QUOTE OF THE WEEK

I honestly think it is better to be a failure at something you love than to be a success at something you hate.

George Burns
FIGURE OF THE WEEK
13

13 Russian citizens have been criminally charged in the United States for conspiring to “sow discord in the U.S. political system,” including the 2016 presidential election.

Research Dossier → "REFILING" AS ISSUE OF MODERN CYBERSECURITY

12 Dec 2017 15:30

Formulation of the problem. Modern technologies have become integrated to our lives as something natural and inalienable, we cannot imagine the modern life without Internet network and using digital technologies the main place among which has taken by mobile phone. The Internet has become the main source of information for us, communication, buying goods and services, and even for individuals it become a part of theirs lifestyle. The UN General Assembly adopted a resolution of 16 May 2011 which recognizes the access to the Internet as one of the basic human rights [14]. This resolution proclaimed that all people should have access to the Internet for realize theirs information needs, for realize their right of freedom of expression and other fundamental human rights. One of the reasons people convert to VoIP is because it’s less expensive than landlines.

The main devise which people usually use for accesses to the Internet is – Smartphone, this useful devise we can take with us anywhere. In the world ranking of states on the number of smartphone use among the population, Ukraine gets only 38th place, only 23.5% of mobile phones of Ukrainians are smartphones, for example in Japan this figure is 50.1% of all mobile phones of the country's population [15].

Despite of wide population of smartphones and internet calls in our lives is still the place for communication with using of "classic" phone calls.

According to Ukraine legislation, phone calls as any telecommunication services must be providing by the operators of communication which take payment for their service in accordance with the Resolution of the Cabinet of Ministers of Ukraine of 11 April 2012 No. 295 "About Approval of the Rules for Provision and Receipt of Telecommunication Services ".

At the same time, everyone who wants to become an operator himself and provide communication services himself, must register and obtain a corresponding license in accordance with the Law of Ukraine "About licensing types of Economic activity" and the Law of Ukraine " About Telecommunications " [8].

When domestic mobile operator receive a call from abroad to the one of the number in his network, he also receive payment from his foreign counterparts for each such call. At the same time during we are making an international call, voice traffic, before entering to the network of domestic operator goes through complex channels of telecommunication networks. Thus, having installed the appropriate equipment and having taken the place of the operator someone can get a profit by earning on difference in the cost of calls within the country and calls abroad, such actions are called "refilling"(illegal VoIP), the essence of which is to substitute voice traffic in order to bypass official international centers switching and establishing connection between costumers according to the following schemes: Internet - telephone or telephone - Internet - telephone.

The urgency of necessary to provide a special research is determined by the fact that in recent years in Ukraine appears the tendency towards an increase in Ukraine the number of registered cases of refailing, the counteraction to which today has been identified as one of the main tasks of the cyberpolice [1]. After analyzing of different theoretical and practical sources we found that at the theoretical level criminal responsibility for cyber crimes was described by D. Azarov, V. Butuzov, M. Karchevsky, S. Orlov, M. Plugatyr, N. Savinova, but "refailing" has not described by the Ukrainians law scientists yet. Actually describe the term of refaling is the main purpose of this article.

Basic content. The term "refilling" is using for indicate the process of substituting international voice traffic to local by using technology of IP-telephony. (VoIP technology - Voice over IP). This process takes place by converting the audio signals into digital them compressing and transferring over the Internet to abroad, then converting back into the sound and transferring to the local mobile network.

Refilers (the persons who is engaged into refaling) typically have professional knowledge and skills in sphere of telephony and telecommunications, they is using special communication equipment which including GSM gateways that contain sets of corresponding SIM cards which is transferring calls to the network of domestic operator where are paid as a call within the network with the subsequent payment for "home" tariffs.

On external feature of refilling is the typical situation when one mobile network subscriber cannot see the number of incoming call, or can not call back or send a text message to the number from which received the call. It should be noted that refiling can be providing by individual attackers or by representatives of various commercial companies specializing in the provision of telecommunication services.

