FTC seeks DEFCON help to finger illegal robocallers The Federal Trade Commission is to host a cash competition at this year's DEFCON hacking conference in Las Vegas, with the goal of building a honeypot that can lure in robocallers and allow technologists to analyze how to block them in the future. "Honeypots have been used extensively among information security specialists, …
Congrats. You have the same prize winning useless idea that the FTC declared a winner last time. Every spam call has the CallerID of a local unrelated legitimate business, so somebody else takes the hit. US phone calls come with zero authenticated information.
So get the carriers involved. FFS, we're not talking rocket science. Dear AT&T/Verizon/Microsoft/etc. The call that I just received on my landline/cell voice/sip/etc was spam. Please log the call and pass that info back to whomever handed the call off to you. I am positive each call that occurs in a modern infrastructure has a GUID, and all you do is pass that GUID up the stack to the last telco that routed it.
Keep on going until you either find a telco that refuses to cooperate (in which case you treat them like a spam-hoster) or you find the line/URI that originated the call. Once enough spam reports are aggregated about that line/URI, report them to relevant body.
...why is this hard?
The biggest issue, the penalty for the crime is too lenient. They should make it a criminal offense, so when the robocallers are caught, they just don't get stuck with a fine that will never be paid. The owner starts one of these operations with a little money and then always takes the profits out; when the company is caught, there is no money to pay the fines. The owner then takes some of the profits he made and starts again. Make it a criminal offense and they will have their hands full with their legal issues.
Sorry Trevor, but I'm getting 5 or more robocalls per day, and I'd be quite happy to see the culprits stood up against a wall and shot at dawn (any time of day, actually).
I no longer answer calls whose caller ID I don't recognise. However, I'm starting to see spam on SMS, and I expect it will become completely unusable before long.
Sorry man, as much as I appreciate good hyperbole, that's a pretty serious thing you just said. You would honestly murder people for robocalling you? Honestly?
If you wouldn't, would you imprison them? For how long? At what expense to the taxpayer? Isn't a very stiff fine and a spectacular amount of enforced community service worth it? Fines against the individuals, not the corporations. Make robocalling something you can pierce the corporate veil for.
If they refuse to pay or do community service, then you throw them in jail for contempt. But robocalling shouldn't be a crime. It's a nuisance. Nothing more.
What's next? Can I jail a woman who wears such a skimpy outfit to work that I can't think all day? No? That's a violation of her rights? But how is that less of a nuisance than robocalling? What if I were to walk around in a speedo and let all my fatty rolls hang out, then dance and jiggle in front of your window all day? Ohhh, that one's okay to go to jail, is it?
What about someone who whistles on the bus? That's a nuisance. Can we jail them? There's an Anonymous Coward around here who has a severe mental illness that causes him to post a bunch of pro-microsoft marketing bullshit in virtually every single article. I would dearly love to throttle the bastard with my bare hands, he's that annoying. I consider him a nuisance, can we send him to jail too?
If we start declaring each and every action that can be (or is) a nuisance to be a criminal act, where does it stop? Where's the line between "crime" and "civil disorder" or even "civil disobedience" as relates the to exercise of our rights to assemble, protest, etc?
Is it entirely arbitrary? If not, who decides? You? Who's qualified to draw that line, hmm?
>Every spam call has the CallerID of a local unrelated legitimate business,
>so somebody else takes the hit.
>US phone calls come with zero authenticated information.
Actually, most calls seem to come from non-working numbers. But not all -- I have had several from an unfortunate taxi company in San Jose, and they're really, REALLY tired of their number being given out as the source of the spam.
Solving this needs action from FCC as well as FTC. That's because there IS authenticated information on the origin of calls. But it's not available to "regular punters". But the information IS available as part of "800" service in the U.S. and so enterprising folks have services that redirect your number to 800-service and then to your (hopefully unlisted) actual phone number. And the number you then get as "Caller ID" is the real, actual number of the caller. This number is supplied by the phone company and cannot be spoofed (AFAIK) in the way that happens to regular Caller ID. It's important that this number be correct for 800-service because the recipient pays for the call, and therefore the caller-info-data must be auditable. The 800-service info is separate from the Caller ID signaling.
