They are not going after the foreign call centers (the actual fraudsters). Instead, they're going after the "gateway operators." This is (to my knowledge) the first time they have done this. But to understand what that means, we need to talk about how phone calls work.
-
-
Prikaži ovu nit
-
If you want to place a call to a US number over the Internet, the easiest way to do that is to buy service from a US VoIP provider that will deliver calls to a real phone number. Your software routes the call to the gateway, and they deliver the call. This is normal and legal.
Prikaži ovu nit -
The government is alleging in this case that the defendants (gateway operators) were providing the phone service to enable scam operations in India to place hundreds of millions of calls, millions in one week alone: https://www.justice.gov/opa/press-release/file/1240036/download …
Prikaži ovu nit -
The content of these calls comprise a "Greatest Hits" of robocalling operations: IRS scams, SSA scams, tech support scams, refund scams. Some of them you probably know and love, like this one:pic.twitter.com/9ZJ5vaTSHQ
Prikaži ovu nit -
The government alleges that these gateway operators KNEW that their customers were fraudulent. And because of this, they have asked a federal court for an injunction to shut them down. How did the government know they knew they served scammers?
Prikaži ovu nit -
One way was that they had been contacted by other telco operators with details of the scams and warning that they should disconnect the scammers from their network. Another was their call records themselves -- too many calls of only a few seconds.
Prikaži ovu nit -
A lot of folks think that the phone companies are sitting idly by raking in profits from the scammers. The truth is, the legitimate companies have TEAMS of people whose job it is to fight this problem.
Prikaži ovu nit -
They are trying as hard as they can, but they are fighting against malicious operators, scammers that can move infrastructure quickly, and a network that was not technologically designed to combat fraud at this scale.
Prikaži ovu nit -
So will this action make a dent in the problem? We should know in a few days if the robocall volumes go down. I suspect they will in the short term. After a single (huge) IRS fraud ring in India was prosecuted, the fraud all but disappeared -- for a little while.
Prikaži ovu nit -
The scammers will come back, though. The government alleges the defendants made millions off of these frauds (and they were just an intermediary). Telephone scams are lucrative, have a low barrier to entry, and are hard to prosecute.
Prikaži ovu nit -
So what have we learned, and what's the long term solution? A few thoughts:
Prikaži ovu nit -
First, going after negligent carriers may make it harder for scammers to operate. Props to the investigators and attorneys for their work on this case!
Prikaži ovu nit -
We need better threat intelligence and investigative tools. This investigation was very much a manual process. Regulators have told me that prosecuting scammers at scale is hard because of the sheer number of calls and data they have to sort through. My group is working on this.
Prikaži ovu nit -
Longer term, we need better ways to authenticate calls so that spoofing no longer works. STIR/SHAKEN are a step in the right direction, but I fear that it won't be effective for the millions of phone lines that are not VoIP. We've developed techniques that can help.
Prikaži ovu nit -
Finally, these issues should be a priority for security researchers and policymakers. The phone network can reach nearly every human on Earth in a matter of seconds with only a few failures each day. It's a massive accomplishment -- and robocalls are making it darn near useless.
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.