Objectives History Lesson Overview of Cox Communications Threats Theft of Service.

Cox Loss Prevention and Revenue ProtectionCox Loss Prevention and Revenue Protection

Presentation to:Presentation to:

2012 IURPA / SCRPA / SURPA Conference

Tom BrandonTom Brandon

CPP, CUSACPP, CUSASecurity and Risk Manager, Cox Communications CaliforniaSecurity and Risk Manager, Cox Communications California

Mark MatteoMark MatteoSecurity and Investigations Manager, Cox Communications North East Security and Investigations Manager, Cox Communications North East RegionRegion

June 14, 2012 New Orleans, LAJune 14, 2012 New Orleans, LA

ObjectivesHistory LessonOverview of Cox Communications

ThreatsTheft of Service

ObjectivesBest practicesYour crooks could be our crooks

Networking and resourcesShared Challenges

Cox CommunicationsCox Communications

Cox Enterprises—Atlanta GeorgiaPublishing, News Services,

Mannheim Auto AuctionsAtlanta Journal-Constitution,

AutoTraderCCI California—Mission Cable TV

Local EntrepreneursSan Diego Geography & Topography

Today…

Cox Communications CaliforniaNow 6 systems in US

1.6 Million revenue generating unitsHigh Speed Internet 55mbps/5mbps523 HD choices2008/2009 Best Place to Work

More about the Company…1962—12 channels1970s Orwellian Fears:Late 70s:

DeregulationExpansionTechnology explosion

90s: High Speed InternetTelephoneDigital Video—High Def

Theft of Service DeterrenceCalifornia Penal Code 593d

Cable theft law enacted in 1982Utilization of Citizen’s ArrestRestitutionAnalog CATVPiracy not a factor todayTechnology has hardened the systemTelephone and High Speed Internet

TodayCox BusinessDigital = Security…for now

What,____ __ _______?

On the Surface:

1 Not guilty 7 Enter Plea 10 Jury trial 70 Plead Guilty 80 TOS Arrests

Below the surfaceBelow the surface:

Deterrent affect keeps tens of thousands from stealing basic service.

Also, FCC Also, FCC •Requirements: CLIRequirements: CLI•Network QualityNetwork Quality

Average Annual Theft of Service (TOS) CasesAverage Annual Theft of Service (TOS) Cases

Basic Theft of Service Program

Field Audit

Field Employee

Anonymous Call

Customer

Investigator Develops Case

Makes contact, executes “Citizen’s

Arrest”

Calls Law Enforcement

Agency to Accompany

LEA Officer writes citation for PC593d

Case submitted to District Attorney’s

Office

Typical Field Audit Inspection71,00071,000 non-subscriber addresses were

audited by Network Inspectors in a recent 12 month period

5,0005,000 accounts were found active without billing

800800 of those accounts were possible theft of service

Unauthorized Active ConnectionsUnauthorized Active Connections

Percent of Poss ible Theft Locations Found Reactivated

94%

6%

Rechecks

Back On (Not all UAs are investigated)

Examples:•Non-Cox equipment•Resident admits theft•Blatant tampering•Neighbors' service affected…

Investigation of UA ActivityInvestigation of UA Activity

1%1% theft rate National average for CATV theft is about 2.1%2.1%

$23 Million in franchise fees to local governments annually—California alone…

Impact of TheftImpact of Theft

Challenges 2012…Reduced Restitution amountsA few cases “dropped”…The average request of the court by Cox

is $1,200 and includes investigation expenses.

The actual damages for a one month theft is about $40…not much of a deterrent.

PC593d allows for $5,000 or 3x actual damages.

Real impact is on network quality“Cumulative Leakage Index” CLIInterference from signal ingress

New ChallengesRetail Stores: Bill Payment

CentersRobbery Prevention

“Solutions Stores”: Retail CentersRobbery PreventionLoss PreventionShopliftingCommercial Burglary Fraud - Identity Theft

Investigation Process

Employee

Customer

Law Enforcement

Leader

OLTB/ Other Anonymous

Source

Quality Assurance

Security

HR

Community Relations

IT

Corp Legal/Security

Employee Leader

Investigationo Policy Violationso Civil Codeo Penal codeo Disclosureo Preserve

Evidenceo Chain of Custodyo Secure PC/Datao Office Spaceo Telephone

Records

Law Enforcement Agency(If Necessary)o Determine PC

violationo Advise on

investigationo Request evidenceLeadership/HRo Employee actionCommunity relations

Finance

More Challenges

“Copper theft”Law Enforcement LiaisonTerritoryEquipment Thefts

“Node”

Equipment theft cases

Partnering with other MSOsLaw Enforcement liaisonGPS technologyEducating field technicians

Other Security IssuesField Employees:

Irate Customers—threatsCrime avoidanceCrime accusations

Bill Payment CentersNetwork Abuse--FraudHR Meetings

Field EmployeesThreats

Emergency Notification Team Communication, stop any field visitsInvestigate, LEA, EvaluateContact: Sometimes term service.

Crime AvoidanceTraining: Avoid, Adult, Accompany,

AlertUrge law enforcement reportingEmployee privacy

HR MeetingsZero Tolerance PolicyTraining

Meeting conductPlanningVisual indicatorsSecurity Involvement

Interview Room—100% Telephone Interview, ship personal items, check

Visitor Procedures, Access ControlEAP

Business Continuity Planning

Fraud: Guarding Customer Information

Customer InformationPolicyTrainingQCForensic Resources

InvestigationsSecurity Role: Policy or Penal Code?Victim or …Law enforcement liaisonChain of custody, etc.

