately ask for earlier records going back months, but why I don’t know, these are not available,  so who knows how long this has been going on. I guess if the bill is not so noticeably stark, one just pays it each month none the wiser.  Too often our router needed rebooting to get the phone working so nobody bothered. Half the time in our case,  there is no physical phone attached to the router or the carrier line, so not only did the BD30 scam calls choke us, we just don’t use this particular phone these days as we have many alternatives and too many mobiles for some reason.  I’ll explain below,

According to the provider and they are adamant, someone physically picked up our phone and made those calls.  BS!  Someone hacked in to this systems and made calls ONLY to Madagascar to the tune on about BD30.  Madagascar?  I can hear many of you asking with some curiosity; ‘Where the hell is that?’.   Does anyone know anyone in Madagascar?  Are there real people there?   I am not even sure they have telephones there.  Isn’t that the place where they dig up their dead once per year,  plonk them at the table and serve dinner?  (If you turn your back for a second and the food disappears, I think I would be worried).   I even doubt there is anyone from Madagascar living in Bahrain, so my suspicions point me in the direction of a scam to collect money rather than someone next door hacking the wireless and finding their way through the router to the telephone to make calls.

(Update insert):  At first, we thought it was our provider who had been hacked and not us as individuals in particular.  More on that in a second.

So here we are, out in dustville with no asphalt roads surrounded by old weathered, knotted and stretched cables dangling from loosely placed telegraph poles which carry the data from the nearest exchange some 6 kilometres away. Even Deliveranceville in outback USA have better facilities.  With package speeds promising the impossible 6 megabits/sec or more, which we have to pay for, nobody in this area can hope for anything like that.  On a good day if you are lucky, we might get 1.5 megabits and simulated broken lines every Friday, which gives us no data at all.   This particular provider uses a standard  Batelco (Bahrain Telecomunications) line which has its own number, then condition that line to ADSL and plonk their own router with Internet gateway on it.  Once the line is handed over, Batelco have nothing to do with it.   With this comes a fixed telephone line but as you can imagine, it is not a physical line, but an IP which is a completely different number to the rented physical line which carries the data.   (Update insert):  Since posting, as expected, we have now discovered that the scam is ‘virtual’ and has nothing to do with any physical lines, location or otherwise. It is a straight forward system hack through a mobile payment gateway placing fraudulent charges to random (or otherwise – phishing) mobile numbers.  How it appeared on a Lightspeed IP phone is a mystery and very worrying. (See below)

Scam 2:  This is the one that is going to make you jump now because for sure you have been scammed a few times already.  Getting stiffed with the Internet is bad enough, but now our mobile phones are like cheese graters.  Suddenly you see  outrageous bills for taking part in rip-off, imbecilic SMS games which of course you did not and were not even aware of.  Sure, you might have vaguely remembered receiving some spam SMS  and deleting it, but you nor anyone in your household responded to it.  YOU DON’T NEED TO – you have already been charged.  Outrageously, to ‘unsubscribe’ they have the gonads to ask you to send an SMS with ‘Unsubscribe’ instructions. That message also costs an arm and a leg.  It is not rocket science, it is just an outrageous loophole in the system and telecom companies continue to allow it. You have been charged for the marvelous privilege of receiving this sewerage, just as you are if you receive messages while roaming. (On certain networks). Since my Batelco mobile is only used for receiving, the monthly bill remains almost static.  I was actually called by a Batelco agent who asked me if I had been taking part in some ‘mobile games’ as I had unusual charges of near BD10 on my post-paid line which related to SMS participation in to enter these games.  Of course I had no idea what Batelco was talking about, but I knew I had been scammed.

It gets worse:

IMG-20121028-00676

Because of these fraudulent charges on my post-paid, I thought I had better check any pre-paid phones we have lying around. We keep one validated as a back-up phone or for visitors to use instead of roaming. I keep about BD30 or more credit on it. It is rarely if ever switched on, hence the credit builds up at each validation.  ( It is an easy number  to remember, which I managed to acquire when I was working with Batelco many years back.  I was involved in the GSM network launch and each of us had test lines.  I decided to keep it as the number was good.   No, it was not graft – it is not a royalty type number,  at launch it was available as part of a released sequence to anyone, I just got there first). After charging the old battery,  I booted up the phone and a string of SMS came rolling in.  (Above pic). Some from our local provider Bahrain Telecommunications (Batleco), advising me of missed calls; some spam or dodgy calls and most of the others thanking me for my participation in ‘WSGame’ and that the charge was BD 1.  I have absolutely no idea what that is, but the payment is made through the mobile payment gateway http://boku.com  (as you can see from the text below).

