3 cents per issue: how much our data is worth in the "black market" of call centers

3 cents per issue: how much our data is worth in the black market of call centers

The investigation by the postal police revealed a traffic of sensitive information resold to fraudulent call centers to place telephone contracts when there was a disservice

Big data (Getty Images) You are reading this article and, at the suddenly, the connection skips. You discover that it is a technical problem, report it to your operator, wait for maintenance. And in the meantime a call comes. It is a call center that offers you to change managers with an attractive offer. The disservice persists, why not? It almost seems that there is providence on the other side of the phone. It seems almost done on purpose. And, as emerges from an investigation by the Public Prosecutor's Office in Rome, in some cases it was done on purpose. An operation carried out by specialized investigators of the National Cybercrime Center for the protection of critical infrastructures (Cnaipic) of the Postal Police, called Open Data, with the collaboration of the compartments of Naples, Perugia, Ancona and Rome, has discovered a data traffic of telephone company customers.

Up to 1.2 million records have changed hands between unfaithful employees, who used their position to consult confidential archives, a group of intermediaries and a network of at least thirteen call centers, mostly in Campania, who used these packages to call customers at the right time and push them to enter into contracts with another company. Data bought at 3.4 cents per phone number against commissions for portability up to 400 euros per subscription.

thirteen people finished under house arrest, seven of the ordinances of the obligation of residence, the more six suspects in an operation that involved 120 men of the Post, engaged in searches, and local information. The objections in various ways by the prosecutors Maria Theresa Gerace and Edmondo De Gregorio are to illegal access to computer system , detention, abuse and disclosure of access codes . Also, for the first time in Italy after the entry into force of the european regulation on privacy , the Gdpr , is contested in article 167-bis, which affects those who spread in an unlawful manner and the personal data object of treatment on a large scale, and then stored in large archives such as those milked by the suspects.

a Strange account in the database

What emerges from the investigation, which started with a complaint of Tim (who has immediately proceeded with disciplinary action against the personnel involved, and you will be a civil party in the process), is a “ supply chain ”, reconstructs a Wired Ivano Gabrielli, head of Cnaipic, that part by the employees of the infidels, “ the miners who extracted the data ”, it goes from “ trade ” up “ to end-users, the call center ”. A system which provides for constant supplies in the thousands of records per month , with which to feed the marketing machine wild over the phone. For Tim, the facts “ represent a serious problem that causes significant damage not only to the group but to the entire telecommunications sector, altering the rules of free competition.

The former monopoly of the State has the responsibility for the maintenance of the national network . And, consequently, the management of the database in which shall be included reports of outages and requests. “ It's a great picture of the network situation, ” says Gabrielli, and can be accessed by the various operators. If I'm making a phone call, and the line jumps, in that the database gets the information. An argument is strong to push a customer to switch operator. “ In the jargon used by the suspects, one speaks of the discontented , a basin of potential users in portability ”, says Gabrielli.

So it is from the database of Tim that moves the first steps in the investigation, after a complaint the company filed a year ago to the Prosecutor of the Republic of Rome and the collaboration with the investigation, and also creating work orders the dummy to follow the flow of the data.

Between January and August 2019 the former monopoly of State discovers some anomalies in the access to the platform Tim Retail, where they are stored information of its customer contacts and complaints, fault reporting and service requests. Come from some account of a partner of the telephone company, in truth used all of by the employee himself unfaithful, which also connects to the night, and with a virtual private network . For the prosecutor's office, is part of the “ same criminal plan ”, which is “ aimed at the marketing of the pooled data ”.

The investigation brings to the surface the use of software created for milking in the automatic thousands of records from the database. An account that, on average, made 11 queries per day, between October 25 and November 7 passes macinarne about 3.770 in 24 hours. A surge that, combined with the high night-time activity, makes suspect the use of bots, as then emerges into an interception, in which one of the suspects said he commissioned an ad hoc software for 1,500 euro, then paid a third.

dispose of The data

To pass the data of the “disgruntled” to the intermediaries, who would then knocked at the door of the call center to sell lists of measures, the trick was to copy in the drafts in a mail box , which was open to the interested, without sending any message.

From the intercepted shows that the provision of data is not irregular, but regular, on a monthly basis . In one case, two of the suspects commenting on the amount of records sent: are 70 thousand per month , up to now we have been delivered 45mila. We must deal, but the buyer reassured: if I arrive more, you scale from the next month. At the end of January, part of a reminder: they were only supplied 64thousand phone numbers, there are six thousand to close the month. The provider reassures him: the time of ten minutes and he sends them ready.

The data are sorted like the pizzas at the restaurant. In a shut-off is reminiscent of an order of 20 thousand Fastweb residential and 20 thousand Tim . In another, we seek numbers Vodafone or Wind mobile business . The availability of credentials of the various operators enables miners to extract the numbers to the request, since each operator can see in the database only the situation of its subscribers. In an exchange of words, one of the suspects reassures her: they have the new password, “ we're going to place another 4/5 months ”.

money back guarantee?

of course, not always fishing gives the desired results. In a conversation will surface and that of the 70 thousand records provided, only 13 thousand are good for commercial calls. Other times, the call center complain of duplicates (1,200 to 1,500 in a case). Or data old : call to take advantage of the situation, but the customer didn't even remember him. It happened long ago and has already changed the operator. When the timing is perfect, however, the fruits you see: a call center tells you to be able to close contracts on 30% of the records received. In another 43 names become 5-6 contracts.

Everyone is trying to profit from the marketing data, that “ the more they pass from hand to hand, the more forgiveness value ”, recognizes Gabrielli. In an interception, one of the suspects calls for other numbers, although he has just received 55thousand. But these, he explains, he keeps them to himself, while looking for a batch for a client.

The network of call center concentrates for the most part in Campania, but in the wiretapping you mention also activities in Albania . And in addition to telephony, the business expanded to the field of energy . At the end of 2019 the suspects move to put the hands on the customers of Eni and Acea . There is a guy who knows a guy who has the list. Later on in the viewfinder end users Enel and Iberdrola (all the companies, phone and energy, are extraneous to the facts).

But how important are those numbers? Cents . Hundred thousand records are quantified 3 thousand euro. When the suspected reason of expanding the business of energy, one of them proposes to go back to telephone numbers, crossing the tax code, but the reply was that the game is not worth the candle: that data you can buy at 3 cents. Are resold at a higher price. In one case, a broker and a call center discuss the cost of the records: 4 euro per telephone number, or 40 euro per contract . In the end he wins the first offer. In other cases, it is the type of subscription that make the difference. The fibre , ça va sans dire , it's more expensive: if for a system normal data sell for 20 euro, for the fiber up to the house you have to shell out ten euro more.





Powered by Blogger.