RE: A Canada based wardialer/hacker: +16045507000

• Previous message: Eric Kollmann: "Re: Backdoor.coreflood infection"
• Maybe in reply to: Jeroen Wesbeek: "A Canada based wardialer/hacker: +16045507000"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 6 Sep 2003 01:32:15 -0700
To: Lucretia <lucretias@shaw.ca>, "Jeroen Wesbeek" <duh@dowebwedo.com>

I'll have this cleared up.
Thanks for the alert.

Greg Rudman Esq.
TELUS IT Infrastructure
Team Support Manager
Vancouver, BC, Canada

-----Original Message-----
From: Lucretia [mailto:lucretias@shaw.ca]
Sent: September 3, 2003 9:42 AM
To: Jeroen Wesbeek
Cc: incidents@lists.securityfocus.com
Subject: RE: A Canada based wardialer/hacker: +16045507000

If I can help a bit.

Yes this number is originating in Vancouver, BC, Canada, but the exchange
(550) is a exchange used by large companies almost exclusively, including
the phone company Telus.

It's possible someone was trying to avoid tracing by avoiding ANI
information they may have had the call routed through a Long Distance
operator (I don't know what they are called today) which are now no longer
the sole domain of A phone company (all use the same LD call center. Also
note that any TELUS customer performing this would show a routing
potentially from a +1-604-550-xxxx number. So if a customer in Ontario
Canada called Telus long distance (0...hi can you help me with a long
distance call?) chances are the call would route via Vancouver as this is
where all the facilities are, then the call would be placed with the ANI
info of the call centre or no ANI info (which could be why you can't find
more info on the phone number). Bell Canada (our other major phone co.) has
its services in the lower Ontario/Quebec corridor.

It is unlikely that a hacker or other has hijacked Telus' hardware, rather
it could have been:

Someone making a call from a payphone.

Someone making a call via operator.

Someone making a call via XXX KSU system in XXX offices.

FYI we get calls all the time coming from PROVICIAL NUMBERS (Alberta, BC,
Ontario) as these are calls from people that went through a operator
facility and the ANI came from there as the originating caller rather than
the actual person who placed the call.

Which could be why its the biggest caller of European calls =)
(I'd like to place a person-to-person call please...)

Just my thoughts,

James Friesen
CIO
Lucretia Enterprises
info@lucretia.ca

> -----Original Message-----
> From: Jeroen Wesbeek [mailto:duh@DoWebWeDo.com]
> Sent: Tuesday, September 02, 2003 3:59 AM
> To: 'incidents@lists.securityfocus.com'
> Subject: A Canada based wardialer/hacker: +16045507000
>
>
> Hi all,
>
> I have got a bit of an ackward posting for you all, since this is
> not really
> internet/servers related but (back-to-the-old-days) phone related.
>
> I am located in the Netherlands and this morning (Tuesday
> september 2nd) at
> around 09:30 am CET I received an international telephone call from an
> international number: +16045507000. Since I am carefull by nature
> and didn't
> know of any foreigners who would call me I didn't answer it. Seconds after
> that I got a second call originating from the same number, so I decided to
> answer it but the other end of the line was silent so I broke the
> connection.
>
> Ofcourse I was curious what this call was so I searched for the
> originating
> area/country which, according to
> http://www.telefoongids.nl/internationaal.html, is Vancouver, Canada
> (+1604). At first I though two Canadians who where staying here in Holland
> with a friend of mine had somehow tried to contact me, but after calling
> them I could rule that out (they even didn't have my phone number). So I
> tried to reverse lookup the phone number on several sites but
> unfortunately
> they didn't find anything. According to
> http://infospace.com/info/reverse_ca.htm the Area Code 550 is a
> "Geographic
> Relief Code" hence a code which has been reserverd for future use. When I
> tried to dial to the mysterious number +16045507000 I got a
> recording saying
> that I had to dial a 0 or a 1 before the area code; obviously
> this number is
> not in use.
>
> At last Google gave a result on the searchquery 604-550-7000
> (http://www.google.nl/search?hl=nl&ie=UTF-8&oe=UTF-8&q=604-550-700
0&lr=) but
the postings I read on the page it refers to
(http://www.payphone-directory.org/discussion/sub2.html) seem to indicate
this call was made by a hacker, a wardialer (someone mentions this number
being a Telus routing number and routing numbers used to be abused by
wardialers in the pre-internet era) or some other automated system.

According to
http://www.telefon-treff.de/showthread.php?s=6c6f093022eebd23a78907cb0fb3431
c&threadid=68136 more europeans have received a call from this Canada based
telephone number.

I am really curious what this call is all about, has anyone else reveived
calls from this number and/or know what this is?

Jeroen

dowebwedo
Jeroen Wesbeek
.programming
St. Jacobsstraat 16 | 3511 BS Utrecht
Postbus 448 | 3500 AK Utrecht
The Netherlands
www.dowebwedo.com
p +31 (0) 30 234 81 10 | f +31 (0) 20 773 83 38 | v +31 (0) 20 773 83 38

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

• Previous message: Eric Kollmann: "Re: Backdoor.coreflood infection"
• Maybe in reply to: Jeroen Wesbeek: "A Canada based wardialer/hacker: +16045507000"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]