Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.
posted by cmn32480 on Saturday August 06 2016, @06:13PM   Printer-friendly
from the get-robocop-on-them dept.

Arthur T Knackerbracket has found the following story:

New data shows that the majority of robot-enabled scam phone calls came from fewer than 40 call centers, a finding that offers hope the growing menace of robocalls can be stopped.

The calls use computers and the Internet to dial thousands of phone numbers every minute and promote fraudulent schemes that promise to lower credit card interest rates, offer loans, and sell home security products, to name just a few of the scams. Over the past decade, robocall complaints have mushroomed, with the Federal Trade Commission often receiving hundreds of thousands of complaints each month. In 2013, the consumer watchdog agency awarded $50,000 to three groups who devised blocking systems that had the potential to help end the scourge. Three years later, however, the robocall problem seems as intractable as ever.

On Thursday at the Black Hat security conference in Las Vegas, a researcher said that slightly more than half of more than 1 million robocalls tracked were sent by just 38 telephony infrastructures. The relatively small number of actors offers hope that the phenomenon can be rooted out, by either automatically blocking the call centers or finding ways for law enforcement groups to identify and prosecute the operators.

"We know that the majority of robocalls only come from 38 different infrastructures," Aude Marzuoli, research scientist at a company called Pindrop Labs, told Ars. "It's not as if there are thousands of people out there doing this. If you can catch this small number of bad actors we can" stop the problem."

Pindrop researchers reached the conclusion by creating a security honeypot of phone numbers that received more than 1 million robocalls. The researchers transcribed about 10 percent of the calls and analyzed the semantics with machine-learning techniques to isolate identical scams. The researchers combined those results with analysis that tracked 150 different audio features of each call. By studying the codecs, packet loss, spectrum, and frequency inside the audio and combining the results with the machine learning, the researchers were able to obtain a fingerprint of each different call center.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Saturday August 06 2016, @06:28PM

    by Anonymous Coward on Saturday August 06 2016, @06:28PM (#384806)

    We don't need to catch them all. If we publicly hang the first few we catch the rest will probably close up shop quickly. And before the naysayers start squawking "due process!" we'll let them call a lawyer but only from one of their fake phone numbers. It's not our fault if no-one answers.

    • (Score: 2) by rts008 on Saturday August 06 2016, @06:50PM

      by rts008 (3001) on Saturday August 06 2016, @06:50PM (#384810)

      This is one time I would not be opposed to drone strikes. ;-)

      Reminds me of playing Fallout, and the encounter with the spammer being attacked by the crowd. I just sat back and watched, amused. Of course, I looted the corpse when all was said and done. :-)

    • (Score: 2, Insightful) by Anonymous Coward on Saturday August 06 2016, @07:33PM

      by Anonymous Coward on Saturday August 06 2016, @07:33PM (#384814)

      As a resident naysayer, there is due process and there is due process :)

      Criminal sanctions isn't really the way to address this (it's an economic problem. You solve it through economic means).

      What you really want is to freeze credit assets, drying up cash flow, making the business unprofitable. This is actually best addressed through civil law.

      If the actors are that few, this can be be accomplished by state DAs suing for damages (much like what happened to tobacco companies).

      • (Score: 1, Informative) by Anonymous Coward on Saturday August 06 2016, @11:21PM

        by Anonymous Coward on Saturday August 06 2016, @11:21PM (#384849)

        Economic penalties are only effective if they leave their assets vulnerable. I'm for criminal penalties including incarceration and feeding them into thresher machine.

        • (Score: 0) by Anonymous Coward on Sunday August 07 2016, @12:33AM

          by Anonymous Coward on Sunday August 07 2016, @12:33AM (#384858)

          I'm not certain what is more vulnerable than having their assets frozen pending litigation. I mean when you really fuck up, it affects your credit rating :)

          Or perhaps you were thinking of the slap on the wrist fines that normally come from this?

          As noted elsewhere, the tools to address this criminally are there but for other reasons aren't carried out.

          50 DAs looking to get a slice for their state is about as debilitating as you can get, and you don't need to wait for congress to act to pursue it.

      • (Score: 2) by Thexalon on Sunday August 07 2016, @03:40PM

        by Thexalon (636) on Sunday August 07 2016, @03:40PM (#384986)

        Criminal sanctions isn't really the way to address this (it's an economic problem. You solve it through economic means).

        What you really want is to freeze credit assets, drying up cash flow, making the business unprofitable. This is actually best addressed through civil law.

        Why are we presuming an either-or here? Civil penalties and actions do not preclude criminal actions, and vice versa.

