Screenshots

READ THIS SERIES if you are a mobile user!

Teaser: 3xxxx short code and SMS scam
SMS Scam ( 1 ): Explain this, Maxis
SMS Scam ( 2 ): It's an organised white-collar crime
SMS Scam ( 3 ): Let the suffering fools speak
SMS Scam ( 4 ): The bad boys... Celcos? CPs? MCMC?
SMS Scam ( 5 ): The 'Copy & Paste' version of Maxis Preventive Gateway
SMS Scam ( 6 ): Let the suffering fools speak, sgain
SMS Scam ( 7 ): Transcript - Rosli Shukor's parting shot at MPG on May 14
SMS Scam ( 8 ): MPG API - Now you see (May 15), now you don't (May 16)!
SMS Scam ( 9 ): Explain these, please!
SMS Scam ( 10 ) Get the Celcos to go Dutch!
SMS Scam ( 11 ): How big is the gravy train for multi-passengers?
SMS Scam ( 12 ): Industry Survey: Majority wants 'Cowboy CPs' removed
SMS Scam ( 13 ): What's up, Doc?
SMS Scam ( 14 ): Civil Action: Report to Commercial Crime Division?

Can SMS Spoofing -- the changing of SMSC SCCP address in the SMS message -- be plugged if at all it can't be prevented totally?

Industry people Screenshots talked to said MCMC should first plug the leak -- that's the tiap-tiap bulan pun bocor on your phone bills -- while regulatory prowess, by changing flawed laws, can kick in later.

They said there are ready solutions in the market that can get the problem fixed technically.

If the industry experts' views are anything to go by, then I don't see the wisdom of getting "a thief to man the guardhouse' -- an analogy by the retired Rosli Shukor -- or getting non-neutral party to maintain an unproven Preventive System on the Celcos' behalf and make it a revenue-generating scheme.

Why don't they -- meaning the Celcos Maxis, Celcom and DiGi -- go Dutch? Some of the industry people told me.

They were referring to a generic SMS Firewall produced by a Netherlands-based company called mBalance, which has a regional office in Singapore.

The scheme of thoughts is that we must recognise that most of the SMS scams are done by SMS Spoofing, which exploits the flaws in the Celcos' SMSC which fails to differentiate between legitimate SMS service requests and fake MOs.

This critical flaw allows scammers to exploit the abundance of international roaming gateways to pump fake MOs, using SS7 connections and IP message originators from overseas with the sole aim to skim, skin and scam unassuming, ever-trusting mobile users like you and I.

The Dutch solution from mBalance, dubbed TestPass™ SMS Firewall, is basically to plug this glaring loophole.

SOURCE: M-Balance product brochure

I have no idea how effective this Dutch Solution can be though it is said to be anchored on a rule-based routing and filtering engine.

Interestingly, should our Telcos implement the Dutch solution, this goes to show their present network security has potholes all along -- they must roll back their SMSC binary logs and refund those who were scammed all these years. This is blood money they mustn't keep in a civilisational country like Malaysia.

And if any preventive solutions were to be employed, the Celcos must be made to go Dutch by paying their own installation bills. Spare the Content Providers, don't ever get them to pay for what should rightly be the responsibility of the network owners. Or the content industry, who are paid pittance compared to their counterparts in Japan and Korea, gets strangled and ultimately, killed.

Any preventive system should be the indigenous, embedded component of a Celco's network security system from Day One. Period.

More importantly, an impoverished subscription-based content developer industry and a laggard enforcement will motivate them to fraud and cheat. We have seen that in our system once too many already.

Fix it, Mr MCMC!

Today, we have come to the 10th instalment of this ever-enlarging SMS Scam exposé series. We will reserve a dedicated entry on Mr MCMC when we wrap this up. But for now, we want to remind him a few things that he should do, without further delay, in order not to kill the digital content industry but to make Malaysia a regional content development hub.

First of all, the job of the Chairman of industry regulator MCMC is to regulate. In this SMS Scam issue is to fix the f88king root of the f88king problem. And the f88king problem here is the lack of rule of law that allows rogue content providers (CPs), with the approval of the Celcos, to rip off the unassuming mobile users who place trust in the MCMC licensees.

