Robocalling Scourge May Not Be Unstoppable After All (arstechnica.com) 236
Dan Goodin, writing for Ars Technica: New data shows that the majority of robot-enabled scam phone calls came from fewer than 40 call centers, a finding that offers hope the growing menace of robocalls can be stopped. The calls use computers and the Internet to dial thousands of phone numbers every minute and promote fraudulent schemes that promise to lower credit card interest rates, offer loans, and sell home security products, to name just a few of the scams. Over the past decade, robocall complaints have mushroomed, with the Federal Trade Commission often receiving hundreds of thousands of complaints each month. In 2013, the consumer watchdog agency awarded $50,000 to three groups who devised blocking systems that had the potential to help end the scourge. Three years later, however, the robocall problem seems as intractable as ever. On Thursday at the Black Hat security conference in Las Vegas, a researcher said that slightly more than half of more than 1 million robocalls tracked were sent by just 38 telephony infrastructures. The relatively small number of actors offers hope that the phenomenon can be rooted out, by either automatically blocking the call centers or finding ways for law enforcement groups to identify and prosecute the operators. "We know that the majority of robocalls only come from 38 different infrastructures," Aude Marzuoli, research scientist at a company called Pindrop Labs, told Ars. "It's not as if there are thousands of people out there doing this. If you can catch this small number of bad actors we can" stop the problem."
Would love to see something done (Score:2)
I've had to cancel a phone number over the sheer number of robocalls it got, rendering it useless. Even on my main personal cell phone I'll go through periods of several calls a week. I liked it better when there were real people on the other end you could fuck with rather than just robots.
Re: (Score:2)
I've set up my cell phone so that any calls I get from people who aren't in my address book just get shunted straight to voice mail. The phone doesn't even ring. Problem solved!
Re:Would love to see something done (Score:5, Interesting)
Several calls a week? I'm envious. I get a minimum of several a day.
You know, murder is a crime because you rob someone of the remaining time they might have had on this planet. Robo callers steal the equivalent of lifetimes every single day and our useless FTC seems utterly incapable of doing a damned thing about it.
Re:Would love to see something done (Score:4, Informative)
It comes and goes in cycles. For awhile I was getting several a day from the same company shilling security systems. I finally got them to stop when I worked my way through their system getting farther and farther along each call until I managed to get a tech dispatched to an abandoned house not far from me. They stopped calling at that point.
Depending on what I was doing at the time, I also enjoyed just letting them ramble on for awhile about their spiel, then give them an address in Canada or Australia or something. Really pissed them off.
Nowadays they're almost all initially handled by an automated speech thing (albeit some are scary good) so it's harder to have fun with them.
Re: (Score:2)
> Several calls a week? I'm envious. I get a minimum of several a day.
Here is my solution to deal with those shenanigans:
* Every spam call you get, counterintuitively, ADD it to your Contacts under "Spam" BUT append a number.
i.e.
I get a call from 555-1234, it gets added to contact "Spam1" ... oh look, Spam1 is phoning. *Ignore* ... oh
I get a call from 555-9999, it gets added to contact "Spam2"
I get a call from 555-1234
I get a call from 555-6666, it gets added to contact "Spam3"
I get a call from 555-1234
Re: (Score:2)
> Several calls a week? I'm envious. I get a minimum of several a day.
Here is my solution to deal with those shenanigans:
* Every spam call you get, counterintuitively, ADD it to your Contacts under "Spam" BUT append a number.
You didn't mention what phone you have.
I do the same thing on my iPhone, but I have noticed the block seems to take effect with the numbers in the contact at the time the block is applied. i.e. when I add a phone number to the "Spam" contact, I need to unblock "Spam" momentarily, then reapply the block, to ensure the new number is blocked.
Re: (Score:2)
Is there a reason you add it to your Contacts list, instead of just blocking the number itself?
I don't have an iPhone, but according to Apple Support [apple.com], you can go to your call log (called "Recents") and block the number without having to add it. Apparently you click on the "i" icon and scroll to the bottom.
With an Android phone, you can go into your call log, long press the number you want to block and then select the block option.
I just checked that and see you are correct.
I have been using the blocked contact method for over 3 years.
It is possible the direct blocking ability was added in an iOS update at some point.
Thanks for the tip!
Re: (Score:2)
> Is there a reason you add it to your Contacts list, instead of just blocking the number itself?
I've been using this method since the iPhone 3GS days -- it didn't support call blocking only the carrier did.
Adding them Contacts seemed like the easiest "work-around".
Remember, this was in back in the days before there was even a blacklist option or app.
> and block the number without having to add it.
Thanks for the tip! I'll keep this in mind when/if I upgrade to a newer iPhone.
> Apparently you clic
Re:Would love to see something done (Score:5, Interesting)
I still believe that regulators should require that, if a caller ID is to be presented, it should be traceable to an individual in the originating country (with the carrier responsible if it's not). A carrier should be able to warrant this to its interconnects - if it can't, that carrier's calls will all be presented with no caller ID.
Customers can then reject calls without caller ID or from other countries if necessary.,Where caller ID is presented it is then traceable to a person, enabling existing state rules about such calls to be enforced.
There is no good reason that I should be able to buy a VOIP account for a couple of dollars a month and spoof any caller ID.
Re: (Score:2)
Yes. That includes attempted fraudulent trade and advertising practices, such as robocalling. Also, the Do Not Call list.
Re:Would love to see something done (Score:4, Informative)
Our main "Home Phone Number" is a Google Voice line. One of the nice features they have is "spam filtering" for phone calls. If a person calls us and it's a robocall/scammer, we can block the number. Then, when they call again, they get a "this number has been disconnected" message. If enough people do this, calls from that number automatically are blocked. Often, Google Voice will alert us that we missed a call when our phones didn't ring. When we look into the number, it's invariably a scammer trying to get through.
Re: (Score:3)
Re: (Score:3)
Re: (Score:3)
This is a key part of the problem, the ability to spoof the caller ID. There are only a very few legitimate reasons for doing this (eg call back from Samaritans, sexual disease clinic, ...) most others should be banned. I will accept caller ID of a home worker being set to his company head office - but it will have to be registered as who he works for. Maybe also a legit call center that operates of behalf of customers - but again needing registration.
Yes: many of these spam calls originate from overseas; t
Dealing with spam callers (Score:2)
I've had to cancel a phone number over the sheer number of robocalls it got, rendering it useless.
I don't get a lot of calls but I do get some and my basic policy is that if the number isn't in my address book or I'm not expecting a call from a particular party it goes straight to voicemail because I won't pick up. I have a voicemail service that lets me block callers (they get a number not in service message), require them to enter a phone number if they block the caller id, and the service also helps flag robocalls, spammers, etc. It also transcribes the voicemails so I don't actually have to listen
Re: (Score:2)
That particular number was for a line that often received vendor calls, so simply blocking/dodging calls wasn't an option. New number we got was fine though.
Re: (Score:3)
Re: (Score:3)
I don't work for them, so I don't know how trustworthy they are.
Re: (Score:2)
Try this...it works for me: https://www.nomorobo.com/ [nomorobo.com]
I don't work for them, so I don't know how trustworthy they are.
I just checked out that site.
It works only on VOIP.
POTS & cellular not supported.
Re: (Score:3)
I very much enjoy messing with the scamers I got a call from the supposed IRS and I asked the guy if he could do the Microsoft tech support call instead because I found it really funny. After describing some of my favorite calls he said his boss was looking at him funny because he should have hung by now since I already knew. I haven't received any for a while.
I would pay for a robocall chat bot (Score:2)
Can't Big Blue, Amazon Alexa, Siri, or others provide a service that can be configured to answer your phone, detect a robo call, and keep the caller engaged in conversation as long as possible? We need a Liza upgrade.
Re: (Score:2)
The article mentions that some group managed to create a honey pot for robocalls. Seems like an excellent source for training material for some voice recognition and artificial intelligence.
There was Ghostbusters.... (Score:2)
...but where is the number or signal for Anonymous? I think I have a small job for them. See article. :)
We should call everyone (Score:4, Funny)
Low cost (Score:4, Insightful)
Re: (Score:2)
Depends on how they are culled. If they are done for in a spectacular and permanent way then others would think twice before starting such practice.
Re: (Score:3)
Depends on how they are culled. If they are done for in a spectacular and permanent way then others would think twice before starting such practice.
There are only 40 call centers, gasoline is fairly inexpensive and there seems to be an excess of styrofoam around that no one can't get rid of
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Drawing and quartering sounds about right. . .
Re: (Score:2)
Precisely why I despise the FTC (Score:2)
For years they have basically thrown their hands in the air and declared the robo-calling problem unsolvable. They even pathetically tried to crowd-source a solution. And here we learn that there are a small number of perpetrators behind the majority of the calls. No doubt the FTC will do nothing with this information.
I get as many as six robo calls a day. When I used to answer the calls just to waste their time the majority of the operators spoke American english so were clearly operating in th
Drones. (Score:2)
We have the technology. Predator drones, heavily armed.
Take out the call centers and more importantly, take out the people who are behind these operations.
I have stated this before... this would be a far more useful application of the technology than how it is currently used.
Re: (Score:2)
I was thinking park a SSGN off of the nearest coast. A bunch of Tomahawks will (very temporarily) brighten anybody's day.
Why kill when you can overkill?
Re: Drones. (Score:4, Insightful)
Re: (Score:2)
I disagree strongly with your violent and ineffective proposal.
Instead, I prefer a much more effective proposal of JDAM. Predators just don't have the load capacity for this.
Predator was 15 years ago. It grew up into the MQ-9 Reaper, which can carry 4 JDAMS. One JDAM would get the job done, but remember Rule 37: "There is no overkill, there is only 'open fire' and 'time to reload'".
The problem is easy to fix (Score:2)
Look, this is simple. We just need government workers to show up and actually work. Yeah, crazy talk, I know.
Rachel from Cardholder Services advertises on Craigslist in Orlando. How difficult is it to just use their services (I know they're calling people at the FTC) and track them down? Use existing laws to put them out of business. There are plenty of options for those willing to do the minimal amount of work.
you minorly inconvienced me, prepare to die! (Score:2)
Use existing laws to put them out of business
Can't we break out the pitchforks and torches for this? Literally?
Come on, don't let Trump use his deep pockets to corner the angry mob market!
Re: (Score:2, Insightful)
Look, this is simple. We just need government workers to show up and actually work. Yeah, crazy talk, I know.
They're underfunded. Just ask them. By the time our Federal LE's have analyzed all the consent decree paper work from racist police departments and processed all the refugee cases and sued enough states for voter ID laws and attended enough white privilege awareness seminars there is precious little time or budget left to pursue these criminals. Congress can outlaw whatever it wants but if the Republicans won't supply the billions upon billions needed to employ enough departments full of lawyers to pursu
Re: (Score:2)
It's not just underfunding.
All the perps gotta do is claim they are muzzies and bitch about 'civil liberties' and they can scam, kill and blow up whomever they want.
This is the actual law enforcement doctrine of the united states, look it up.
Emotionally put, but nevertheless effectively true. Remember the Orlando shooter? Someone (perhaps more than one) at his mosque called the FBI to warn them this guy was unhinged. The guy was already on a watch list. The FBI did nothing because that's the culture there now.
Arresting a Muslim before a terrorist act occurs is a career-ending move. Waiting till afterwards has no lasting negative career effect.
FFS, the Muslim community did exactly the right thing here, and the FBI dropped the ball - heck, t
Re: (Score:2)
Look, this is simple. We just need government workers to show up and actually work. Yeah, crazy talk, I know.
Rachel from Cardholder Services advertises on Craigslist in Orlando. How difficult is it to just use their services (I know they're calling people at the FTC) and track them down? Use existing laws to put them out of business. There are plenty of options for those willing to do the minimal amount of work.
To be slightly more precise, we need legislators to get their heads out of each others butts and do their job. The current bunch are almost entirely occupied with infighting. Fire them all, just to be sure.
Re: (Score:2)
Look, this is simple. We just need government workers to show up and actually work. Yeah, crazy talk, I know.
Rachel from Cardholder Services advertises on Craigslist in Orlando. How difficult is it to just use their services (I know they're calling people at the FTC) and track them down? Use existing laws to put them out of business. There are plenty of options for those willing to do the minimal amount of work.
To be slightly more precise, we need legislators to get their heads out of each others butts and do their job. The current bunch are almost entirely occupied with infighting. Fire them all, just to be sure.
The post you're replying to says "there are plenty of laws already on the books that cover these situations, we should just use them." Your response is "congress should get off its butts and pass more laws."
Obligatory xkcd [xkcd.com].
Re: (Score:2)
Most government workers are conscientious about reporting to work and doing their job. And the ones facing the public have the worst jobs because the pubic, probably contrary to your beliefs, is crazy. Ever listen to CSPAN's call in show? The things members of the public believe are unbelievable, yet they persist.
I though it was just those "other people" at first. Then I found out my sister wrote a letter to President Obama claiming she didn't receive her fair share when Ma died and the estate was settled t
How about a law? (Score:2)
Of course it's not unstoppable (Score:5, Insightful)
Freeze their assets until they release the billing information to the state AGs. That'll untie their hands really quick.
Re: (Score:3, Informative)
No. They're not "routing the calls from end to end".
They get a call from a 3rd party, the call has ID in it, but they only deal with that 3rd party they don't know or care who actually has the phone initiating the call. The rules for how that works are set by the International Telecommunication Union or ITU which governs how telephone networks connect between countries.
Like the Universal Postal Union, and like the IANA, this can only work if everybody agrees. But if you don't agree, you have to be cut off c
Re: (Score:2)
oh, wait...
Re:Of course it's not unstoppable (Score:5, Insightful)
Re: (Score:2)
You would be surprised at how convoluted the VoIP reseller world is.
We buy minutes from 5 carriers who themselves use upstream carriers who also use upstream carriers. All of the routing is based off of cost tables (called rate decks) to get the best value. The rate decks change often enough that different carriers are used to make a call to the same number, just depending on when the call is made. Add in to that load balancing and failover (it is extremely common for a call to fail for any number of reaso
Re: (Score:2)
These voip calls aren't free.
Actually, a lot of them are. Just Google around you can find lots. These companies pay for the PSTN connection but offer free VoIP services on the internet. This allows the actual caller's identity to be abstracted behind proxys or compromised hosts or whatever. Or, they can use legitimate VoIP services but using funds that are hard to trace, like prepaid credit cards and buying Skype minutes or using bitcoins to purchase service from some of the shadier providers, etc.
Re: (Score:2)
Not realy that hard to hook up spam type filtering at voip providers problem is it's very hard for an end user to determine what voip provider they are using and block them in entirety.
Re: (Score:2)
Sure, they use caller ID spoofing so that we, the recipients, can't block the number, but you know who knows exactly who the spammers are? The phone company, for two reasons: first, they're routing the calls from end to end, so they know the real source rather than the spoofed one.
Exactly.
Many of them are operating out of places like Cypress, Sao Paulo, the Philippines, etc and they use Skype or some other VOIP service. I get calls where the caller ID says "Albuquerque, NM" or "Portland OR"...and they're clearly from an overseas call center. But the phone company knows where they're coming from and could block them if they wanted to.
Re: (Score:2)
Call routing on the PSTN is a pretty well-tracked thing by telcos as they charge for access, so they could pretty easily trace these back to specific VoIP providers bridging robocalls onto the PSTN.
It's a double-edged sword, though, as some may charge per call bridged. This creates a moral hazard for telcos, as they end up making money on robocalls by bridging them onto PSTN.
What would make it harder, though, are the number of hackable or open VoIP/PSTN bridges out there they may be terminating robocalls w
A free market solution awaits. (Score:2, Funny)
No, the government should not interfere in the telemarketing industry.
Free market theory tells us that bad actors will go out of business on their own because people will refuse to purchase the services they are selling.
So there is no need for the government to interfere. The problem will solve itself.
Re: (Score:3)
If we can privatize law enforcement too, that just might work.
#ocp
Re: (Score:3)
Re: (Score:2)
Of course it isn't unstoppable. (Score:3)
The fact that the Internet was the "Wild West" is just because the Internet was ignored for a long time by the powers-that-be. My feeling is eventually you won't be able to connect to the Internet without an "approved" network connection device/router and that device will be monitored and encrypted traffic will be either disallowed or the router will do MITM to allow the monitoring to take place. This is all technologically possible today. Secure boot, locked down devices are just the start.
"Surely you can't be serious!", Slashdotters will say! Well I say "Stop calling me Shirley!"