        Robocalling is blatantly violating the law. Any business engaging in it as a major part of their business model should indeed be sued into the ground, but also have its officers up on charges. And, based on the robocalls I'm getting, the crime of robocalling isn't the half of it: Dig into these robocalling organizations and you'll find loan sharks, identity thieves, and scam artists. This isn't a case where some business is cutting corners on regulations. This is a case where their entire business is based on criminal activity. In that, they're not much different from drug dealers, except that drug dealers actually make their customers happy for a short while. In other words, this is exactly what RICO was invented for, and we should be making full use of it.

        --
        The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 5, Insightful) by Francis on Saturday August 06 2016, @07:44PM

      by Francis (5544) on Saturday August 06 2016, @07:44PM (#384816)

      We don't necessarily need to catch any of them to get this to stop. What we need to do is start fining the telecoms that profit off of this. As it is most of those calls are using spoofed numbers rather than real numbers or just the usual masking. I've even gotten calls that were purported to be from the same line that was being called.

      Even just blocking the phone numbers that aren't supposed to be routable would be a huge step in the right direction. I've been getting calls lately from a phone number that shouldn't exist, the telecom is ultimately the one that enables that to happen. I personally only get calls from a handful of people on a regular basis, I should be able to white list those callers and everybody else can go to voice mail unless it's emergency responders trying to get in touch with the person on the phone.

      It's sort of like how the banking industry is a large part of the target when it comes to money laundering and other illegal transfers. You can't realistically stop the illegal money transfers, but if you push it out of the legitimate banking industry, it becomes more expensive and riskier to transfer the money.

      Making it criminal in whatever way is relevant is another layer that ought to be applied in cases where the technical either doesn't work or if law enforcement figures out who is doing it.

      • (Score: 2) by Scruffy Beard 2 on Sunday August 07 2016, @04:59AM

        by Scruffy Beard 2 (6030) on Sunday August 07 2016, @04:59AM (#384891)

        I have called from a "local" (6 digit) number. I gave up my DID with my first VOIP provider when they stopped routing calls to me.

  • (Score: 0) by Anonymous Coward on Saturday August 06 2016, @07:02PM

    by Anonymous Coward on Saturday August 06 2016, @07:02PM (#384811)

    the researchers were able to obtain a fingerprint of each different call center.

    So can we just drop some munitions and get this dealt with?

  • (Score: 5, Insightful) by jmorris on Saturday August 06 2016, @07:36PM

    by jmorris (4844) on Saturday August 06 2016, @07:36PM (#384815)

    Think about it, the phone companies see these call centers as valuable customers so they run cover for them while their pet politicians allow it. Think two seconds about it and it is obvious this problem could be eliminated in a month if the powers that be actually cared.

    Establish a * code to report a fraud number that pulls the ANI (i.e. the real originating number) and and routes it to a small task force of ten FBI agents. As each agent finishes their previous case they pull the number with the largest number of complaints in the past week. Call a sample of the complainers and get statements, use those to get a warrant to tap the line and record actual fraud attempts in progress. Arrest everybody involved (including the actual low level telemarketers) and seize everything connected to the operation. Make sure there is plenty of media coverage. Within a month you could reassign eight of the agents because phone scams within reach of the FBI wouldn't exist. Then move on to the VOIP shops trunking calls in from overseas and start drying up their ability to keep US based lines for long enough to matter.

    This of course has not happened. And it won't happen.

    • (Score: 0, Offtopic) by Anonymous Coward on Saturday August 06 2016, @07:50PM

      by Anonymous Coward on Saturday August 06 2016, @07:50PM (#384817)

      The problem is that the government is too busy going after the easy people to go after, namely, the victimless criminals. The war on drugs is designed to create 'criminals' that are easy to go after so that you can hire more law enforcement and proclaim that you are doing something constructive. Now you can justify having more law enforcement which can be used to otherwise enforce your police state when convenient.

      In the meantime the war on drugs distracts from going after actual crimes with victims, crimes that are more difficult to stop, while still allowing law enforcement to pretend to be doing something useful. It's sad how useless law enforcement is when it comes to stopping actual criminals, people who actually deserve to be categorized as criminals. Instead, they focus on victimless criminals and overcriminalizing everyone to make easy targets for law enforcement to go after while claiming they are doing something useful.

      This is just another example of that.

      • (Score: 4, Informative) by Nuke on Saturday August 06 2016, @10:22PM

        by Nuke (3162) on Saturday August 06 2016, @10:22PM (#384842)

        the government is too busy going after the easy people to go after ... the war on drugs is designed to create 'criminals' that are easy to go after

        Seems to me that it would be pretty easy to go after these Robotcallers. But style points for trying to change the subject of the discussion to your own favourite issue; nice try.

    • (Score: 0) by Anonymous Coward on Sunday August 07 2016, @11:32AM

      by Anonymous Coward on Sunday August 07 2016, @11:32AM (#384944)

      Establish a * code to report a fraud number that pulls the ANI (i.e. the real originating number) and and routes it to a small task force of ten FBI agents.

      Some years back the government ran a contest to seek technical solutions to the problem. They got half a dozen entries suggesting such a code and half a dozen more saying that such a code already exists and they just needed to tell the telecoms to upgrade their equipment to support it. Of course these entries were all rejected.

    • (Score: 1) by daver!west!fmc on Monday August 08 2016, @05:41AM

      by daver!west!fmc (1391) on Monday August 08 2016, @05:41AM (#385186)

      Way back in the 1990s it was possible to run a CLEC (Competitive Local Exchange Carrier) whose business was modem pools configured to answer inbound calls. The way this worked was that there were settlement fees paid by the originating LEC to the terminating LEC, one when the call was answered and a per-time-unit charge for the length of the call. As calls to ISPs tended to go on for a while, and always went to the ISP, the business model was to sign up ISPs as customers and then collect money from both ISP customers and from originating LECs (usually the incumbent telco(s) from which the ISP's customers had wireline telephone service).

      I'm not sure what happened to this, whether the settlement fees were done away with once the ILECs complained about not having done this themselves or whether the decline of dialup Internet access made it not worth doing.

      If the settlement fees are still in place, there's your motivation for why the phone companies don't see robocalls as a problem: every time one of those calls is answered, there is money in it for them.

  • (Score: 1) by anubi on Sunday August 07 2016, @08:26AM

    by anubi (2828) on Sunday August 07 2016, @08:26AM (#384918) Journal

    My phone plan from AT&T charges me something like $10/month plus $2 for any day the phone is actually used to originate or receive a call.

    I would love to have the plan amended so that if its a telemarketer calling, HE is billed the $2 if I do not press "*" to accept the charge.

    That way, I do not get dinged $2 for answering a robocall. As far as I am concerned, a business robocalling me has just robbed me of $2 if I show the courtesy of answering his call. When the recording industry appeared before Congress over what they considered theft of a song ( retailing at the time for about a buck ), Congress listened and acted.

    I am getting hit as well by uninvited calls, with approximately equal loss. But what will Congress do?

    Or, what would be practical for Congress to do about it?

    Personally, I have just about resigned that this problem, just like copyright infringement, is quite impractical to enforce, and the best thing is to simply sweep both under the rug and tolerate it. I feel my suing some telemarketer $180,000 for a deliberately placed phone call that got traced is just about as asinine as suing some kid $180,000 for a song. Only Congress seems to take this kind of hogwash seriously.

    The only thing I can come up with at the present is whitelist/greylist/blacklist technology, where anyone on the whitelist gets the phone to ring for them, the greylist gets the opportunity to leave a message, and the blacklist gets "this number is not in service" message. If the number calling is not on any of the lists, it is simply logged as a "missed call", with the caller-ID is correlated against databases maintained by several websites to ascertain if that number is known to be spewing phone spam.

    Personally, I feel the carriers should maintain the caller-ID system, allowing private PBX to assign Caller-ID knowing full good and well the carrier is going to prefix an asterisk to the code signifying the contents is not coming from a verified source. I believe most of us know that at the present, Caller-ID is quite spoof-able - and people can put any number and identifying information they want on your display - there is no requisite that the information displayed has even the slightest semblance to reality.

    When I do the statistics on my phone, I find over 95% of my incoming calls are phone spam.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
  • (Score: 2) by ah.clem on Sunday August 07 2016, @07:54PM

    by ah.clem (4241) on Sunday August 07 2016, @07:54PM (#385034)

    About 3 years ago, someone came up with a solution that worked by comparing incoming numbers to frequently used spammer numbers and shunting the calls off to a disconnect after one ring. It was a free service and I signed up for it and it works great. The problem is, I can't remember who developed it or what the website address was that I registered on. I can't imagine why I would un-enroll from the service, but I do think about it from time to time. Anyone here remember it? I'm about ready to drop the landline in any case, but the robo-calling bastards now have my mobile. I only answer calls I recognise and keep my voicemail full so there's no shit in there, either. I guess I'm just at that point in life where I just don't give a shit if I miss an important call. Buy a stamp and send me a note if you need to reach me.