Picture 1:  The first message comes with the option to participate by sending ‘YES’ to a certain short code.  Before you blink, a message with the word ‘YES’ has gone out without you touching the phone even. It is plain to see that the incoming messages have NOT been opened.   Immediately you receive another SMS thanking you for taking part and listing fraudulent charge. Since there were about 20 or so of these text messages, I immediately checked my credit only to discover NONE!  How can a phone  show ‘sent’ messages which were never physically sent?  I Called the call centre, but they are not much help, this is Pre-paid.  It makes you sick, it makes you feel violated.

IMG-20121028-00677

In a court of law, I can prove that the phone was not logged onto the network at the dates and times of these messages were sent. Just how does this happen.  Just how do the telecom companies and governments allow it?

I made a complaint on this web site listed by contact form. Boku does NOT list ‘WSGame’ as one of their clients and to my utter amazement, I heard back from them within an hour with a note that they are looking into my concerns. I even made a typing error with my number and they politely came back to me and asked me to confirm.  Once I did that, I asked them to check other numbers that had been scammed and they came back with the full details.  They also blocked my numbers from ever being charged again through this gateway.  All within an hour or two.  I am so mega impressed with Boku and I admit to be very skeptical initially thinking they were part of the scam.  Apparently, Boku are also under the impression that I must have responded to the scam text messages.  Trust me – trust me – trust me, nobody did.

Update 1:  3 Nov 2012:  Batelco have finished their investigation with the lovely Layla patiently explaining how at least some of these scams happened for one particular number.  The fact that the scams happened to two different Batelco numbers on exactly the same day is extremely suspicious.  (Only Batelco numbers as far as we know at this stage) This day was my birthday!!!!!   I think there is some significance to that as apparently these scams are not only through SMS which you do not respond to, but if some obscure (but very bent) web site has registered you to play their fictitious games or view porn or… … then your mobile phone can be used as a the payment source through http://paymo.com .  Go there and you will see that it is the very same site as mentioned elsewhere in this blog;  http://boku.com .  The web site is kosher, but obviously a criminal ring is at work here – somehow. My guess would be an employee on some perfectly legitimate  E-commerce site, or more like a magazine or blog registration requirement, where you have entered your date of birth and phone number –  bingo!  They phish this info out to the criminals for a back hander and you are registered on the scam sites.  As far as Batelco is concerned, there is nothing they can do, I have to pay because the onus is on me. I accept some of that, but using your mobile as a bank security has to be seriously tightened up. This is a job for the FBI.

Scam 3:  Because of the lack of fibre or copper for that matter and the dreadful options in this area, we have opted for more than one Internet provider. My son uses his own line exclusively and if he goes over his limit, c’est la vie, tough.  He also has his own mobile with extended packages which include the free calls, so he has no need to use any house line. We started noticing that his hardwired Internet bandwidth was being eaten and constantly  topping out just a few hours after the start of the accounting month. Do I believe the kid when he says that he is ‘not responsible’?  To be honest, no I don’t as responsibility is something he still has to excavate from within his totally spoilt teenage existence.   Now this has happened before a few years back when data rates where very high. It was discovered to be an ‘inside job’ within the telco, where dudes had gone round accounts looking to see who was not using their full bandwidth and hacking in to get the password then dialing in from their own homes.  Duh!     Of course, they get sloppy and go crazy with gay abandon, so get caught.  The log showed which numbers had been the source, using our account.  Batelco investigated but I bet the culprits didn’t even get sacked.  Back to the present and we decided to check the log.  Oh!  This bandwidth like the crook calls was being used up while my son was out of the country on holiday with his grandparents for two months.  Hello?  There is no wireless on this line.  You tell me?  Batelco say the usage is kosher and ‘us’ using it. Someone is telling whopping great porky pies and it aint me.

Scam 4:  You get umpteen calls from  +882 or +881 numbers which seems to be using the Thuraya network or the very loss making Iridium satellite network. The last few digits of the numbers are always a little different.   It is always a missed call and even if you don’t look who is calling and answer, they generally cut off, hoping you call back I guess.  I am not sure how this works other than a company checking to see if numbers are active for some marketing purpose or phishing scam, then charging low life buyers for the data base. I see a lot of that and email data bases stemming from Lebanon and I don’t like it one bit.  Or perhaps these are premium number which charges you an arm and a leg to call it, so they only ever miss call you hoping that you will ring back out of curiosity.     Colleagues have contacted these numbers only to be given the run around as if they don’t know who you are.  So how do they make their money as it is not cheap to call using these networks?  My guess is that the scammers must have some skullduggery going on. It could be a hack within the network or using stolen phones like some Nigerian scams where they steal numbers/phones and use it until they are rumbled and the number cut.  No problem, they just come up with another number. Please inform me if you know anything, I really don’t know.