The scandal has been going on for several years, and millions of ringgit had been ripped off the consumers.

Mr MCMC, if you guys can change the rule to fix the 600 Premium Voice Call scandals, and all ALL content providers -- rogue and good -- out of business just several years ago, don't tell us you are clueless and hapless on this SMS Scam.

So, go fix that f88king SMS Scam problem Doc. No if, no but.

And here are the reasons why.

ONE: SMS Spoofing and Short Code Masking are the major loopholes in the Celcos' network security systems. Used intentionally, they fooled the Celcos' SMSC are fundamentally due to International Roaming Gateways that use SS7 connections to fake MOs, and the Celcos duly bill them as legitimate customer requests, though the scammed consumers don't solicit for them. The Celcos and the rogue CPs split the revenue which is non-halal by our adopted civilisational standards.

There are as many technical flaws as there are moral ones!

TWO: Bona fide and law-abiding CPs are very unhappy. I have spoken at length to the pro-tem chairman of the multimedia content providers community, who heads the Malaysian operation of a Spain-based conglomerate. The general feelings of his association members and the international investors are that Malaysia is a hostile country for foreign investors in digital content development. Rogue operators are allowed to rampage the industry without due restraint.

If the problem does not get fixed, some of them -- foreign and local entities -- may soon pull out from Malaysia and let the rogues rule the day.

THREE: The mobile consumers, who were scammed, are very unhappy. Post-paid mobile consumers who detected the fraud in their bills and complained to the Celcos are not treated fairly. They may get refund -- only for the ones detected -- but they were not told why rogues had rules the Celcos' networks and billing systems. They who place trust o-unto the MCMC's licensees were never given the guarantee that such things won;t recur.

Prepaid users are the worse off. Except DiGi prepaid users who register with online bill service, which is free, subscribers of Maxis and Celcom are left entire at the mercy of the Celcos and the rogue CPs who scammed them, because Malaysia Top 1 and Top 2 Celcos don't provide itemised billings for their prepaid users.

You may ask, if the Small Boy DiGi can provides its prepaid users itemised billing, why can't the two taiko? Good question. But to date, MCMC did not see the urgency of getting it answered.

FOUR: MCMC is inconsistent in law enforcement. Several years ago, MCMC had used the sledgehammer tactics to weed out rogue operators of the 600-series Premium Voice Call Service, a precursor to the SMS era, that thrived on the same modus operandi to cheat unassuming consumers. When the law came down, ALL 600-series operators -- good and bad -- are wiped out of business and no mercy were shown whether they were good or bad players. Why the double standards now, Doc?

There is honour among thieves. But is the so-called Guideline for Subscription Services, agreed by all Celcos and their external CPs, really working? Rosli Shukor said no. MCMC isn't sure and, under Halim Shafie, the industry regulator wobbles between Guideline, FIR and the Ministerial Declaration and becomes dysfunction till this day!

FIVE: What preventive system? KTAK Timbalan KSU1 Rosli Shukor, retired, said you simply can't get a thief, proven thief, to man the guardhouse. He said you need to get someone neutral to implement the preventive system, if any.

But CPs we talked to feared the preventive system. They feared not because they will be subjected to more stringent control procedures. They feared ( 1 ) because their customers' database may fall into the wrong hands if the Celcos dictate that they must go through a database clearing house maintained by non-neutral party/parties ; ( 2 ) because the Celcos may turn the Preventive System into a revenue-generating a business concern and squeeze their profit margins even further; ( 3 ) because they may be forced to pay for the implementation and maintenance of a preventive system whose performance and resilience has yet to be proven!

We can go on and on, but Mr MCMC has to fix that f*cking problem all at once and allow bona fide CPs to carry on with their business within the confines of the law..

That's the TIAP-TIAP BULAN pun BOCOR for the multimedia industry

The first f88king thing Mr MCMC should do is to plug the leak, and uphold industry integrity and morality.

Meanwhile, everyone waits till Kingdom cometh.