Re: (Score:2)
My feeling is eventually you won't be able to connect to the Internet without an "approved" network connection device/router and that device will be monitored and encrypted traffic will be either disallowed or the router will do MITM to allow the monitoring to take place. This is all technologically possible today. Secure boot, locked down devices are just the start.
with end to end keyed encryption available, this will be hard to enforce unless encryption AND VPNs are disallowed. I don't think a lot of companies would be too keen on allowing the gov full access to all their internet traffic any more than they'd be happy to send copies of all their documents, with the exception of RIM, of course.
Re: (Score:2)
Re: (Score:2)
Cut'em off at the root. (Score:4, Insightful)
The FCC and FTC need to be going after the telecoms selling the phone numbers and trunks to them instead. I know CenturyLink is infamous for that, leasing numbers and trunks to them up in Portland with little or no regard for national security or respect for the law. Only then being an accessory to the crime by shielding their identity information from the law.
Yeah, the ILEC's and CLEC's need to be held accountable for that.
Hold the phone companies responsible. (Score:3)
Of course it is stoppable. I mean, how are these companies getting their phone numbers from which they operate? Why are companies like AT&T selling blocks of phone numbers to people for next to nothing? The phone companies are responsible for this mess and nobody is taking them to task for it.
Re: (Score:2)
Re: (Score:2)
Caller ID is nearly meaningless, but do you think the BILLING department relies on Caller ID? The metadata used for billing is quite reliable and spoofing is not allowed.
We just need to play the exciting game of "Here's your fine". I'll bet if the local telco is offered a choice of pay the million dollar fine themselves or tell who handed the call off to them, they'll find that metadata. Lather, rinse, and repeat until you end up at a call center.
Re: (Score:2)
There are a few valid reasons not to block spoofed caller ID (for example, the appropriate callback number may actually not be the number of the outbound line), but that in no way prevents enforcement of laws and regulations surrounding robocalls.
Re: (Score:2)
The common carriers (Score:5, Insightful)
Re: (Score:2)
The NSA can tap every phone in the country, but they can't find Rachel from cardholder services.
^^^^ This, times a million billion.
If I ever find that bitch, I'll rip her limb from limb. Slowly. While she's impaled on an iron spike.
Re: (Score:2)
You're right, the carriers have a huge moral hazard in that they collect interconnect fees from VoIP providers. They can identify any call origin, but the question is do they want to give up that provider's payments.
It always galls me that law enforcement wants unmitigated hacking power for communications systems and devices, but never use it to go after fraudulent businesses.
Re: (Score:2)
The NSA can tap every phone in the country, but they can't find Rachel from cardholder services.
Not true. [ftc.gov] The FTC has shut down over a dozen companies over this. The problem is that there are many scammers running copycat scams and it's nearly impossible to catch them all.
There must be bulletproof source ID for calls (Score:2, Insightful)
The robocall problem will never be addressed until there is bulletproof traceback for all calls. Anyone with the know-how can falsify caller-id and even ANI. Even phone carriers can't identify the actual source of many robocalls coming into their network; all they know is the upstream hop. The national phone system trust system is broken and it is going to have to be updated so the carriers can ID the source of any call they carry. Then, and only then, you can blackhole them.
It's amazing the terrorists
tell them they called a Murder Scene (Score:2)
Just do this
https://www.youtube.com/watch?... [youtube.com]
Is our phone network so insecure... (Score:3)
.
Currently, we cannot find the robo-callers because we allow them to hide. Why is that so? Why do we make it easy for them to hide?
Re: (Score:3)
No Money for enforcement (Score:2)
What countries are the located in? (Score:2)
I see comments RE the FTC. There is a good chance the call centers are not in the US, and therefor NOT subject to US law. Ah the fun of the borderless internet
Of course, the US really could solve it, and 100 years ago, countries that had citizens of other countries violating their wars did regularly
38 JDAMs would solve the problem, and send a warning at the same time
http://fas.org/man/dod-101/sys... [fas.org]
Bend like a reed in the wind (Score:2)
Bofors (Score:2)
You can still count money over noise, no matter it be ack-ack or robodialers.
Government is not interested in prosecuting them (Score:2)
After receiving a call from someone impersonating an IRS agent, I went to the FCC web site. There was a feature to chat with a live person (I think that feature is gone now).
I reported all the information about this caller, and stated that I wanted to press charges against him for falsely representing himself as an IRS agent (over what was likely a phone call that crossed state lines). The FCC employee was taken aback. Press charges? We don't do that.
