Rogers AT&T Billing Vulnerability; Part II


  	    'Rogers AT&T Billing Vulnerability; Part II'


 Written by: The Clone
 Date: Monday, August 6, 2001

 As mentioned in: The Edmonton Journal (08/05/01)
	          "Rogers cellphone network crippled
		   by mystery glitch"


  -=[The Glitch]
  -=[Glitch Details]
  -=[Conclusion]
  -=[References]
  -=[Contact]

 -
  The Glitch:

 What has been said as this nations largest cellular service interruption
 ever; up to 2.6 million Rogers AT&T wireless customers throughout Canada
 lost communication on Saturday evening. Customers reportedly were able to
 make calls, yet they were unable to receive them. This problem apparently
 started at 1:30pm and was fixed by Rogers staff later on that evening at
 around 11:00pm.

-
 Glitch Details:

 One thing that we noticed last night, was that we were not getting billed
 for any local or long distance outbound calls that we made. This is quite
 similar to another billing vulnerability that we discovered about 9 months
 ago; basically if you were a Rogers AT&T Pay-As-You-Go subscriber
 and you wanted to make yourself a free local or long distance call, all you
 would have to do is enter the phone number you wished to call and wait for
 it to dial. If you did not hear the automated voice telling you how much
 time you had left on your account, you didn't get time taken off - if you
 heard the voice, you did. What caused this problem was simple; if too many
 calls were incoming to to Rogers' HLR (Home Location Register) system which
 screens the subscribers ESN, MIN, phone number, and number dialed, your call
 would divert and directly connect you to your called party for free. This problem
 was recently fixed when Rogers AT&T upgraded their faulty billing system.
 However, last night just showed us something: that Rogers AT&T's supposed new
 "billing system" has larger software problems than before with their lack-of-ability
 to handle a high volume of incoming calls. 

 Spokesperson for Rogers AT&T, Heather Armstrong, told The Edmonton Journal:
 "this kind of an issue is very, very rare. This is receiving our utmost priority and
 attention." This claim, of course, is completely untrue.

- 
 Conclusion:

 Do you think it's about time that the cellular carriers start investing in
 and taking the first steps into adopting and developing open-source based
 billing module? This would help to stop the revenue-loss caused by simple
 proprietary programming errors, and open up a new industry for telecom
 security professionals ("phreaks").
 
-
 References:

 "Rogers/AT&T Pay-As-You-Go Billing Vulnerability"
 http://www.nettwerked.net/rogersatt_exploit.txt

 Edmonton Journal: "Rogers cellphone network crippled by mystery glitch"
 Sunday, August 5, 2001 - [A1] / (continued on) [A12]

-
 Contact:

 E-mail: theclone@hackcanada.com
 URL: www.nettwerked.net