Beruflich Dokumente
Kultur Dokumente
$ 24,000 !!!
/usr/share/doc/case/religious-npo
• During the course of Yom-Kipur 2009, multiple
PBX systems were compromised in the same
manner
• Most of these systems were installed by the
same Asterisk integrator – distributing their own
brew of PBX system (Asterisk+FreePBX+Gentoo)
• Capital loss to organization during Yom-Kipur
2009:
http://www.humbuglabs.org
/usr/share/doc/humbug/ABOUT
• Founded 2009
• Collaborative, Open Source, Agnostic expense
assurance and call analytics for your PBX
• Topographical fraud analysis and voice traffic
measurement
• As our data networks grow, our ability to detect
anomalies and fraud patterns increases
• Completely secured and encrypted data storage !
• First community RC1 planned for 14/11/2010 !
/usr/share/doc/humbug/SAAS
• Initially, Humbug is delivered as a SAAS for
Asterisk based systems
• Connectivity to the SAAS is available through an
encrypted API
• The connecting client is fully open sourced
• Currently correlating over 500,000 records per day
• Currently servicing both PBX owners, Tier-3
operators and an MVNE
/usr/share/doc/humbug/SAAS-ARCHITECTURE
United Kingdom Israel United States
Encry
pted
API te d API
p
Encry
Database
Cluster
/usr/share/doc/humbug/FRAUD-FACTS
• Fraudsters are becoming more and more
resourceful
• Fraudsters are caught when they become greedy
• Greed (or plain capital shortage) can turn an
integrator into a fraudster – it’s very tempting
• In order for a fraud attack to be successful across
the globe – it requires great resources from the
fraudster
• Always expect fraud to originate from the least
expected source
/usr/share/doc/humbug/SAAS-Facts
• Humbug is not a fail-2-ban or security system – it is
a monitoring system. Your IT security is up to you!
• It is fairly complicated to identify small scale fraud,
however, when utilizing multiple sources the
patterns emerges.
• Fraud is usually based on long distance fraud or toll
fraud – repetitive patterns can be observed across
the network
• We trust no one – fraudsters hook up their systems
to our SAAS – trying to increase noise/signal ratio
/usr/share/doc/humbug/ROADMAP
• Initial services include Analytical Engine services
• Initial community release includes the Analytical
Engine
• SAAS based Fraud Analysis offering is planned for
Q2 2011
• CPE based licensing for Fraud Analysis is planned
for Q4 2011
• SAAS users will be offered telephony fraud
insurance services – planned for Q3 2012
/usr/share/doc/humbug/QUESTIONS?
http://www.humbuglabs.org
/usr/share/doc/humbug/CONTACT
Nir Simionovich
nirs @ humbuglabs.org
nirs @ greenfieldtech.net
http://www.humbuglabs.org
http://www.greenfieldtech.net
http://www.simionovich.com
http://www.asterisk.org.il