Now we need to go after the robocall spammers. They waste so much time of so many people -- worse that email spammers. I swear they are doing +1B of spam calls per month in North America.
Many robocall spammers are located abroad. They use VoIP endpoints to connect with US phone numbers for pennies on the dollar (relative to international calling prices).
But that's not even the biggest problem, the biggest problem is that it is trivial to spoof caller IDs in the US, and many of those operators do just that.
So tracking down who actually called can be tricky, then even if you could you still need to either get them extradited for robocalls (which isn't happening) or get them prosecuted abroad for breaking US law (which, again, isn't happening).
I personally feel like it can be solved however it has to be solved like this:
- Eliminated caller ID spoofing through technical means.
- Once caller ID is accurate, you can both have apps/databases with known bad callers or callers from VoIP providers, and or you could fine the VoIP providers facilitating this type of activity in the US (i.e. give them a motivation to stop abusive behaviour on their services).
I mean heck, if a VoIP limited each account to just ten calls per minute, it would massively decrease the volume of robocalls overnight. But none do because they have a financial motivation to keep allowing these companies to operate on their services and zero motivation to stop them (since it is almost untraceable anyway).
Isn't this what the FCC is for? Can't they require providers to update their standards for the public?
It would be interesting if they could implement a system where you could dial (555-555-5555) or something after receiving a robocall, which would log your last received call as being fraudulent and flag it for providers to shadow ban it. Would that work for spoofing caller ID?
>For the second year in a row, the FTC traveled to DEF CON
Bloody hell, for some reason this sentence just fills me with glee. I'm not even American, but it's so good to see government agencies get involved like this.
That's a great suggest, I would love to see this. That's how it should work. Just like the flag button on this website. If enough people "flag" a number then it gets effectively disabled.
As you say, it would have to happen at the FCC level as individual telephone networks don't actually know for real where a call originated from.
Wouldn't that be subject to caller ID spoofing? For example we get calls from randomly generated local area code numbers (according to caller ID) but they actually originate out of state.
1) You can't eliminate Caller ID spoofing without overhauling the whole phone network, which won't happen until carriers are forced to do so by regulatory forces. A strong narrative here is the relative security guarantees of IPsec vs SS7.
2) Caller ID accuracy is a database federation problem and is not likely to be fixed without regulatory reform of data disbursement practices. Lockheed Martin Information Systems (Now called Neustar) is the central repository for all Caller ID records but many providers keep their own Caller ID databases to avoid paying the Neustar "dip" fees.
The way robocalling works is with outbound voice detection. You light up X circuits and only route the call to your harassment agent when a human voice is detected. It's trivially simple to detect these guys, and the way many voip providers deal with this is to charge a lot for the first minute of a call.
Very true and indeed is costing American nationals time and money and that is key toa countries security. Also good PR for the NSA and for them would and should be a walk in the park and one in which would look good on the books.
But can only hope, though I'd call it a no-brainer for the NSA and nobody is going to argue about it falling under there remit.
Maybe we should call spammers financial-terrorists or time-terrorists or communication-terrorists, then maybe, just maybe things would get done.
No doubt the NSA would get involved if the robocallers started selling e.g. nuclear materials or certain herbal extracts, but they would still deny any role to avoid revealing sources and methods.
Alternatively, just get rid of the phone system entirely. Transitional points are starting to exist, and if we can do more things that interop without involving telecoms and are decentralized, you can have a situation a lot like what email /should/ be (with better identity management and less 60's holdover support).
I truly believe eventually cell phones will just be a data communications tool and "voice" will be done through these kinds of standards rather than phone numbers and ridiculous bureaucracy surrounding them, not to mention the quality of such communications will be fantastic comparatively.
Why not just target the businesses that the spam is promoting? It seems that with enough spam complaints on file, an investigator could subpoena records to see where a business is paying for robospammers.
Why not just target the businesses that the spam is promoting?
Many times they are boiler rooms and are after CC #'s. Sometimes, though, they are for real, local businesses. A carpet cleaning business in my area used a robot call service and I played along to get the name of the business. I then hung up and called them, and asked to speak to the owner. After a while I got him. I gave him a piece of my mind, politely, and told him I would never, ever hire him and I would tell everyone I know the same.
You know what? He didn't give a shit, and was pretty surprised at my call. That means that people don't do what I did and there's little downside for what he did (hiring scumbags).
