A Multi-Level Governance Framework for Increasing Awareness and Reducing Cyber Misuse in Next Generation Cross Border Voice Communication Networks & IoT
A Multi-Level Governance Framework for Increasing Awareness and Reducing Cyber Misuse in Next Generation Cross Border Voice Communication Networks & IoT
This interdisciplinary research discusses, analyses and investigates the technical, policy and legal issues around a growing threat through the misuse of Next Generation Voice. This is funding criminals and terrorists with billions of dollars per year through the medium of Toll Fraud (primarily known as International Revenue Share Fraud, but can also include Domestic Revenue Share Fraud and arbitrage). Business phone systems, (increasingly used for Unified Communications) known as PBXs, are being systematically targeted by these criminals and are being hacked to misappropriate money via business phone lines by typically calling expensive cross border numbers. Figures from 2017 and 2019 estimate the volume of this fraud (all types) to be in excess of $10 billion per year, where the FBI and other industry experts have verified how this fraud directly funds terrorism. As the United Kingdom, along with other countries migrate on mass to Next Generation Voice, this problem will only increase. Policy does not provide a satisfactory solution to mitigate. Gaps in policy mean that service misuse does not fall within the definition of security and therefore leaves businesses with large phone bills of thousands of pounds. Businesses typically only find out when their service has been suspended or they receive their phone bill with excessive charges (bill shock).
A Honeypot experiment has brought an up to date understanding of how these attacks operate. The experiment has demonstrated a significant increase in sophistication, automation and scale (over 16 times larger). Moreover, given the sophistication and military style of attack methodology used by these attackers including money involved, there is strong suspicion there may be a specific hacker group (Advanced Persistent Threat) dedicated to this kind of fraud. The experiment demonstrated that attackers are attempting to use sophisticated vulnerabilities in PBXs and PBX web software (billing systems, customer relationship managers etc.) in an attempt to gain access. Attackers have access to over 1,700 numbers in over 100 countries and use a compromised botnet ii of infected devices to attack other devices. During the 146 data collection days, 154,924,606 attempts were made to gain access to our Honeypot.
To understand awareness among stakeholders and where responsibility should lie, twenty expert stakeholders were interviewed which included European Policy Specialists, Cyber Security Experts, Lawyers, an NRA, an IT Director and a Trust Expert. The findings were split into 3 key areas. Lack of awareness, shared responsibility and increasing end user awareness. There was a general lack of awareness among participants of this kind of fraud, many participants believed each stakeholder involved has a responsibility similar to that seen in the financial sector and participants were unanimous in agreeing that more needs to be done in preventing this. Participants also believed that end user awareness is extremely important in reducing not only this kind of fraud, but other cyber misuse related to IoT.
Utilising a Sequential Mixed Method of Triangulation approach (literature reviews, Honeypot experiment and stakeholder research interviews), a novel and adaptable Multi-Level Governance Framework has been developed. This framework increases awareness, mitigates damage, reduces occurrences and increases intelligence for Toll Fraud and can be adapted to other misuse of IoT use cases which utilise a public communications network. The framework also incorporates a filter specification demonstrating how providers in real-time, utilising state-of-the-art technologies can prevent this type of fraud, while decreasing caller inconvenience and bill shock. This was achieved by answering appropriate research questions and objectives. The aims of this research was to determine what happens, how it happens, why is it allowed to happen and what can be done to stop it. The developed framework has been guided by incorporating the interdisciplinary findings of this research.
University of Southampton
McInnes, Nathaniel
6745a1ed-9dd9-4c90-a5f8-8c9caf7ce57c
December 2021
McInnes, Nathaniel
6745a1ed-9dd9-4c90-a5f8-8c9caf7ce57c
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
McInnes, Nathaniel
(2021)
A Multi-Level Governance Framework for Increasing Awareness and Reducing Cyber Misuse in Next Generation Cross Border Voice Communication Networks & IoT.