[Incidentally, for those who follow people, Richard Goswell was CEO of Iridium Middle East in the 90s – who used to be General Manager of Batelco in the 80s – he who moved to be the CEO of Mercury One2One  an off shoot of Mercury – Cable and Wireless – now T-Mobile]

IF IT WALKS LIKE A DUCK, QUACKS LIKE A DUCK IT ISN’T A DUCK

As for Scam 1; unfortunately, Lightspeed does not issue itemized billing unless specifically requested in such times as disputes.    Originally, our IP phone thing package included some 400 free minutes and no matter how hard we tried, we could never use it up.  Sometimes there was some severe over-the-odds amounts on the bills and I just thought perhaps we did excel a bit in local calls. I was a little suspicious but my radar was not up yet because my lovelorn adolescent son was unable to go an entire night without talking to his ‘can’t live without’ school flame.  He got a good bollicking although he vehemently denies it was him of course and claims he only ever uses his own mobile.  Then we moved a year or so ago and found that the poor local infrastructure meant that we could not enjoy the high speed unlimited package with free phone calls, so we reduced and only ever used the line for incoming,  but since nobody knows the number there is not much point in connecting the handset.  This meant that the monthly bill was static.

A mini war ensued with the provider and what came across as a rather arrogant Egyptian sounding manager virtually accused everyone from the gardener to the dog of making the calls. A dog we don’t have at that.  In full denial they claimed that hacking a ‘point to point IP’ is  extremely difficult to do so dismissed our claim. It eventually came to the CEO telling us that they were ‘extremely proud of their equipment and its security’  Maybe we have IT ghosts and as I said,  we live in the middle of nowhere with just a few nearby  devout Salafi I would guess and the odd American just out of range of our little router which has quite poor coverage inside the house and three thick walls to the house behind.   We can see a few other weak wireless networks nearby and I think some are even open, so why us and how?  (Update insert):  With more in depth investigations and discovery that the Mobiles also had extraneous calls to Madagascar we now know that somehow Lightspeed has allowed charging to our number from an external source (Scam) through a mobile payment gateway (I assume).  I do not understand the correlation, but there obviously is one.
If anyone knows how this was done,  I am anxious to hear and so is Lightspeed – apparently.

MONEY MONEY MONEY

To clarify the significance; Batelco has the only other node to the outside world, which everyone ‘has to use’ it. In fact, as of writing, there is at last a settlement in the on going dispute regarding usage of this gateway.   With deregulation and so many new operator upstarts, they have to use existing hardwire channels belonging to the old incumbent in order to offer services.  I don’t think there was any restrictions as to who tendered for which licenses initially, but Cable layer licenses cannot go mobile and mobile companies cannot lay cables so use just 3G or Wimax for Internet. However to date, I have NEVER heard of any of the newbees getting shovels out, other than perhaps Saudi Telecom which operates under the name of Viva.  I believe they ‘might’ have dug at least one other channel for itself only, to link their 3G network to their fibre cable across the Kingdom.  Will new cables go in the ground in the future?  I think the Inca Apocalypse is more likely.

‘Lightspeed’ in Bahrain is affiliated to Orange/France Telecom, whereas we all know, Orange is a mobile operator, but France Telecom is not only. It is similar to the UK when the GPO (General Post Office) lost its monopoly and split interests with the birth of British Telecom.  It is all a big con so the governments can make money out of the license issue, just the same as is taking place now with the farce which is 4G – a juicy good story for later.  Bahrain is tiny and I think visions of grandeur prevailed with the idea of making billions by default with a telecom license.    Cable & Wireless in the UK (or better known as Mercury communications then),were given 5th freedom rights to dig the ground and install services.  While this notion is ostensibly being realized, the overseeing authority –  called the TRA – ruled that the incumbent had to release lines to the new operators in order to carry their services for a specific period of time, ostensibly to allow them to build their own infrastructure.  Mercury tried – a bit – and installed a few phone boxes.  Oh please!  The mobile phenomena hit and nobody was interested in ‘laying out’ to lay cables anymore.  This is a crime in itself and an oversight in the regulated stipulations.   My gut feeling is that if Zain – a mobile company by nature-  had gone for ground as well, there would indeed be more fibre laid by now.

