Robocalling Scourge May Not Be Unstoppable After All

Dan Goodin, writing for Ars Technica: New data shows that the majority of robot-enabled scam phone calls came from fewer than 40 call centers, a finding that offers hope the growing menace of robocalls can be stopped. The calls use computers and the Internet to dial thousands of phone numbers every minute and promote fraudulent schemes that promise to lower credit card interest rates, offer loans, and sell home security products, to name just a few of the scams. Over the past decade, robocall complaints have mushroomed, with the Federal Trade Commission often receiving hundreds of thousands of complaints each month. In 2013, the consumer watchdog agency awarded $50,000 to three groups who devised blocking systems that had the potential to help end the scourge. Three years later, however, the robocall problem seems as intractable as ever. On Thursday at the Black Hat security conference in Las Vegas, a researcher said that slightly more than half of more than 1 million robocalls tracked were sent by just 38 telephony infrastructures. The relatively small number of actors offers hope that the phenomenon can be rooted out, by either automatically blocking the call centers or finding ways for law enforcement groups to identify and prosecute the operators. "We know that the majority of robocalls only come from 38 different infrastructures," Aude Marzuoli, research scientist at a company called Pindrop Labs, told Ars. "It's not as if there are thousands of people out there doing this. If you can catch this small number of bad actors we can" stop the problem."

Re:Would love to see something done

[Jason+Levine]

Our main "Home Phone Number" is a Google Voice line. One of the nice features they have is "spam filtering" for phone calls. If a person calls us and it's a robocall/scammer, we can block the number. Then, when they call again, they get a "this number has been disconnected" message. If enough people do this, calls from that number automatically are blocked. Often, Google Voice will alert us that we missed a call when our phones didn't ring. When we look into the number, it's invariably a scammer trying to get through.

Re:Would love to see something done

[Scoth]

It comes and goes in cycles. For awhile I was getting several a day from the same company shilling security systems. I finally got them to stop when I worked my way through their system getting farther and farther along each call until I managed to get a tech dispatched to an abandoned house not far from me. They stopped calling at that point.

Depending on what I was doing at the time, I also enjoyed just letting them ramble on for awhile about their spiel, then give them an address in Canada or Australia or something. Really pissed them off.

Nowadays they're almost all initially handled by an automated speech thing (albeit some are scary good) so it's harder to have fun with them.

Re:Of course it's not unstoppable

[SuseLover]

Sure, they use caller ID spoofing so that we, the recipients, can't block the number, but you know who knows exactly who the spammers are? The phone company, for two reasons: first, they're routing the calls from end to end, so they know the real source rather than the spoofed one. Second, and more importantly, they're billing them for the calls. They're not sending out bills for thousands of calls to the spoofed IDs, but the real ones. And while individually, those calls are cheap, the tens of thousands a day add up and the phone company makes a lot of money from the spammers, all while telling the FCC and consumers that their hands are tied.

Freeze their assets until they release the billing information to the state AGs. That'll untie their hands really quick.

No, not really. Many of these outfits are using VOIP telephony so it's much harder to track the origins of the calls if it's possible at all.

Re:Of course it's not unstoppable

No. They're not "routing the calls from end to end".

They get a call from a 3rd party, the call has ID in it, but they only deal with that 3rd party they don't know or care who actually has the phone initiating the call. The rules for how that works are set by the International Telecommunication Union or ITU which governs how telephone networks connect between countries.

Like the Universal Postal Union, and like the IANA, this can only work if everybody agrees. But if you don't agree, you have to be cut off completely. If people start making up their own rules the network fragments and everybody loses.

So, what happens out on the Internet so we don't get spoofed? Well, two things

1. In theory we refuse sources that shouldn't be possible. If a Comcast system in Texas claims to be Zimbabwe, that's probably bullshit, let's ignore it. But in practice a mixture of incompetence and malice means this doesn't work very well so

2. We don't trust the alleged "source" of anything without proof. That's why you're visiting Slashdot over HTTPS right now, if you use HTTP you will get spoofed, and everybody knows that, so we stopped using protocols that can't defend themselves.