(keitai-l) Re: GPRS billing hack

From: Nick May <nick_at_kyushu.com>
Date: 10/03/03
Message-Id: <888AD4D1-F555-11D7-92B0-00039377A93A@kyushu.com>
It may well be a hoax - I am not trying to defend it. I don't think we 
have enough information to judge yet.

But where people's criticisms are misplaced, that is worth pointing 
out....

And in that spirit....

>  "[take] money out of the GPRS billing
> system"? This sounds like total rubbish to me. Unlike bits, we have
> people (known as accountants) who keep track of money, and who can
> easily find out who they gave it to, if they have any interest.

I used to do Information Systems Auditing for one of the UK big 4 (as 
they then were). Your faith in accountants and accountancy systems is 
touching but misplaced.

1) They have to know there is a problem before they look.

2) They have to be collecting the relevant data (bits, as you call 
them). The claim is that the billing system is compromised. So the 
"bits" may not accurately reflect what happened. Garbage in, garbage 
out. (* but see below).

3) the audit trail may well hit a wall fairly quickly. They may know 
that they gave money to entity X, but have no idea of the real identity 
of X.

If there is a problem, they may well have known about it for ages but 
not wanted to take the reputation hit and loss of revenue that 
admitting it might have lead to.

Of course, this all comes from a firewall vendor with a product to 
sell, so the whole thing should be taken with a a small salt-mine of 
sodium chloride.

We need to know more. The criticisms made to date against Kewney's 
report all fail I believe - and that is true whether or not it is a 
hoax.

Nick

* (Actually, I am being unfair, my accountant takes garbage in and 
produces lots of nice sheets that keep the tax office happy. But we are 
not actually talking "accurate reflection of reality", it's more 
re-arranging the garbage to make it look pretty and smell nice.)


On Friday, October 3, 2003, at 12:16 PM, keitai-l@appelsiini.net wrote:

> From: "keitai-l@appelsiini.net" <keitai-l@appelsiini.net>
> Date: Fri Oct 3, 2003  12:16:38 PM Asia/Tokyo
> To: keitai-l@appelsiini.net
> Subject: (keitai-l) Re: GPRS billing hack
>
>>> and, unbelievably, there was nothing to stop them simply providing
>>> services direct to that IP address - and taking the money out of the
>>> GPRS billing system to pay for it.
>
> Just how on earth does someone "[take] money out of the GPRS billing
> system"? This sounds like total rubbish to me. Unlike bits, we have
> people (known as accountants) who keep track of money, and who can
> easily find out who they gave it to, if they have any interest.
>
> I agree with Mika here, this sounds like a hoax.
>
> cjs
>
>
>
Received on Fri Oct 3 06:55:48 2003