Threat MitigationTheir problems become

our riskEmployees personal

issues Trespass Vandalism Hacking attempts Active Shooters Weapons on Site

(pepper spray) Business disruptions Performance issues

MitigationRelationships

Employees Leadership HR

Awareness Reporting process

Social Engineering

Social EngineeringSnead Ring

Victimized 50 + individualsUsed call forwarding scam to confirm bank

transfers and new credit cardsServing 11 years… Plea agreement 32 counts

of identity theft, credit card fraud, and access device fraud “if imposed consecutively, the maximum penalties for all offenses to which Defendant is pleading guilty are 298 years imprisonment; a fine of $ 8,000,000; and a term of supervised release of 88 years.”

Fraudulently Obtaining Customer DataPrep work

ResearchEx-EmployeesSocial MediaProbingPhishing / Vishing

AttackPosing as Home Office (Corporate)Knowing the “Lingo” and Tools“Test Account”Confirmation

Tools & TechniquesCaller ID SpoofingModem Cloning IP and MAC Spoofing

Caller ID Spoofing

Modem Cloning

IP and MAC Spoofing

Subscriber Fraud

CASE 1ST CLAIRE INC / UNITY RADIO (2 DUMMY

CORPORATIONS)INTERNATIONAL CALLINGCALLING CARDSOVER $80,000 IN LOSSES

CASE 2Michael Grimes 2003 – Present ACCOUNTS SET UP UNDER STOLEN IDENTITIES. FOR $150.00 GUARANTEED HIS “CUSTOMERS”

MINIMUM 4 MONTHS OF SERVICE (NAMES AND SS#s PASS CREDIT CHECK) 200 + FRAUDULENT ACCOUNTS

OVER $150,000 IN LOSSES VOICE, VIDEO, DATA, EQUIPMENT

100+ DIGI / DVR / HD SET TOPS ($250 - $500 PER)Used same stolen identities and process to set up

accounts with power, gas, and telephone Utilities.

Michael Grimes

ID Defendant Name or Alias Birth Year Case Number Case Name Case Status

132710 CARTER 1966 62-2003-11173 MICHAEL GRIMES Disposed

132710 CARTER 1966 P2-2010-2157A MICHAEL GRIMES Disposed

132710 CARTER 1966 62-2007-07440 MICHAEL GRIMES Pending

132710 CARTER 1966 N2-1997-0213A MICHAEL GRIMES Disposed






132710 CARTER 1966 62-2007-07439 MICHAEL GRIMES Pending


132710 GRIMES, MICHAEL 1966 62-2007-09900 MICHAEL GRIMES Disposed

132710 GRIMES, MICHAEL A 1966 N2-1997-0213A MICHAEL GRIMES Disposed

132710 GRIMES, MICHAEL A 1966 P1-1986-0833A MICHAEL GRIMES Disposed




132710 GRIMES, MICHAEL A 1966 62-2007-09900 MICHAEL GRIMES Disposed

132710 GRIMES, MICHAEL 1966 62-2007-07440 MICHAEL GRIMES Pending

132710 GRIMES, MICHAEL 1966 62-2007-07439 MICHAEL GRIMES Pending




132710 GRIMES, MICHAEL 1966 P2-2010-2157A MICHAEL GRIMES Disposed

132710 GRIMES, MICHAEL A 1966 21-2001-00078 MICHAEL GRIMES Disposed

EASY TARGETCUSTOMER FRIENDLY BUSINESSDRIVEN BY SALESLIMITED IDENTIFICATION (WHO’S REALLY

ON THE OTHER END OF THE PHONE / KEYBOARD)

NAME AND SS# MATCH / CLEAN CREDIT CHECK???

DEPARTMENTS EFFECTEDCOLLECTIONSCUSTOMER CARE WAREHOUSE / INVENTORY FIELD (RESOURCES DEDICATED TO INSTALL /

SERVICE FRAUDULENT ACCOUNTS INSTEAD OF PAYING CUSTOMERS)

SALES / MARKETINGACCOUNTING / FINANCESECURITY / LOSS PREVENTIONLEGAL

RED FLAGSMULTIPLE ACCOUNTS UNDER THE SAME NAME AND

SS#VARIED SPELLINGS OF NAMESVARIED SS#sHIGH CHURN RESIDENCES WITH RECURRING NON-

PAYSHIGH LONG DISTANCE / INTERNATIONAL CALL

VOLUME WITHIN FIRST MONTH OF SERVICECOMMON BILL TO ADDRESSESMISMATCHED SERVICES (IE MULTIPLE PHONE LINES

IN A 1 BED ROOM APARTMENT)

OTHER RISKSLAW ENFORCEMENT

UNTRACEABLE / UNIDENTIFIABLE SUBSCRIBERS

INACCURATE INFORMATION ON WARRANTS AND SUBPOENAS

IDENTITY THEFT VICTIM

CREDIT HISTORYWRONG PERSON

(WARRANT)

CHANGE IN PROCESSDEVELOP DETECTION METHODS BASED ON

COMMON CHARACTERISTICS OF SUBSCRIBER FRAUD.

MONITOR DATABASE FOR SIGNS OF FRAUDEMPLOYEE EDUCATION & TRAINING (SIGNS OF

FRAUD)FRONT END Q/A OF SALES AND CUSTOMER CARE /

PROCEDURES IN PLACE FOR LIMITING VULNERABILITY

ACCOUNTABILITY

Questions?

Objectives History Lesson Overview of Cox Communications Threats Theft of Service.

Documents

Transcript of Objectives History Lesson Overview of Cox Communications Threats Theft of Service.