Friday, June 28, 2019

Security Researchers uncover a massive espionage campaign involving the theft of Call Detail Records, CDRs, from hacked mobile providers

According to a Boston based security firm, Cybereason, hackers have systematically broken in to more than 10 mobile carrier networks around the world and have stolen Call detail records (CDR) revealing times and dates of calls, and their cell-based locations. This seem to have gone over for seven years and seem to be ongoing. Call detail records, the CDRs are the most important to any intelligence agency’s collection efforts as hackers or people behind them could obtain all the information about a phone without ever breaking in to a phone.
So in addition to NSA, another entity, a foreign or external entity may know more about you and me.
Security Researchers uncover a massive espionage campaign involving the theft of Call Detail Records, CDRs, from hacked mobile providers.
Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers.

In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with Chinese-affiliated threat actors. Find the complete report here.
Typical CDR fields;
  • historyid - This is the call number - each call has a number, internal to 3CX. Useful for call tracking.
  • callid - This is the Call ID - the unique identifier of the call.
  • duration - Call Duration time.
  • time-start - Call Start time.
  • time-answered - Answered time.
  • time-end - Call terminated time.
  • reason-terminated - Why the call was terminated.
  • from-no - Source caller number.
  • to-no - Destination To Number.
  • from-dn - Distinguished name of caller - this is 3CX Specific Can be omitted by 3rd party developers.
  • to-dn - Distinguished name of To - Destination - this is 3CX Specific Can be omitted by 3rd party developers.
  • dial-no - Dialled number.
  • reason-changed - The Reason why a change occurred in a call - example in a transfer you will see "ReplacedDst" which means that the destination was replaced with something else.
  • final-number - Final Number - the final number which was replaced (In a transfer this will be the final connected number).
  • final-dn - The Distinguished name of the final number entity - this is 3CX Specific and can be omitted by 3rd party dev.
  • bill-code - Billing code dialed after the destination (for example: **Sales).
  • bill-rate  - The billing rate that matched the prefix of the rate. This is used to apply a cost calculation variance.
  • bill-cost - The Cost of the call calculated with simple proportion / minute.
  • bill-name - The rate name of the billing variance.
  • chain - All endpoints which were involved in the call.
  • from-type - Source type.
  • to-type - Destination type.
  • final-type - Final destination type.
  • from-dispname - Source Display Name.
  • to-dispname - Destination Display Name.
  • final-dispname - Final destination Display Name.


No comments: