SMS Scam ( 8 ): MPG API - Now you see (May 15), now you don't (May 16)!
READ THIS SERIES if you are a mobile user!
Teaser: 3xxxx short code and SMS scam
SMS Scam ( 1 ): Explain this, Maxis
SMS Scam ( 2 ): It's an organised white-collar crime
SMS Scam ( 3 ): Let the suffering fools speak
SMS Scam ( 4 ): The bad boys... Celcos? CPs? MCMC?
SMS Scam ( 5 ): The 'Copy & Paste' version of Maxis Preventive Gateway
SMS Scam ( 6 ): Let the suffering fools speak, sgain
SMS Scam ( 7 ): Transcript - Rosli Shukor's parting shot at MPG on May 14
SMS Scam ( 8 ): MPG API - Now you see (May 15), now you don't (May 16)!
SMS Scam ( 9 ): How big is the gravy train for multi-passengers?
SMS Scam ( 10 ): Industry Survey: Majority wants 'Cowboy CPs' removed
SMS Scam ( 11 ): What's up, Doc?
SMS Scam ( 12 ): Civil Action: Report to Commercial Crime Division?
In SMS Scam ( 7 ), we exposed that at a scheduled meeting among the Ministry of Energy, Water and Communications (KTAK), MCMC, the Celcos and the CP players held on May 14, KTAK Deputy Secretary-General I, Rosli Abdul Shukor, seized the opportunity to 'advise' Celcos to uphold the 'integrity and morality' of the industry.
He implied that 'thieves shouldn't be trusted to man the security guardhouse', apparently referring to an attempt among the three Celcos to outsource the running of the so-called SMS fraud preventive system to a known, punished rogue CP.
Interestingly, Rosli had named names -- using first-hand source from MCMC.
What really was this Preventive System that Rosli DIDN'T speak in praise of?
Sources pooled together by Screenshots indicate that there are three documents involved, namely:
- Maxis Preventive Gateway (MPG) Technical Interface Specifications Version 1.0 (Dated May 14, 2007)
- Maxis Preventive Gateway (MPG) Service and Subscriber Details File Upload Version 1.0 (Dated May 14, 2007)
- MacroKiosk (MK) Reverse Billing API Documentation Version MY1.2 (June 2006).
These two documents were uploaded circa 22:00hr on May 14, and taken down circa 11:30hr on May 15
There were interesting spots of similarities among the three documents though they come different sources.
1 ) The 'Ringtone Message - CP to MPG' section in Page 12 of the MPG-Technical Interface Specification document, and Page 8 of the MacroKiosk document are verbatim.
Page 12, MPG-Technical Interface
Page 8, MacroKiosk Reverse Billing API Documentation
2 ) The 'Logo Message - CP to MPG: Operator Logo' section in Page 13 of the MPG-Technical Interface Specification document, and Page 7 of the MacroKiosk document are largely similar. Clue: You have to wonder why Maxis is giving a format example using DiGi's identifiers! Refer to the green text 05F261 on both specs.
Page 13, MPG-Technical Interface
Page 7, MacroKiosk Reverse Billing API Documentation
Isn't it because that's the Celco had copied-and-pasted the example used in the CP's specs?
3 ) Pages 6 and 10 of the MPG-Service and Subscriber Details File Upload document has the heading "Following are the parameters required to upload service details to MK system"
Page 6, MPG Service and Subscriber Details File Upload
Page 10, MPG Service and Subscriber Details File Upload
According to a team of Little Birds who helped Screenshots monitor Maxis portal for its external content providers, the celco has since consolidated the two documents and erased traces of "copy-and-past" craftsmanship, and replaced them with a single document, titled: Maxis Preventive Gateway (MPG) Technical Interface Specifications Version 1.1 (Dated May 21, 2007). It was uploaded early this morning.
Cosmetic makeover is still evident as the portion using "DiGi" as the example for 'Logo Message - CP to MPG: Operator Logo' has been removed.
Similarly, the sections which earlier referred MPG to "MK system" had also been erased.
Interestingly, the example for 'Ringtone Message - CP to MPG' section remains the same, whereas the colour scheme of the text remains as those used in the document that defined MK's specs.
Screenshots will upload the new document at the appropriate time after my overseas experts have reviewed it thoroughly.
Be that as it may, is this the indication that the three Celcos are dead-set to outsource the Preventive System despite reservations from the CP fraternity? Or that the Ministerial Declaration that KTAK is drafting to weed out the "thieves" in the industry will fizzle out, Mr MCMC?
Stay tuned!
BACKGROUNDER
For the record, MCMC informed Celco's, as early as in January 2007, to implement an automated Preventive System, failing which all Subscription Services will be suspended till the system is in place or by April 1, whichever comes first.
Content Providers Screenshots talked to confirmed that the Celco's did not inform the CPs of this instruction until March 14.
Subsequently, the CPs got together to appeal their predicament and managed to get MCMC to postpone the suspension of Subscription Services based on the following:
1. The CPs were in the dark on the merits/mechanics of such a Preventive System while were told that they have to pay for its installation, operation and maintenance costs;
2. That the suspension of Subscription Service will impact all forms of services -- including but not limited to financial alerts, news alerts -- which cannot function unless they are on the Subscription model.
This will throw 95% of the CPs' business models down the drain.
