Free Runescape Membership for Australia's Phone Phreaks

by JoHarrington

Telstra customers were left footing the bill, as criminals spoofed their telephone numbers to gain free Runescape subscriptions.

There are many ways to buy membership for the MMORPG Runescape. Paybyphone is just one method, whereby a code is given over the telephone.

Following a two week period in April 2012, dozens of Australian Telstra customers were shocked to discover that they had apparently done just that. Not once, but many times.

Each surfpin should cost just AUS$13.99. Their 'phone bills ran the real costs into the hundreds; and most of the customers had never even heard of Runescape!

Telstra Compromised by Runescape Playing Criminals

Caller ID Spoofing was probably used to access the telephone lines, so membership could be purchased.

Telstra's numbers had been compromised sometime during the first week of April 2012. After that, anyone whose telephone number began with 4963 was vulnerable.

Someone used a Caller ID Spoof to use those lines to call 1900 910 080. This was the Runescape paybyphone line. Each time it was called, it cost the account holder the price of membership into the game.

These lines weren't just used once, but many times.

The operator would have charged the account and handed over a Surfpin code. That four figure number allowed one month's membership into the game.

No-one was any wiser until the itemized bills came out. Then, one by one, the complaints came flooding into Telstra. The company quickly realized that something fraudulent had taken place.

Chris Cusack, speaking on behalf of Telstra, told the Newcastle Herald, "Our investigation is continuing and we have now briefed police." Naturally no other details were forthcoming.

It's understood that Jagex, Surfpin and Cloudtel, who all have a stake in facilitating this mode of buying Runescape subscriptions, are all helping police with their inquiries. It's not known, at this stage, if the 'phone phreaks were even Australian. They could have called from anywhere in the world.

In the meantime, many Australian house-holders are left with bills reaching into the hundreds of dollars.

Books about Telephone Vulnerabilities

Buy these guides to learn how people may spoof your calls without you knowing a thing about it.

What is Caller ID Spoof?

It's making a call which appears to come from somebody else's 'phone line.

Software technology is used to mask a 'phone number, so that the call appears to originate elsewhere.

The programmed number will show up on the caller ID screen of those receiving the call. Crucially, the real owner of that line will receive all charges.

The 'phone phreaks involved only need to know what the target's 'phone number is. They don't even have to access the Telstra system nor tap the wires.

This scam is quickly becoming one of the biggest problems in cyber-crime; and one which the world's major telephone companies are keen to pretend isn't happening.

When Telstra customers first lodged their complaints, they were accused of lying. Call center operators stated that they must each have made the calls that were on their itemized bill. It was only when the scale of the breach became apparent that apologies were made.

Telstra is reportedly refunding the money.

News Reports on this Story

The Newcastle Herald
Police have become involved in an investigation into how dozens of Telstra customers with numbers starting with 4963 were wrongly billed for calls to an internet gaming site.

The Newcastle Herald
THE number of Telstra customers caught in an apparent phone scam has snowballed, with at least 60 homes and businesses in the Merewether area now affected.

The Newcastle Herald
TELSTRA will review the bills of thousands of its Newcastle customers to check if they have been incorrectly charged for calls to 1900 sex and gaming information services.

The Newcastle Herald
TELSTRA investigators suspect that customers in the Merewether area whose accounts were charged for 1900 calls they didn’t make have been the victims of an elaborate fraud scheme.

Updated: on 03/19/2014, JoHarrington
 
Thank you! Would you like to post a comment now?
6

Comments


   Login
JoHarrington on 04/30/2012

Unfortunately I don't know enough about the phone networks to comment about it. But I think it will be incredibly difficult to trace them. Not impossible, just difficult.

Ember on 04/30/2012

Wow. That's different. :|

How do they manage to do that? Is it traceable to the original phone line that made the call, or will they have a harder time finding the thieves?

JoHarrington on 04/30/2012

It confused me too. It can't be bog standard Caller ID Spoofing, because they actually did get the number. It has to be some kind of box phreaking to my mind.

Liam D on 04/30/2012

What an odd story.

I'd like to know how the phreaks managed to do it, as the technology has had anti-phreaking systems in place since the early 90's. Saying that, TeaMp0isoN allegedly used a phreaking technique when they screwed around with Scotland Yard earlier this year.

Just another reason to ditch landlines



Disclosure: This page generates income for authors based on affiliate relationships with our partners, including Amazon, Google and others.
Loading ...
Error!