I said, I thought the FCC is responsible for enforcin
Re: (Score:2)
>> I thought the FCC is responsible for enforcing certain laws, and aren't you obligated to take some sort of action when a victim wishes to press charges?
Government services (including the Police) are there to protect the government and their interests, not the people.
Robocalling for ISIS (Score:2)
If it were a national security issue, no one would be allowed to spoof a return number of have an anonymous number. Look how the Feds want to make sure everyone uses their real identity on the internet, but they don't seem to give a damn about the telephone network.
And the RIAA and MPAA want to be able to trace and sue every john doe by the IP#, but they also don't give a damn about the telephone network.
So it seems that, in a world of TCP/IP, dial-up is the frontier of the hacking world because companies a
Most of them Level 3 Call Centers (Score:3)
I can guarantee you that 90% of those fewer than 40 call centers are owned by Level 3 or a subsidiary of Level 3. Every number I've traced (I love the ones that start with my area code then the first digit is a 1) has come from Level 3 or a Level 3 subsidiary. I've notified them multiple times of this shit, and they refuse to do nothing.
Shut Level 3 down and hit them with criminal charges, and I guarantee you most of this will stop immediately.
Re: (Score:2)
You fucking ignorant neckbeards
Fix it yourself. You can use this:
sed 's/actors/actresses/g'
Re: (Score:2)
Re: (Score:2)
Do you have so few friends that you are able to put every single one in your contact list?
I'm fairly certain that your phone can hold more contacts than you have "friends." Mine certainly can.
Re: (Score:2)
I do by accident sometimes. This happens if I am expecting a call from one person and the phone rings and I pick up right away without waiting for caller-id to tell me who it is.
Re: (Score:2)
But certainly! Nothing beats fucking with some scammer who tries to swindle you out of some money! Keep them busy and enjoy the end of the call when they break down because they just noticed they spent 15+ minutes and will not close a sale, it will ruin their record and they'll get whipped tonight.
Scammer tears are delicious!
Re: (Score:2)
Re: (Score:2)
what about overseas ones where the us gov can't touch them.
Re: (Score:2)
what about overseas ones where the us gov can't touch them.
We still have aircraft carriers. We still have nuclear subs. We can touch them with finality.
Re: (Score:2)
It's great as long as you don't have an analog line, like the vast majority of home phone users. If you have a regular POTS then the service isn't available.
Re: (Score:2, Troll)
Do you also drive a Model T and use an abacus for calculations?
Re: (Score:3)
Are you suggesting that people with old cars should buy new ones to stop criminals from taking a hammer to the windshield? The problem is not the victim's phone. The problem is the phone company's refusal to address the problem.
Re: (Score:2)
At&t keeps trying to get me to upgrade to VoIP over POTS.
Sounds pretty unreliable to me.
I would go from needing one thing to work to make a call to needing three things to work to make a call.
Now to make a call I need POTS to work.
If I let them switch me I would need POTS (for DSL) electric (for dsl) and DSL.
Re:Why? (Score:4, Funny)
2) All the directors of the cold calling firm are imprisoned for 3 years and finned $1,000,000 each
3) All the directors of the origitaing company (ie those who instructed the cold calling company) are imprisoned for 5 years and finned $1,000,000 each
This stuff won't work. The beings who are doing all this stuff are humans, not sharks. Humans don't have any fins, so finning them doesn't even make sense. Finning a shark is indeed a horrible and painful way to kill it, but since humans don't have any fins, what you propose is completely nonsensical.
Disemboweling, however, does seem like an appropriate punishment for these people. I also like that one where they tie someone's limbs up to four horses and then make the horses pull them apart.
Re: (Score:2)
Why? They're super fun to toy with. I have a honeypot set up all just for them so they can play around. And I get new free malware samples, it's so win-win.
Re: (Score:2)
Just count the responses right here that already spelled out the solution by blocking and white listing. Why is anybody even discussing this anymore??
Because white listing doesn't work when you don't know the number from which someone is calling you, even if it a legitimate call.
Because black listing doesn't work because the spammers are spoofing their CallerID to be any number they want.
Re: (Score:2)
This. Why/how the phone companies continue to get away with allowing callers to do this boggles my mind.