MobiPot: Understanding Mobile Telephony Threats with Honeycards

Over the past decade, the number of mobile phones has increased dramatically, overtaking the world population in October 2014. In developing countries like India and China, mobile subscribers outnumber traditional landline users and account for over 90% of the active population. At the same time, convergence of telephony with the Internet with technologies like VoIP makes it possible to reach a large number of telephone users at a low or no cost via voice calls or SMS (short message service) messages. As a consequence, cybercriminals are abusing the telephony channel to launch attacks, e.g., scams that offer fraudulent services and voice-based phishing or vishing, that have previously relied on the Internet. In this paper, we introduce and deploy the first mobile phone honeypot called MobiPot that allow us to collect fraudulent calls and SMS messages. We implement multiple ways of advertising mobile numbers (honeycards) on MobiPot to investigate how fraudsters collect phone numbers that are targeted by them. During a period of over seven months, MobiPot collected over two thousand voice calls and SMS messages, and we confirmed that over half of them were unsolicited. We found that seeding honeycards enables us to discover attacks on the mobile phone numbers which were not known before.

[1]  M. Newman,et al.  Finding community structure in networks using the eigenvectors of matrices. , 2006, Physical review. E, Statistical, nonlinear, and soft matter physics.

[2]  Ge Zhang,et al.  Detecting Near-Duplicate SPITs in Voice Mailboxes Using Hashes , 2011, ISC.

[3]  Nan Jiang,et al.  Greystar : Fast and Accurate Detection of SMS Spam Numbers in Large Cellular Networks using Grey Phone Space , 2013 .

[4]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[5]  Nan Jiang,et al.  Isolating and analyzing fraud activities in a large cellular network via voice call graph analysis , 2012, MobiSys '12.

[6]  References , 1971 .

[7]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM.

[8]  M. Ivimey Annual report , 1958, IRE Transactions on Engineering Writing and Speech.

[9]  Markus Jakobsson,et al.  Scambaiter: Understanding Targeted Nigerian Scams on Craigslist , 2014, NDSS.

[10]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[11]  Mustaque Ahamad,et al.  Phoneypot: Data-driven Understanding of Telephony Threats , 2015, NDSS.

[12]  Federico Maggi Are the Con Artists Back? A Preliminary Analysis of Modern Phone Frauds , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[13]  Guofei Gu,et al.  HoneyStat: Local Worm Detection Using Honeypots , 2004, RAID.

[14]  Aurélien Francillon,et al.  The role of phone numbers in understanding cyber-crime schemes , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.