University of Southampton, Doctoral Thesis, 362pp.
Record type:
Thesis
(Doctoral)
Abstract
This interdisciplinary research discusses, analyses and investigates the technical, policy and legal issues around a growing threat through the misuse of Next Generation Voice. This is funding criminals and terrorists with billions of dollars per year through the medium of Toll Fraud (primarily known as International Revenue Share Fraud, but can also include Domestic Revenue Share Fraud and arbitrage). Business phone systems, (increasingly used for Unified Communications) known as PBXs, are being systematically targeted by these criminals and are being hacked to misappropriate money via business phone lines by typically calling expensive cross border numbers. Figures from 2017 and 2019 estimate the volume of this fraud (all types) to be in excess of $10 billion per year, where the FBI and other industry experts have verified how this fraud directly funds terrorism. As the United Kingdom, along with other countries migrate on mass to Next Generation Voice, this problem will only increase. Policy does not provide a satisfactory solution to mitigate. Gaps in policy mean that service misuse does not fall within the definition of security and therefore leaves businesses with large phone bills of thousands of pounds. Businesses typically only find out when their service has been suspended or they receive their phone bill with excessive charges (bill shock).
A Honeypot experiment has brought an up to date understanding of how these attacks operate. The experiment has demonstrated a significant increase in sophistication, automation and scale (over 16 times larger). Moreover, given the sophistication and military style of attack methodology used by these attackers including money involved, there is strong suspicion there may be a specific hacker group (Advanced Persistent Threat) dedicated to this kind of fraud. The experiment demonstrated that attackers are attempting to use sophisticated vulnerabilities in PBXs and PBX web software (billing systems, customer relationship managers etc.) in an attempt to gain access. Attackers have access to over 1,700 numbers in over 100 countries and use a compromised botnet ii of infected devices to attack other devices. During the 146 data collection days, 154,924,606 attempts were made to gain access to our Honeypot.
To understand awareness among stakeholders and where responsibility should lie, twenty expert stakeholders were interviewed which included European Policy Specialists, Cyber Security Experts, Lawyers, an NRA, an IT Director and a Trust Expert. The findings were split into 3 key areas. Lack of awareness, shared responsibility and increasing end user awareness. There was a general lack of awareness among participants of this kind of fraud, many participants believed each stakeholder involved has a responsibility similar to that seen in the financial sector and participants were unanimous in agreeing that more needs to be done in preventing this. Participants also believed that end user awareness is extremely important in reducing not only this kind of fraud, but other cyber misuse related to IoT.
Utilising a Sequential Mixed Method of Triangulation approach (literature reviews, Honeypot experiment and stakeholder research interviews), a novel and adaptable Multi-Level Governance Framework has been developed. This framework increases awareness, mitigates damage, reduces occurrences and increases intelligence for Toll Fraud and can be adapted to other misuse of IoT use cases which utilise a public communications network. The framework also incorporates a filter specification demonstrating how providers in real-time, utilising state-of-the-art technologies can prevent this type of fraud, while decreasing caller inconvenience and bill shock. This was achieved by answering appropriate research questions and objectives. The aims of this research was to determine what happens, how it happens, why is it allowed to happen and what can be done to stop it. The developed framework has been guided by incorporating the interdisciplinary findings of this research.
Text
Final Submission Thesis
- Version of Record
Text
PTD_Thesis_McInnes-SIGNED
Restricted to Repository staff only
More information
Published date: December 2021
Identifiers
Local EPrints ID: 455778
URI: http://eprints.soton.ac.uk/id/eprint/455778
PURE UUID: a40de1e5-2793-456b-b600-1472d61e49f9
Catalogue record
Date deposited: 04 Apr 2022 16:44
Last modified: 17 Mar 2024 07:14
Export record
Altmetrics
Contributors
Author:
Nathaniel McInnes
Thesis advisor:
Gary Wills
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics