Icstis lied about rogue dialler fraud

wantmemoney

Throughout 2004 thousands of families were forced to pay bills for internet services they claimed they did not request, had not agreed to pay for and had not recieved.
This was not a scam. It was a massive multi-million pound fraud being operated by UK companies being protected by Icstis and others.
There are currently talks with the DTI requesting a criminal investigation. If you were a victim I suggest you contact your MP.

Telecom One ltd were involved in 20% of all dialler fraud. It was only partly investigated by the BBC in 2005.
http://news.bbc.co.uk/1/hi/business/4397308.stm
Throughout 2004 Icstis claimed the services the victims were being forced to pay appeared to be compliant with their code.

Telecom One supplied the 3,000 premium rate numbers (0909967****) that were used.
Three companies:

Premium Media Communications
Sun Telecom SL
SX Networks

set up a number of "service providers" in Majorca. The numbers were programmed into illegal internet software called "rogue diallers".

Sir Alistair Graham (Icstis) has recently identified the Telecom One service providers in this Ofcom case from 2005.
CW/00833/04/05
http://www.ofcom.org.uk/bulletins/comp_bull_index/comp_bull_ccases/closed_all/cw_833/

Case opened: 17 May 2005
Issue: ICSTIS, the premium rate services regulator, alleged that Telecom One Limited ("Telecom One") had failed to comply with Directions made by ICSTIS under its Code of Practice and that, as such, Telecom One was in breach of the condition made by Ofcom under section 120 of the Communications Act 2003 ("the Act") for the purpose of regulating the provision, content, promotion and marketing of premium rate services ("the PRS Condition").

ICSTIS alleges that Telecom One provided inadequate, incomplete or late responses to its Directions. ICSTIS submitted correspondence between it and Telecom One as supporting evidence.

Given the substantive supporting evidence submitted by ICSTIS in respect of its complaint, Ofcom considers it is appropriate for it to investigate these matters further.

Thank you for your email of the 5 October 2006 inquiring about Ofcom case reference CW/00833/04/05.
This Ofcom case arose following ICSTIS’ referral to them of network operator Telecom One. The service providers, to whom this Ofcom case refers, are: Massalia Telecom, Adventive Media and World Travel. The fourth referral mentions various service providers of dialler services, including:

o Premium Media Communications
o Cala de Plata
o Inversion Zarnosa
o Quizir
o Amara Amichi
o Ibero Latino
o Mesa Rotation

These are the service providers responsible for the dialler fraud in the BBC program.
They accounted for 20% of all dialler fraud in 2004.
It's now clear that throughout 2004 Icstis knew BT was billing for services that they had every reason to believe were fraudulent and infact did not exist.
If you were/are a victim of any dialler fraud I suggest you contact your Member of Parliament.

hammy_the_hammer

please explain how you think BT , NTL and any other telephone line provider should have acted differently.
the blame unfortunately for rogue diallers lies with the customer who accessed these dodgy websites.

Fraudanalyst

Hi Hammy (and hi to this forum). You have 761 postings here, I have one. But I guess that I'm deeper into the topic than you are... Most of the 10,000 postings I have written before are in German so they may not be a relevant reference here (and most of my English postings are hidden from the eyes of a spanish lawyer and the rest of the public at the moment)

Let's get to the point...

hammy_the_hammer wrote:

please explain how you think BT , NTL and any other telephone line provider should have acted differently.

The "dialler" as a billing method is known since 1996 and right from the beginning you could also find "rogue dialling".

one example:FTC and the "Moldovan Case" 1996/97

Mr_Bernstein_from_FTC_in_1997 wrote:

"We’re talking about a high-tech fraud that threatens traffic on the information superhighway," said Jodie Bernstein, Director of the FTC’s Bureau of Consumer Protection. "The defendants secretly loaded their software onto consumers’ computers, causing them to dial expensive Moldovan phone numbers; consumers didn’t find out until their phone bills came and then it was too late. The software program used by the defendants risks consumers’ sense of security about using the Internet. As in previous cases involving emerging technologies, our goal was to act as quickly as possible to prevent wide scale misuse of a sophisticated telecommunications technology to defraud consumers."

Again: That was in 1997! But compare that to the 2004 statements in the House or from ICSTIS... Sounds familiar...

In the history of the dialler services there was never any phase where these services have NOT been used fraudulent.

This is very important if you want to judge what the big Telcos worldwide did say about and did do against dialler fraud later - when it became a more and more relevant topic for the public and media. Any UK John Smith could have been surprised about the scope of the problem in 2003 or 2004 - but not BT, ICSTIS or OFCOM.

So a lot could have been done between 1997 and 2004... The huge number of victims in UK in 2004 was directly caused by the failures of the industry and the regulators which of course had a very clear idea about the risks.

the blame unfortunately for rogue diallers lies with the customer who accessed these dodgy websites.

No. Why should it? It's just that in UK no one asks for a court decision... In Germany the mother of a 16 year old boy did and our highest court said "No! You don't have to pay for a bill caused by a rogue dialler". That's what any thinking mind would say...

The rest of the topic I did already say in another forum
http://forums.ntlhell.co.uk/index.php?showtopic=9488&st=17#

The problem of rogue dialling is as old as is the dialler as a "billing system". The rest of the topic is part of legends and myths produced by the industry (of which ICSTIS is a part of in a way).

My "favourite" myth is the so called "rotten apple theory" which says that "a few fraudsters destroy the business of the 'honest' providers". Take a look at Germany: We had hard years of fighting against "rogue dialling" here... Finally there was a simple decision, that any provider has to clearly mention the prize of a connection before establishing the connection (via PRN). The effect was, that only "honest providers" remained. Really. Can you imagine how that looked like? There are nearly no diallers anymore in Germany. What does that tell you about the "honest providers"?
A nice story.

see here:
http://forums.ntlhell.co.uk/index.php?showtopic=9488&st=25#

read this:

Deutsche Telekom as the primary billing agent had thus functioned as a "mere paying agent." But then consumers, in the opinion of the Court, have by dialing up not entered into a contractual agreement with the operator of the traffic network or platform for the value-added service call number(s) in question. "The averagely knowledgeable and well-informed telephone and Internet user is not aware of the chain of payments that holds between the subscriber network operator and the supplier of value-added services," the Court states. Therefore "the user's act of dialing up the value-added service cannot be construed as a declaration of intent on the part of the user to enter into an agreement with the entity administering the telephone number in question." The (traffic-enabling) provider was "from the point of view of the customer a vicarious agent of a third party," the Federal Supreme Court concludes.

Only the party that had supplied the value-added services was creditor to the customer, the Court declares. In this regard the matter of whether or not the call-number operator had already paid out the sum in question to its value-added services partner was irrelevant in law, the 3rd Division for Civil Matters of the BGH makes clear. This was up to the contractual terms agreed between these two parties.

bbb_uk

hammy_the_hammer wrote:

the blame unfortunately for rogue diallers lies with the customer who accessed these dodgy websites.

I personally think that's unfair.

A lot of the time the user isn't aware that anything has been downloaded especially during the times that rogue diallers fraud was at its greatest peak.

Just visiting what looks like a normal everyday website, at the time, could easily have resulted in unknowningly downloading spyware/adware and rogue diallers amongst other things. This can still happen now except to a lesser degree as in a some cases IE6 blocks it except for those that have found a way around IE6 prompts.

If anyone agreed to downloading the rogue diallers then that is obviously a different matter but it's unfair to say that this was done by visiting dodgy websites.

bbb_uk

I'm also trying to figure out where the title comes from of thread comes from?

Yes, Ofcom should have acted sooner but it's common for Ofcom to take their time over thing. ICSTIS could have acted a bit sooner but I think at that time their codes of practice/remit had some limitations.