A ‘FLEECING’ GLIMPSE OF TELECOM REALITY

In general, telephone companies don’t always believe you. Besides, by default, telcos sit by and enjoy their invisible, incidental immoral revenue percentage, so have no real incentive to own up. Sometimes you do get a sympathetic ear and even your money back, but they leave the scam unfettered and you open for attack after attack again and again.

Telecom companies are fully aware of the slimy, greedy delinquency happening over their networks, such as this SMS scamming and ‘Premium Number’ rip-offs.  Instead of stopping it, they are allowing us all to be robbed  It is the telecom companies and the TRAs which are issuing these short codes. Think about your kids and their phone or Internet allowance being eaten up by crooks.  It is particularly distasteful when you think that so many extremely poor people who struggle to put a dollar credit on their phone are having their credit sucked dry, completely oblivious at that. They go to use their phone thinking there is a Dollar on the clock only to find the account empty and probably sit in their labour camps at night depressed as hell, even suicidal because they think they used their last cent but can’t understand why.   Most of these poor workers slave 60 hours a week in the roasting sun, just to get some old mobile phone passed on to them so they can call home once a month, or at least be in touch if an emergency pops up. So sad really because if you talk to the poor, many with limited education, they just laugh because they don’t really understand what you are trying to tell them and of course, we know that most are in the least bit compassionate at the plight of others and find their own misfortune of importance only’. Yes, the rest of us take our living standards for granted,  having 3 or 4 mobile phones and 24 hour Internet and easily budgeted for, so ignorantly don’t even notice those extra amounts added to our phone bills.

Can being charged to received unsolicited SMS from these criminals be legal? Seemingly so. Is there anything we can do about these cheats,  this abhorrent blight on the human race?  Yes, but only for some!  Each telco from AT &T to BT has their own block sequence, but  is not particularly effective when it comes to criminal activity, since they just come up on another number.  It is a bit like the fruitless efforts some governments go to when blocking websites. It takes seconds to change the IP.  In Bahrain for example: For Batelco,  Send an SMS to 5000 containing the following:  ‘BLOCK (space) ‘The offending short code’. In my case:  ‘BLOCK 95076’. This is a real low life den and should be raided with the culprits given at least 100 years in prison and a few more years just for good measure. Execution would do, I don’t have issues with capital punishment and I am not the only one who calls for tougher sentencing.   Zain Bahrain use its own short code;   *600# and a list will come up. (In Arabic).  Select which numbers you DO NOT wish to receive messages from.   Again, if you know the source, you have already been knobbled or hacked.  Your credit is gone and your phone bill rising although you did absolutely nothing to sanction it.  Eventually the entire portfolio of each telecom company will have requested this code to be blocked, but long long long before then, the shadowy scum are attacking you with new codes, so STOP issuing them.

Where are the apps to stop this?   Making software for criminal purposes has always been more prolific than Godly stuff. One short term answer might be to do everything through Skype or Viper, even local calls.  Let the Telcos know we mean business. (Oh then they will try and ban that as well as they do in the U.A.E..  It is just wrong!) SMS should die anyway.  ‘Whatsapp’ is light years better.   Maybe it is time to have a ‘prove you are human’ code needed to be entered before you can send an SMS or make an international call. Maybe this Boku.com can help here. Before anyone can be charged for playing some game or entering some obvious scam, we have to physically register with Boku or any other payment gateway.  I don’t mean a hack register either.  Perhaps they issue you with a PIN only known to you.

We have despicable criminals getting very very fat causing misery and it is legal! More drastic measures could be implemented as well. We hear of retina recognition coming on Macs, how about new phones having that or  a  physical key which is programmed to your programmable Personal Identification Number (PIN). How difficult is that for manufacturers to build? That would be a very good idea.  Sort of similar to on-line banking, but a lot simpler.   The number could be based on your I.D. number and your date of birth or something when you register. I doubt it would stop the scammers, but it would definitely slow the scum down.  The same would apply to ‘ALL’ premium numbers.  You return a missed call; if it is a scam premium line, then a message should come and warn you or you have to enter this little code to proceed. The warnings are only in place now with premium lines used for legitimate business.   I would not object to premium numbers being used for legitimate charities for example;  ‘cancer research’.  Instead of you going out to some shop and dropping your pennies in a box, just dial their special premium line phone number and by doing so, you are making a donation.

Comments

Leave a Reply