I heard that many of the boiler room operations are based in Pakistan, especially those for carpet cleaning or duct cleaning where there are actually people on the call rather than recordings.
Usually it's a staged thing. Robocall -> level 2 operator -> boiler room.
The level 2 people appear very, very bored and are unfazed by you yelling or swearing. They just immediately hang up when they feel you are not a mark.
The boiler room guys are slick as fuck. I once kept one of them on the phone for 10-15 minutes, playing dumb (I told him I was looking for my CC statement). When I hung up, my phone rang immediately. I told him to fuck off and take me off his list. He said "you'll regret this" and hung up. My phone rang immediately and the person at the other end was just yelling. It was someone like me that was redirected to my phone #. I unplugged my phone for 30 minutes.
I googled for the phrases they used ("credit card services") and found a law suit in Texas from the early 2000's. The company was shutdown and fined. There was a lawyer's name on the press release. I called information, found him, dialed the number. He answered. I introduced myself and told him briefly what had happened and he was pretty interested. He lectured me, though, to not get involved. He said they were pretty nasty people. He recommended I call AT&T (my provider at the time) and file a complaint. I started the process, but AT&T made the process so fucking horrible that I abandoned it after putting in an hour or two over a few days. Useless.
My tip for getting under their skin: sincerely try to persuade them that they deserve a better job than the shitty, exploitative thing they're going. They are prepared for yelling, but not so prepared for compassion and honesty.
I've also had some luck opening with, "Does your family know that you lie to people for money?" That can be a good lead-in to suggesting they do something actually worthwhile.
In high school I was prodded to get a job, so I looked in the paper, applied for a bunch of things, and eventually got one. It was a company that did telephone fundraising for charities, which at 17 seemed ok by me.
Very gradually I learned that it was run by scoundrels, and that only about 15% of the money raised actually made it to the charity in question. The work was awful, but I stuck with it because that's what you do with jobs. It was the realization that I was basically helping scam artists take money from big-hearted, too-trusting people that got me to quit.
Conscience isn't some fixed thing; it's a skill you learn, a habit of ongoing evaluation. If I can wake just one of these people up so that they, like me, go and get a job that isn't net harmful to society, I'll consider my time well spent.
My tip for getting under their skin: sincerely try to persuade them that they deserve a better job than the shitty, exploitative thing they're going. They are prepared for yelling, but not so prepared for compassion and honesty.
They'll just hang up as soon as they know you aren't a mark. I've tried everything, with these folks.
My goal isn't strictly to help them; my goal is to get them to stop being paid by criminals to waste everybody's time (and possibly steal their money).
There's always a legitimate need for lots of calls. For instance political dialer is allowed. Anyways, the answer is to put liability onto the carriers handling this traffic, and let the fine trickle down. I guarantee you that even with a token fine of 5 or 10 grand, all traffic resellers, from large wholesale to retail would suddenly find ways of vetting customers. They'd either hold bonds or require credit.
Sure, scammers would move to hacking pbxes to place calls. But with strong liability, resellers would find ways to limit the damage a single account could do, like you suggest.
Also there isn't any real good way to limit caller ID "spoofing". The level of interconnects makes it as hard or worse than IP spoofing. And it's already an offense to spoof ID for scamming, at $10k a pop. But no one follows up and pushes the issue.
Indeed, why? I say we start there and then keep going. I'd be perfectly willing to go as far as banning all paid advertising. Surely humanity could find something useful to do with the trillion or so we spend on advertising, PR, and related manipulation. But let's start small and see how it goes.
I think I remember a comedy video where somebody went door to door speaking and messaging in the manner of online advertisements. Probably also perfectly legal (despite any "No Solicitors" signs on front doors) and something that would only be part of a completely horrible world.
In China, Xiaomi phone users have a "report spam" button, and if X number of people report that phone number as a spammer, calls from that number get blocked on all other Xiaomi phones. (I think X = 5, but I'm not sure.)
I really wished we had something like that here. One of the only times I'm jealous of my mom's phone.
Thise spam buttons are a lot more complicated on the back end and they're still a pain for legitimate mailers, which requires google set up and maintain a "feedback loop" program for email providers
Apparently there were 214,000 people who complained about robo callers to the FCC last year. If you think about how obscure that reporting process is and extrapolate to the real number, you're probably not that far from the truth.
I've complained and was appalled at how obtuse the process is. (E.g. the FCC requires that you include hyphens in phone numbers, the Do-not-call list won't allow numbers with hyphens.)
