I discussed some of this with Annie Leduc. I believe that it would be possible to utilize Prognosis (custom monitoring thresholds & node.js) to utilize Prognosis to monitor and actively block potential Toll Fraud calls. Annie stated that she believes their is a module for Prognosis that can write back to the CUCM's. With this in mind, my thoughts are Prognosis could potentially block calls for 2 scenarios (maybe more):
1.) Inbound call comes in to CUCM and then hair pins out (maybe as an example scenario to Unity where the dial by extension feature is used to then place a call outbound to an international number or one of the other known areas (I.E some of the Caribbean Islands)). In this scenario if the CUCM server is setup ahead of time with call blocking (https://supportforums.cisco.com/document/71966/blocking-calls-based-calling-party-id) where a template is used to only add the incoming Calling Party Number, write the number to the blocking Translation Pattern and thus block any further attempts.
2.) Internal call out to PSTN: This might be done, based on thresholds that look for 011 patterns between times where no calls are to be going out (I.E. 6 PM - 8 AM ). Prognosis could then write to the calling line and internal CSS to prevent further calls.
Those are just 2 scenarios, but the potential to use Prognosis to do this as well as become the first tool that would actually, not only monitor for potential Toll Fraud and act on it, are obtainable I believe.