I believe the latest codes of practice which all need (and have) Ofcom approval, allows for us to claim back the money spent on 09x providing the service provider and company concerned broke some serious rules, etc or mislead customers to ring them.

wantmemoney

Here is an example of Icstis misleading the media
http://news.zdnet.co.uk/security/0,1000000189,39158412,00.htm

However, when ICSTIS investigates these complaints, it often finds that the companies concerned appear to be conforming to ICSTIS' standards, according to Suhil Baht, policy advisor at ICSTIS. This has led the regulator to turn to the NHTCU.

"If it's only a few cases, then we can put it down to the husband or kids not admitting to surfing !!!!!!, but if 300 customers are saying the same thing about one company, then we can't ignore it," said Baht. "We can't work out what the problem is, so have recently started talking to the Hi-Tech Crime Unit so they can do a criminal investigation."

In 2005 Icstis complained to Ofcom that Telecom One would not give them details of their Majorcan sevice providers so they could establish whether they were compliant or not.

One of the service providers Quizir sl had been under Icstis investigation from 1st Jan 2004 onwards. They were using 900 numbers all had been complained about. If each number only recieved one complaint, that would be 900 complaints. The Guardian reporter was told by Icstis in July 2004 That the Majorcan numbers on his bill had each recieved at least 25 complaints that month.

900 x a > 300

Quizir sl had been supplied with 900 numbers by Telecom One

09099676060 to 09099676459 and 09099677100 to 09099677599
If you enter them into Icstis web site they are stll under "investigation" today.

Icstis knew all about one of the companies and its director in 2002

Service Provider
Sun Telecom, Palma de
Mallorca (Spain)
Service Type & Tariff
Online visual element:
£1.50 per minute
Complaint Source
Public (1) – Kings Lynn
Network Operator
Telecom One
Complaint
A member of the public complained about an online visual element
service which allowed PC users to download ringtones and logos to their
mobile phones. The service was operating without having obtained the
required prior permission from ICSTIS and without the required walled
garden (2.3.1 eighth edition). Monitoring by the Secretariat found that
one of the URLs from which the service could be obtained contained a
dialler that downloaded automatically without authorisation and
connected to a premium rate number without the knowledge or consent
of the user (3.3.1a eighth edition).
While call costs were provided prior to connection in most instances, the
service did not contain an on-screen clock and company contact/identity
details were omitted throughout (3.4.2 and 3.5 eighth edition). In
addition, the website promoting the service referred to the service using
the phrase “free operator logos and ringtones for your Nokia” (3.8 eighth
edition). Call revenues were requested, together with details of the service
provider’s relationship, if any, with the American Telephone Company,
with whom they shared their business address (5.2.3 eighth edition)

The director of Sun Telecom is the Dane mentioned in the BBC program. In mid 2006 he was convicted in Hamburg for a massive telecom fraud.
Interestingly he was a Director of Telecom One in 1997.

hammy_the_hammer

i'll repeat how do you think the providers like BT and NTL could have acted any differently at the time ?
all that was being accessed was premium rate numbers.

hammy_the_hammer

bbb_uk wrote:

I personally think that's unfair.

A lot of the time the user isn't aware that anything has been downloaded especially during the times that rogue diallers fraud was at its greatest peak.

Just visiting what looks like a normal everyday website, at the time, could easily have resulted in unknowningly downloading spyware/adware and rogue diallers amongst other things. This can still happen now except to a lesser degree as in a some cases IE6 blocks it except for those that have found a way around IE6 prompts.

If anyone agreed to downloading the rogue diallers then that is obviously a different matter but it's unfair to say that this was done by visiting dodgy websites.

the attempt to get you to click to download diallers (in whatever form that box on the screen looked like ) didn't come from everyday sites. IMHO

bunking_off

hammy_the_hammer wrote:

the attempt to get you to click to download diallers (in whatever form that box on the screen looked like ) didn't come from everyday sites. IMHO

I would by no means suggest that everyone who was a victim of such fraud picked up the rogue software from ropey sites. However, it is generally accepted wisdom in the industry that the majority of such diallers weren't exactly downloaded from the BBC website or moneysavingexpert.com - analysis has shown "free" MP3 and p0rn sites were a frequent source. To a degree, it's a bit like if you walk down a dark street in a dodgy area at night, you'd be well advised to take precautions...the internet is no different.