I've thought of making an app to automate the process. It would remember all form's entries for you (name, address, etc) and fill in the current time and date. You'd just have to copy the phone number.
And then they thank you for reporting, tell you that they cannot handle individual complaints, and close the case. If they fixed the problem they could handle more difficult cases.
I get one or more a day but then again I have a business line with a Google listing. I started to use the whitepages caller Id all to block known slammers - it is pretty good.
I have been getting some bullshit robocalls constantly recently, some recording about Google+ blah blah blah. I just hang up and block the number.
I swear 90% of my phone & snail mail spam comes from the fact that I used my real name & address (PO Box) for domain names I've registered (as required by ICANN). I mean I doubt ICANN can enforce that but it'd be a dumb way to lose my domains so I used real info.
> In 2001 he was linked to a website, passthison.com, which utilized multiple-window launching to snag Web viewers, an advertising practice rarely seen outside of the online pornography industry.
It's funny how 2001 bad spyware practices used only on porn sites have been utilized by mainstream media sites via iOS/Android browser redirects in 2015.
I remember a long time ago regularly browsing a porn webmaster forum for ideas to use in regular sites. The porn sites were generally at the forefront of a lot of things, obviously not all questionable.
Well, porn sites figured out it was bad for business. The demographic targeted for these spam messages easily falls for the same tricks, but aren't getting any services in exchange; only a faceless company.
Credit card farmers don't really care about repeat business, same goes for the brain pill trial guys that people for some reason give their CC info willingly. If someone catches on, you just bring up another llc, rinse, and repeat.
No, we got popup blocking built into browsers about a decade ago. Similarly, intrusive advertising is driving flashblocking and indeed total ad-blocking.
(Currenltly struggling with the fact that Plume for Android is nice to use - except when ads bounce you out of the app without being clicked on, sometimes over and over again)
It's not exactly true for the article to say the technique was "rarely seen outside of the online pornography industry" when it was popularised by Geocities at a time when they were in the top 5 web properties...
> As of October 2003, Wallace was working as a DJ in New Hampshire, making weekly appearances at area nightclubs. Wallace performs under the name DJ MasterWeb.
Spam King by day, club DJ by night. With a cringey name, to boot.
Spamford Wallace! A blast from the past. I remember the epic Slashdot articles following the story of the vigilantes that hunted him down. He was easily one of the most-hated villains of the late 1990s Internet.
Facebook's usually really good about fighting spammers and multiple accounts from what I've seen. Early community was facebook was filled with spammers but it's much harder to find spam accounts nowadays. Basically every account I encounter is real....I wonder what crazy thing he had to do to get 500k spam accounts
The technical term is not "made", but something more like "stole". If you put $1 in your pocket while wasting $10 (or, more likely, $100 or $1000) of other people's time, then you're not a productive citizen, you're a parasite.
Yeah, that bit of information is more interesting. Did he get the access illegally? Why was that not a crime, but sending the messages was? Something is off here.
Him getting access was the fraud part of the charges. The spamming was covered under the contempt part, because he was under court orders to not use facebook due to prior spamming.
Holy crap, it's Spamford. I totally lost track of him for years, but this is his one-trick pony. He knows nothing else besides how to send spam, and will do it no matter what he has to break into to do it. Very obsessed.
Wait, so what was the actual crime? Violating a court order forbidding any access to Facebook? Was he charged under CANSPAM? Or CFAA (was he phishing real accounts?)
I'm confused how this turned into a criminal case.
In the late 1990s, his company, Cyber Promotions, aka Cyberpromo, was widely blacklisted as a source of unsolicited email. Wallace's high-profile pro-spam stance and unrepentant persistence earned him the derisive nickname 'Spamford'.
Prior to his email spam ventures, Wallace had gained notoriety in other questionable marketing circles, as a heavy utilizer of junk fax marketing, a practice outlawed in the United States since 1991.[2]
In 1995, Wallace formed Cyber Promotions, entering the spam market. Thanks to a self-marketing campaign, Cyberpromo rapidly became the most successful seller of email marketing—as well as the number one source of unsolicited email. After Cyberpromo failed to become a legitimate business, Wallace returned to junk faxing in late 1997.[2]
I read previously that he is charged criminally for hacking the 100,000-500,000 accounts. They were real accounts which belonged to real people and he may have phished them.