3. With just 2 weeks notice given by the Celcos, the impact will have the CPs penalised primarily for the lack of implementation lead time for the Preventive System, which was essentially planned without their involvement right from the start;
The long and short of it, the targetted timeline for the implementation of the Preventive System by March 31 was overshot, triggering the targetted date to stop all Subscription Service from April 1 to be abandoned, purportedly with the consent of the current chairman, Dr Halim Shafie.
The CP fraternity called that Halim's April Fool joke.
At about the same time, rumours floated around the industry that Maxis was putting together a proposed Preventive System, which became the Maxis Preventive Gateway (MPG) on May 14.
MPG_TIS_385v.jpg MPG_Svc-Subs-Detail_385v.jpg
SOURCES: Maxis online portal
However, what shook the CP industry, and the Ministry of Energy, Water and Communications (KTAK), was that the MPG was likely to be outsourced to one of the CPs that MCMC has listed as repeatedly non-compliant.
Comments
CP industry is shocked (of course NOT all the CPs ) of the preventive system being outsourced to one of the CP with such reputation. If CPs are the one who pay the cost of it shouldn't CPs the one who choose the solution provider or a open tender?
Software solution industry is shocked as well when one of their project is being hijacked. (Bad luck , Valuelabs, maybe not this time.)
Posted by: coolzero![[TypeKey Profile Page]](http://www.jeffooi.com/nav-commenters.gif)
|
May 22, 2007 04:28 PM
The so called preventive system are plain BULL SHIT.
Let me give an example.
Imagine a merchant charge your credit card without your consent. So what will bank do?
A. Pay the merchant and charge the customer even the customer file their complain
B. Take it as fraud and freeze the payment
C. Ask the merchant to build an "preventive system", but still charge the customer.
So, did you see the logic here. If you say WTF, then ask yourself about the logic of "build preventive system".
It is FRAUD in the first place. And yet, we don't see the justice is done on those CP!! As long as this merchant SMS and charge the client without their consent, and there IS NO RECORD showing the customer MAKE the request, this CP should be BANNED!!!
Why Bolehland administrative failed to understand such simple logic. There is so called "professor", latuk, Dan Sri
in the body, don't tell me they NEVER learn logic.
Posted by: moo_t![[TypeKey Profile Page]](http://www.jeffooi.com/nav-commenters.gif)
|
May 22, 2007 09:01 PM
You think you are safe once you reported these cowboys to your telco, you think all is well once your telco "blocked" their short-code no.... well guess again!!
Received a message from 39898 today. It reads: "Sorry, you have opted to block SMS to this shortcode from your number". I think this is the masking technique you mentioned earlier. And i'm now $2 poorer..
I took a photo of the SMS but i don't know how to post it here.
Posted by: hokc77![[TypeKey Profile Page]](http://www.jeffooi.com/nav-commenters.gif)
|
May 22, 2007 09:29 PM
@moo_t
Actually, if you are a victim of MO spoofing, there is a record that you have requested for the service. Basically, someone spoofed your mobile number and requested for a particular service.
Unlike credit cards, there are no paper trails to prove otherwise.
Posted by: nicklwc![[TypeKey Profile Page]](http://www.jeffooi.com/nav-commenters.gif)
|
May 22, 2007 10:33 PM
all these scam have created millionares! These scammers are even awarded Ernst & Young Entrepreneur Of the Year ! search macrokiosk in google and i found this friendster profile. http://www.friendster.com/henrygoh . looks like I am too late to found out about this industry!
Posted by: sapientm![[TypeKey Profile Page]](http://www.jeffooi.com/nav-commenters.gif)
|
May 23, 2007 12:09 AM
Since MO spoofing is possible and there is no way of knowing if the request is really a spoof or real, then users can take this great opportunity to enjoy whatever service available and later call them to claim he never requested the service to waive the fees, right? It's a two way loop-hole. The daylight robbers who took advantage of you, you can as well take advantage of them.
Posted by: freewave![[TypeKey Profile Page]](http://www.jeffooi.com/nav-commenters.gif)
|
May 23, 2007 06:00 AM
Jeff, after almost a week of almost calling all our three mobile phone operators thievews, crooks, robbers, scammers, spammers and what not, there has been just this deafening silence. No reply to anything you have accused them of. The mainstream media has not reported it. No one has reported any crime to the police either. MCMC has been absolutely silent.
Now going by precedent, one other time when such things were written about "authority", one Irene Fernandez was charged and found guilty as well as sentenced to prison for false reporting. Never mind her appeal has been suspended until at least after she dies so that on her death bed the last that can be written about her is that she stands having been found guilty for false reporting.
I think I have told you often enough...if these things that you say don't get reported by the mainstream newspapers, then they NEVER HAPPENED. That simply means all that you are doing is false reporting!!! I am a faithful BN supporting citizen you see! so we have the final word!
Posted by: Observer![[TypeKey Profile Page]](http://www.jeffooi.com/nav-commenters.gif)
|
May 23, 2007 09:03 AM
nicklwc,
I wonder how those CP "inject" the request to the Telco site.
Do you mean CP are able to mask our "suppose to be secured" mobile called? Isn't it the SIM card are the only way to make our call UNIQUE? Isn't SMS going through the same process? Please let me how the CP are able to spoof our scrambled mobile code and "FOOLS" the telco.
Posted by: moo_t![[TypeKey Profile Page]](http://www.jeffooi.com/nav-commenters.gif)
|
May 23, 2007 11:47 AM