When informed to do so, originating operators such as BT do take measures to block access to numbers where fraud is known to occur. The problem is that it's not technically easy to block an individual number versus a whole 10k block, and a balance has to be struck between cutting off the rogue number versus damaging the commercial interests of the other 9999 number holders. Also, the instruction to block the number has to come from someone in a position of authority because otherwise it could be a competitor seeking to damage a legitimate business, hence exposing the telephone operator to subsequent litigatation. I'd also highlight that although most telephone network operators do have the commercial freedom to block numbers, BT are unique in that they have Significant Market Power hence are legally obliged to carry calls to all numbers. To this end, BT did at least provide free software to alert customers to what was going on...in my analogy above they provided a torch to be used on the dark street.

ICSTIS perhaps didn't act quickly enough, but they're a small outfit and were simply overwhelmed by the level of autodialler fraud. They've also sought to head off more fraud by e.g. seeking to block moves from the EU to enable a "pan-European" premium rate service range.

There are moves afoot now to put considerably more onus on the telecom operator that provides service to the fraudster. What tends to happen is that it's a minority of operators who are less careful about who they do business with. Changes to the rules currently going through will mean that such operators could be barred from getting any more numbers. The situation where as a telephone operator the behaviour of your customers could lead to you being closed down will undoubtedly focus minds.

wantmemoney

The level of complaint in 2004 could only have been caused by drive-by diallers.
The story put about by Icstis and the Industry that tens of thousands of families had all caught a "pox" from visiting illegal !!!!!! sites was pr rubbish.

Drive-by
This term is loosely used for a stealth software installation the user does not initiate. In some cases, simply visiting a Web page can download malicious programs to a PC without a user's knowledge or consent. In other cases, a pop-up ad might be used to initiate a drive-by installation.

The same consumer laws apply to BT's billing platform as apply to Tesco's checkout billing platform.
The fact that BT was billing on behalf of a third party in no way affects the rights of the consumer.
The bill for the "service" or "tin of beans" is not legal if the "request to purchase" was obtained fraudulently. It's not legal if there was no agreement to pay.
The fact that BT claimed they had no way of knowing the bill was the result of fraud is not an excuse that exists in law.
What should BT have done. Well, after the first few thousand identical complaints alledging fraud about the same service they should have sorted the problem out with the corrupt Industry on whos behalf they were billing.
The DTI has been asked to investigate. If anybody were victims of rogue diallers I suggest you contact your MP.

wantmemoney

Hi bunking_off and hammy, it's possible you don't understand the scale that these frauds were being operated. These are most of the companies a single group set up at several addresses in Majorca. Icstis and BT recieved numerous identical complaints for each number. Tens/???? of thousands of complaints in total. They accounted for 20% of all complaints Icstis recieved in 2004. Despite this BT were allowed to continue billing for the numbers throughout 2004.
Now if you read post #1 again I believe you will understand what I am trying to say.

Premium Media Communications
09099673654 to 09099673953 = 300 premium rate numbers

Quizir SL
09099676060 to 09099676459 and
09099677100 to 09099677599 =900 premium rate numbers

Mesa Rotation
09099678600 to 09099679099 =500 premium rate numbers

Amara Amichi
09099679100 to 09099679299 and
09099679608 to 09099679907 =500 premium rate numbers

Cala de Plata sl
09099678100 to 09099678599 =500 premium rate numbers

Telecolux sl and Jokomo Media sl =100 premium rate numbers

There are a few others. This gang were using approx. 3,000 in total

The DTI has been asked to investigate. If anybody were victims of rogue diallers in 2004 I suggest you contact your MP.