'Rogers AT&T Billing Vulnerability; Part II' Written by: The Clone Date: Monday, August 6, 2001 As mentioned in: The Edmonton Journal (08/05/01) "Rogers cellphone network crippled by mystery glitch" -=[The Glitch] -=[Glitch Details] -=[Conclusion] -=[References] -=[Contact] - The Glitch: What has been said as this nations largest cellular service interruption ever; up to 2.6 million Rogers AT&T wireless customers throughout Canada lost communication on Saturday evening. Customers reportedly were able to make calls, yet they were unable to receive them. This problem apparently started at 1:30pm and was fixed by Rogers staff later on that evening at around 11:00pm. - Glitch Details: One thing that we noticed last night, was that we were not getting billed for any local or long distance outbound calls that we made. This is quite similar to another billing vulnerability that we discovered about 9 months ago; basically if you were a Rogers AT&T Pay-As-You-Go subscriber and you wanted to make yourself a free local or long distance call, all you would have to do is enter the phone number you wished to call and wait for it to dial. If you did not hear the automated voice telling you how much time you had left on your account, you didn't get time taken off - if you heard the voice, you did. What caused this problem was simple; if too many calls were incoming to to Rogers' HLR (Home Location Register) system which screens the subscribers ESN, MIN, phone number, and number dialed, your call would divert and directly connect you to your called party for free. This problem was recently fixed when Rogers AT&T upgraded their faulty billing system. However, last night just showed us something: that Rogers AT&T's supposed new "billing system" has larger software problems than before with their lack-of-ability to handle a high volume of incoming calls. Spokesperson for Rogers AT&T, Heather Armstrong, told The Edmonton Journal: "this kind of an issue is very, very rare. This is receiving our utmost priority and attention." This claim, of course, is completely untrue. - Conclusion: Do you think it's about time that the cellular carriers start investing in and taking the first steps into adopting and developing open-source based billing module? This would help to stop the revenue-loss caused by simple proprietary programming errors, and open up a new industry for telecom security professionals ("phreaks"). - References: "Rogers/AT&T Pay-As-You-Go Billing Vulnerability" rogersatt_exploit.txt Edmonton Journal: "Rogers cellphone network crippled by mystery glitch" Sunday, August 5, 2001 - [A1] / (continued on) [A12] - Contact: E-mail: theclone@hackcanada.com URL: www.nettwerked.net