So it's time for the FCC, which controls such things, to mandate that this info be available generally. The phone companies already have it and use it so the change would be relatively minor.
Of course, the Law of Unintended Consequences remain in effect so there will have to be attention paid to certain categories of call (think: battered women's shelter, etc) but these can be handled in a way similar to the way that people already get an unlisted phone number. I suggest that there would be a "substitute number" supplied that leads back to the phone company. If problems were reported against this number then the actual source would be available to law enforcement. So privacy of these people would be preserved but abuse of the phone system could readily be dealt with.
@AC: the penalty isn't really the problem, although it is a part. The central problem is twofold:
1. it's stupidly easy to spoof call-origin
2. the telcos have no incentive to "discipline" abusive callers. On the contrary, the telcos are happy for the huge call volumes to continue, as long as they can deny knowledge
So here's the solution (part of which I described in another post):
1. use the "automatic number identification" (800-service)
http://en.wikipedia.org/wiki/Automatic_number_identification
info to identify all calls
2. require all telcos to filter the Caller ID info supplied on their PBX trunks for "reasonableness". That is, the telco know what range of numbers is assigned to the trunk and a supplied number outside the range would be replaced by the main number for the trunk.
This won't solve the problem of international spam calls. But those do have non-trivial cost. All the one I have suffered (in the U.S.) seem to have been IP from "various Asian nations" that then enter the U.S. phone system at a local point. That is, they aren't "international phone calls" but "U.S. long distance calls" with a non-U.S. endpoint.
If we can do this then all the U.S.-based boiler rooms will go away, "Rachel" will retire to a beach somewhere, and international phone spam will have to contend with phone charges, and Caller ID.
I think this would be a good first step.
As a coupla folks already mentioned, the phone companies really want spammers to continue. Just like the mail service loves "bulk mail" The Phone Company loves spam callers.
I know this is true because I heard about the company also mentioned above, that has set up a successful business to combat spam calling. I attempted to sign up for their service, but there was a problem: the whole scheme revolves around a special feature I needed to add to my phone service. My landline phone provider does not and WILL NOT ever implement this feature. Even though they would be billing me for this feature every month. I do not recall their name for this feature, but this is what it does - you add a phone number that you want to ring every time your land line rings - this would allow you to forward all your landline calls to your cell phone, for example. In the case of the spam fighters, you add their number instead. Then, they receive the same Caller ID information as yoiu do. When your phone rings, they will intervene and answer all calls on their spam list, and politely decline on your behalf. One (ring) and done!
The real beauty of the system, though, is that subscribers become a sort of honey net. When spammers begin calling from a new number, the pattern of calling, as observed over the subscriber base, quickly reveals that that number is now a spam source, and it automatically gets added to the spam list. For the curious, the service also provides each subscriber with a white list, so that schools and other legitimate bulk callers can continue to reach you. I think it's brilliant.
But there is no way for me to subscribe, since land line service is one of many monopolies I have no choice but to deal with or go without. And, yes, I am very close to dropping my land line forever. And in fact, this is exactly where they want me to go, because land line service is both more expensive to provide, and less profitable than cell phone service. They really, really want to convert me to their cell service. Not that I don't already have a cell phone, so my actions are almost entirely contrary to my best financial interests. Take that, artificial intelligence!!
My broadband ISP (A&A, a.k.a Andrews and Arnold), who are also my VoIP provider, offer an effective known-cold-caller-blocking service on their SIP VoIP service with auto-blocking based on honeypots, the cold-call numbers are then blocked by ticking options on the VoIP number's control pages. This is in addition to ACR, which they have always had.
They are pushing to get the ICO to actually do something when given evidence of unsilocited calls, but even when given clear evidence of crime, they are sadly refusing -
http://revk.www.me.uk/2014/06/ico-refuse-to-take-action.html
watch this space though, he doesn't give up lightly
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
