The Hindu Business Line : Stumped by the phone bill?

IT'S an innocuous-looking envelope all right - your telephone bill. But when you scan the bill, it feels like a mighty fist has just knocked the stuffing out of your nose.

From the usual modest four-digit figure, your bill presents charges of Rs 20,000.

How could this have happened? you fume. But your service provider, after you've calmed down enough to call him, insists that the calls originated from your instrument.

Welcome to, or rather, guard against the world of modem hijacking.

Particularly vulnerable are people using a dial-up modem to access the Internet. For the record, modem hijacking could be only one of the reasons that cause your bill to go sky-high. But it's a bad enough reason to focus an entire article on. Read on.

You could be surfing the Internet and without realising it, have malicious software downloaded to your computer. This software disconnects you from your usual dial-up Internet connection and reconnects you to another, expensive phone line. Even when your computer sits idle for long periods of time, this dialer may still be hooking you up to long-distance numbers and sending the charges to your phone bill.

Murali Madhavan, General Manager, BSNL, says modem hijacking is a real threat faced by someone who has his computer connected to a dial-up modem in addition to some other means of connecting to the Internet, which could be a broadband connection, or a company LAN.

What usually happens is that dialers, the new breed of software, use the modem to surreptitiously dial long-distance telephone numbers, running up enormous charges on your phone bill. Some operate while you're surfing the Web, dropping your dial-up connection and reconnecting you through a new number. Others operate when you're away from your machine, dialling numbers after the system sits idle for long periods of time.

May be there isn't too much cause for worry for the average home user because he is unlikely to have both types of terminations simultaneously on his home PC. A broadband user would in all probability have discarded/traded in his or her dial-up modem in favour of the broadband modem, and in no case have more than one telephone line connected to the PC.

Threat or no for some, the question one would ask is `why cannot I as a user increase my security settings to avoid modem hijacking?'

According to Sify, "Modem hijacking has typically been done by rogue telephone companies that present high phone bills because of the numbers dialled by the software. Internet users can protect themselves by rejecting the Active X code in their Internet browser which is what typical diallers are loaded onto systems with. However, in India, telephone companies are very high-profile and would not be able to fraud customers this way."

Dialers are often downloaded onto systems using Internet Explorer through an ActiveX Script. The best way to avoid this is to set the Internet security settings to `medium' and the computer will be prohibited from downloading any ActiveX controls without the user's permission, a recommendation from Microsoft.

But not all dialers are downloaded through ActiveX. Some can be in the .exe files or any other script, which would fool the computer.

Madhavan notes that where modem hijacking can occur is with the corporate user who has an Internet access through his company LAN, while his workstation is also connected to the telephone system/epabx for VoIP purposes, etc. "I have not come across such a set-up in India, because VoIP to PSTN connectivity is still taboo here. As I see it, the home user need not bother. Corporate users should be guided by their system administrators. And for India, for the happening of such a thing, I would put the projection at zero," he says.

But instances where it has happened elsewhere sound alarming. Take Alice Seba, US, author of An Internet-based Mom's guide to Marketing your website.

She found herself saddled with an entra-large phone bill after searching the Web for downloadable ring tones for her husband's mobile.

Countries such as Sri Lanka and the US have already started taking action against modem hijacking. New York lawmakers unveiled a Bill in April 2005, which, if passed, would allow telephone companies to bring lawsuits against modem hijackers.

Hijackers tap into people's modems by luring computer users to specific Web sites — sometimes through e-mails — where pop-up windows emerge, inviting the user to click on them. The windows authorise downloading of modem software that is then remotely accessed to make international calls that are charged back to the user. New York's Bill appears to be the first of its kind to target modem hijacking specifically. Other States are considering similar, broader Bills.

Sri Lanka's telecom watchdog is taking steps to block international direct dialing (IDD) access to 12 countries to prevent modem hijacking and Internet scams. It aims to protect the public from frauds related to premium rate services known as `modem hijacking', `Internet dumping' and `dialer hijacking'.

Over 30 customers of Sri Lanka Telecom (SLT) had earlier complained to the Telecommunications Regulatory Commission that their bills far exceeded actual calls made by them. These unauthorised calls were terminating at Solomon's Island, Vanuata, Cook Islands, Wallis, Funtana Islands, Papua New Guinea, Nauru, Tuvalu, Tokelau, Western Samoa, Kiribati, Niue Estonia.

As far as the Indian scenario goes, here's Madhavan's suggestion:"Everyone will be well-advised to keep the modem (dial-up or broadband) switched off when not in use. This will avoid unwanted Internet/telephone traffic."

savitharin@gmail.com

Picture by Bijoy Ghosh

More Stories on : Telecommunications | Internet

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Spot a new hotspot

Stumped by the phone bill?

It's the court's call

This catch is from the deep Web

Google keeps `em guessing

Smart traveller

Disabling PXE boot

`Let me tell you what to do'

Stuck in the last lap

Gift a gadget this season

Quiz

More light on computer security