There is a possibility that refiling may be committed even by competing mobile operators. According to different sources we can talk about the existence of a large number of illegal telecommunication firms in Ukraine which may account for about 20 % of all revenues that would have been obtained by mobile operators for international calls. In particular, in 2016 more than 12,000 cases of "refilling" were registered only about biggest Ukrainian telecom operator  "Ukrtelecom" [3].

The difference between refilling and using legitimate Internet calling programs (for example Skype, Viber, What's Up) consist in process of realization a call making a call through such programs it must be installed on both subscribers it means at the two ends of the line, or when subscribers are calling from programs such as "Skype" to landline or mobile phone number based on "+380" subscriber who make out coming call must pay the company to the owner of the "Skype" for such call while "Skype" pays a portion of the cost paid by the subscriber a service provider to the subscriber who received the call. The scheme "world-Ukraine" is more popular among refalers because it is more profitable, but also there are schemes when calls are made from the territory of Ukraine abroad, or schemes in which the territory of Ukraine acts as a transit of international traffic in the refinishing scheme.

However, in some countries even the popular computer-to-computer VoIP service like Skype is illegal. In almost 32 countries you will not be able to make a call with using What's Up, Viber or Skype, this type of call is illegal in: China, Brazil, Cuba, United Arab Emirates, Qatar, Singapore, Oman, Syria, Kuwait, Morocco, it is not the whole list. In many of these countries, telecom companies are state-owned, this is also one of the reasons these foreign governments restrict usage. Some countries especially in the Middle East fear the internet gives citizens access to websites that is blocked that’s why they institute strict censorship laws and internet restrictions.

When we are talking about illegal VoIP in Ukraine we mean the complex of special equipment which allows realizing illegal interference to networks of mobile operators.

In addition, it can be predicted that in the near future refiling can gradually lose its relevance due to the growing popularity of voice services such as Viber, Skype, Telegram, What's UP, etc.

The more people in the world will be able to buy modern smartphones (communicators) and use programs which allow making free calls over a Wi-Fi network or mobile internet paying only for Internet traffic so the smaller will be the revenues of individuals who carry out refilling. However, there are still a lot of people who are constantly turning to refiners. There are many reasons for this, including the high cost of touch screen devices, the unwillingness to learn new technologies (including through the age), instability of the signal of wireless networks, the policy of identification of clients of various services, etc.

Today, there is a fairly common refill scheme in combination with one such messenger and voice service as Viber. This type of illegal VoIP is carried out according to the scheme GSM to Viber (phone - Internet) For example, a subscriber from country A calls the subscriber to country B who uses smartphone and in addition to the usual SIM-card has installed Viber program while subscriber A does not have this program. When a call is passing by the switching centers, refilers intercept it, and send by IP to Viber, so the subscriber country B accepts an incoming call not to the SIM-card number, but to the program Viber. In this scheme, the country A subscriber pays for the operator the cost of an international call, but the operator of country B does not receive its payment for this call because it receives refilers who have redirected the call. This scheme is simpler for implement because requires less equipment, after transcoding the analogue signal from the GSM network to digital and transferring it to the Internet it is not necessary to transcode it back, and output it to the GSM network in reverse order [3].

From the legal point of view a person who makes connections of mobile network subscribers according to Ukrainian legislations should get a license, and be entered in the register of operators and telecommunication providers, which is conducted by the National Commission which provide statement regulation in the field of communication and information (NCCR) in accordance with law of Ukraine "About telecommunications" and "About radio frequency resource of Ukraine" [3].

In addition, by the Decision of the NCCR of 29 November 2012 No. 624"On approval of the Basic Requirements to the Agreement on the Provision of Telecommunication Services and Recognition as Expired, the decision of the NCCR of March 26, 2009 No. 1420" [10] defines the relevant requirements that are mandatory for use by operators, telecommunication providers and consumers of telecommunications services when entering into agreements on the provision of telecommunication services, making alterations and additions to them.

Thus, unlicensed activities, or activities in violation of existing relevant licenses and contracts, are considered illegal and for its making comes criminal, civil and administrative liability.

Today, the term "refilling" is strictly determined by the Resolution of the Cabinet of Ministers of Ukraine of 20 September 2017 No. 703 "On Amendments to the Rules for the Provision and Receipt of Telecommunication Services" according with it "Refiling - is the change of the type of traffic in order to maximize profits due to its routing by another calculated tax;" [6]

Also, by this Resolution refiling was determined as some of the ways of unauthorized interference to work of telecommunication networks which led to leakage, loss, forgery, blocking, distortion or destruction of information, receiving services free of charge or at rates lower than those established.

Thus, we can note that the consequences of the rafaling defined in art. 361 of the Criminal Code of Ukraine as unauthorized interference with the operation of telecommunication networks that led to leakage, loss, forgery, blocking, distortion or destruction of information.

Rafaling in Ukraine during last years become widely deployed, and today create the whole industry. Typical is example from practice: according to the decision of Zarichny District Court of Sumy (Case No 591/5282/17) person "N" after studying different information resources on the Internet learned about the possibility of earning money by making calls to telephone networks from the computer, with changing of the order of routing incoming international voice telephony traffic. And then this person decided to organize the specified activity for the purpose of own enrichment [12].

For the purpose of conspiracy, this person placed equipment which was necessary for the illegal activity related to changing the routing procedure for incoming international voice telephony traffic: seven  SIM - cart banks and 2 GSM gateways in three different premises in Sumy city.

Subsequently, in December 2016, the aforementioned person «N» searched the accomplices whom explained the procedure for receiving unlawful profits and the system of measures of conspiracy, and creates a criminal group. Implementing theirs intent in violation of the requirements of p.4.1.1.3.3 of the Law of Ukraine "On Telecommunications", paragraph 5 of Part 36 of the "Rules for the Provision and Receipt of Telecommunication Services", not being an operator of telecommunications, from the beginning of January 2017 to the end of February they had been using a complex of telecommunication equipment. These persons became participants in the technological process for the provision of international telephone services and were able to organize and complete incoming international telephone calls, we cam say that  formally this illegal group become a  operator of mobile network.

In order to comply with the measures of conspiracy, Person N deliberately using special computer programs has constantly changed the IMEI codes of GSM gateways, which are intended to identify the equipment on the network, through which the connection of subscribers was made, which allowed to remain unnoticed for a long time in the process of distortion distortion of the process processing of information in the telecommunication network of PJSC "MTS Ukraine" from January 2017 until conducting searches by the police and removal of their equipment on 24 February 2017.

Similar situations are quite common in Ukraine nowadays. In the Internet there are many companies that provide services for the sale of configuration and maintenance of equipment and software which is intend for refilling. For example the company "GoAntiFraud" provides hardware installation services, and consulting services for customizing and servicing refailing equipment for a subscription fee of $ 400 per month. At the same time, the package of services also provides the ability to record calls [11], this action in fact lead to the leakage of information – the consequences of the stipulated articles: 361 of the Criminal Code of Ukraine, and 31 of the Constitution of Ukraine, as a violation of the secret of telephone conversations [2].

On the objective side, refilling in the context of art.361 of the Criminal Code of Ukraine is an action aimed at unauthorized interference to the operation of computer networks or telecommunication networks that lead to leakage, loss, distortion and tampering blocking information or violation of the established order of its routing. There must be a direct causal connection between refilling as actions and such consequences. Therefore, the composition of crime determined by art.361 Criminal Code of Ukraine which establishes criminal responsibility for refaling is material [4].

The method of realizations this crime consist of building own automatic station telephone exchange. Mostly in Ukraine these systems are aimed at decoding and extracting received illegal VoIP calls from abroad from the Internet. First things which person, who decided to provide illegal VoIP business, need to do – is to find an illegal Internet canal which will relay incoming voice traffic. It is very simple to do on one of such internet forums like http://voipforums.com [13]. After getting a virtual VoIP gateway - a kind of Internet data channel on which calls will be received from abroad for their further decoding and output to the national network, also is need to install and configure the appropriate software this person own computers, connect them to the Internet, connect 3G modems and install SIM – banks in which there are a large number of SIM-cards, which allows to make multiple connections at the same time, mare SIM-cards – more calls and greater profit.

In this case, the software installed requires not only to set the reception and output of the signal from the SIM-cards to the appropriate Internet channel, it must still simulate the actions of the life person as it would be with the use of SIM-cards in the real mobile phone. Refilers recommend to make no more than 20 calls a day from one SIM-card also not more than 10 calls from one place, because long-term subscriber's stay at one point with the implementation of a large number of only outgoing calls will lead to suspicion of mobile operator and detecting by the systems of monitoring the activity of subscribers who aimed at detecting cases of refiling [11].

For simulate movement of mobile phone real’s human movement, refilers installing several GSM-gateways which transmit the signal to each other creating an illusion of moving the subscriber.

The subject of unauthorized interference to the operation of telecommunication networks crime determined by art. 361 Criminal code of Ukraine committed by way of refilling - is a mentally healthy person who has reached the age of sixteen.

The analysis of law enforcement practice shows that a typical refiller (the person who is engaged into refilling) has the purpose of personal enrichment by illegal way. This person hasn’t appropriate license for provide activity as telecommunication operator issued by National Commission for Regulation of Communications, without the right to maintenance and operation of telecommunication networks. By this actions they violate of the requirements of the Law of Ukraine "On Telecommunications"[9] , the Rules for Provision and Receipt of Telecommunication Services [5], the Procedure for Routing the traffic in the public telecommunications network of Ukraine, the Regulation of activities of long-distance and international telecommunications operators [7].

The subjective part of the analyzed crime is characterized by guilt in the form of direct intent. When courts are qualifying refaling as socially dangerous act, they often draw attention to greedy motives, but it does not affect the qualification of the crime, because it is not stipulated in the norm of the law as qualifying. Qualified offenses of unauthorized interference to the work of telecommunication networks are the same actions which:

1) Committed repeatedly;

2) Committed by a previous conspiracy by a group of persons or;

3) If they caused significant damage.

As we can see the greedy motives does not belong to qualified offenses of the art.361 Criminal code of Ukraine.

About qualification refaling as a crime in other countries we can see that it is also widely spread not only in Ukraine, for example in Russia refaling is fairly common and such illegal actions in Russia qualified as illegal business activity focusing not on interference in the operation of computer networks and telecommunication networks, but on activities carried out without a corresponding license.

In our opinion, this approach is incorrect, because in Criminal code of Russian Federation  exist analog of art.361 Criminal code of Ukraine – art.272 "Unauthorized access to computer information" which contain in part 2 such aggravating circumstances as an offense of greedy motives. Probably the ambiguity of qualification is due to the lack in art. 272 of the Criminal Code of the Russian Federation direct reference to the kind of consequences as a distortion of the information processing process.

A good example is art.213 "Unlawful change of the identification code of the cellular communication device, subscriber identification device, also creation, use and distribution of programs for changing the identification code of the subscriber device" Criminal Code of Kazakhstan which establish a criminal responsibility for changing the identification number of the subscriber's mobile device or creation of a duplicate of SIM-card, if these acts were committed without his knowledge of the legal owner.

By our opinion such legal experience is positive and can be useful during creation of new legal norms for improvement of the current Criminal Code of Ukraine.

Conclusions. Today due to the increasing number of registered cases of refilling, law enforcement officers must clearly understand the essence of the mechanism for committing these actions and respond in a timely manner to them. In our opinion, it is necessary to develop appropriate guidance for police officers.

By our opinion will be also positive to supplement the article 361 Criminal code of Ukraine by the norm which will establish special criminal responsibility for illegal with greedy motives.

The situation with refaling will can be changed after adoption the Bill "On Amendments to the Laws of Ukraine" On Telecommunications" and " On the Radio Frequency Resource of Ukraine "on the identification of subscribers of mobile communication and introduction of registration of the final equipment according to the international identifier" which developed by the State service of special communication. This Bill after adoption will obligate any person to register theirs SIM-cards, what will complicate the use of a large number of SIM-cards for the purpose of refill. In general, worldwide registration of SIM-cards with passports has been introduced in almost 100 countries, among which Norway, Germany, Poland, Russia, Belarus, Brazil, South Korea, India, Thailand, and almost all of Africa. In Russian Federation from 2005 all phone numbers (SIM-cards) are selling with obligate registration by passports, but it is not help to finish with refaling. This legal norm also exist for a long time in Belarus but like in Russian Federation it doesn’t normally work and create a big "black market" of SIM-cards, in some groups in social networks you can buy unregistered SIM-cards even wholesale. For Ukraine such law could become a partial solution of refaling problem.

References:

1.    Аваков Арсен. Кіберполіція (крок реформі) : 11 жовтня 2015 року / Арсен Аваков [Електронний ресурс]. – Режим доступу до статті :

      http://blogs.pravda.com.ua/authors/avakov/561a92c183c27/

2.    Конституція України / Офіційний вісник України від 01.10.2010 — 2010 р., / № 72/1 Спеціальний випуск /, стор. 15, стаття 2598

3.    Мобільні шахраї: як обкрадають стільникових операторів [електронний ресурс] режим доступу: http://forbes.net.ua/ua/business/1427285-mobilni-shahrayi-yak-obkradayut-stilnikovih-operatoriv

4.    Науково-практичний коментар Кримінального кодексу України / Д. С. Азаров, В. К. Грищук, А. В. Савченко [та ін.] ; за заг. ред. О. М. Джужі, А. В. Савченка, В. В. Чернєя. – К. : Юрінком Інтер, 2017. – С. 831.

5.    Про затвердження Правил надання та отримання телекомунікаційних послуг : Постанова Кабінету Міністрів України від 11 квітня 2012 року № 295 [Електронний ресурс]. – Режим доступу до постанови :

           http://zakon2.rada.gov.ua/laws/show/295-2012-%D0%BF

6.    Постанова Кабінету Міністрів України від 20 вересня 2017 р. № 703 «Про внесення змін до Правил надання та отримання телекомунікаційних послуг» // Урядовий кур'єр від 23.09.2017 — № 179

7.    Про затвердження Порядку маршрутизації трафіка в телекомунікаційній мережі загального користування України : Рішення Національної комісії, що здійснює державне регулювання у сфері зв'язку та інформатизації, від 5 липня 2012 року № 324  [Електронний ресурс]. – Режим доступу до рішення :

           http://zakon2.rada.gov.ua/laws/show/z1252-12

8.    Про радіочастотний ресурс України : Закон України від 1 червня 2000 року № 1770-IІІ [Електронний ресурс]. – Режим доступу до закону :

               http://zakon2.rada.gov.ua/laws/show/1770-14

9.    Про телекомунікації : Закон України від 18 листопада 2003 року № 1280-IV [Електронний ресурс]. – Режим доступу до закону :

              http://zakon5.rada.gov.ua/laws/show/1280-15

10.Про затвердження Основних вимог до договору про надання телекомунікаційних послуг та визнання таким, що втратило чинність, рішення НКРЗ від 26.03.2009 № 1420 :  Рішення Національної комісії, що здійснює державне регулювання у сфері зв'язку та інформатизації, від 29 листопада 2012 року № 624  [Електронний ресурс]. – Режим доступу до рішення :

   http://zakon3.rada.gov.ua/laws/show/z2150-12

11.Руководство пользователя по работе с сервисом goantifraud Електронний ресурс]. – Режим доступу до рішення :

           https://goantifraud.com/files/manualRu.pdf

12.Справа № No 591/5282/17 // Архів Зарічного окружного суду м. Суми

13.Форум VoIP  Електронний ресурс]. – Режим доступу :

          https://www.voipinfo.ru/forum/viewtopic.php?p=41872

14.Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue / General Assembly UN / 16 May 2011 – p. 14

15.Top 50 Countries by Smartphone Users and Penetration / Newzoo /  https://newzoo.com/insights/rankings/top-50-countries-by-smartphone-penetration-and-users/