Adrian Abramovich, attorneys general, Call Blocking Order, caller ID spoofing, FCC, Information Security, Law & order, robocalls, SHAKEN, Spoofing, STIR, Top News

35 state attorney generals tell FCC to pull the plug on robocalls

A bipartisan group of 35 state attorneys general are tearing their hair out over robocallers. They’re telling the Federal Communications Commission (FCC) to implement technology that will identify illegally spoofed calls and authenticate legitimate ones, the sooner the better.

In a letter sent to the FCC on Tuesday, the AGs submitted comments in response to a public notice issued by the Consumer and Governmental Affairs Bureau seeking to refresh the record on how the FCC can further empower service providers to block illegal calls.

The AGs said that the situation is beyond what law enforcement can handle on its own. The states’ respective consumer protection offices are receiving and responding to tens of thousands of consumer complaints every year from people getting plagued by robocalls.

More often than not, such calls travel through “a maze of smaller providers,” the AGs said. If the caller can be found at all, they’re usually located overseas, making enforcement difficult. That’s why investigations and enforcement actions can’t serve as the sole solution, they said.

Last year, the FCC released the 2017 Call Blocking Order, which included rules allowing providers to block spoofed calls – as in, calls that pretend to come from consumers’ phones or, even more sneaky, from neighbors’ phones, with area codes that mirror their targets’ area codes. The order allowed providers to block calls from numbers on do-not-originate lists and from numbers that are invalid, unallocated, or unused.

967 robocalls per second

But despite the Call Blocking Order, the robocall problem is only getting worse. The AGs referenced a report from last year that found that American landline and wireless subscribers received an estimated 30.5 billion illegal robocalls, up from a 2016 estimate of 29.3 billion illegal robocalls.

As it is, last year’s average pester-people rate translated into 967 calls placed every second, adding up to well over 100 robocalls for every adult in the US during 2017. As if that’s not enough to put people off ever answering the phone, by the end of this year, the industry is anticipating a 33% increase.

Uninterrupted homework time for the kids? Tranquil dinner? A peaceful night’s sleep?

Hahahahahahahahahaaaaa! Kiss that goodbye!

But these calls aren’t just illegal and aggravating. They’re also dangerous. Reports indicate that out of the 4 billion illegal robocalls made just this past August, 1.8 billion were associated with a scam. By next year, half of all mobile calls will be scams, according to analysis by global communications platform First Orion.

A huge part of the problem is that it’s cheap and easy, the AGs said:

Virtually anyone can send millions of illegal robocalls and frustrate law enforcement with just a computer, inexpensive software (i.e., auto-dialer and spoofing programs), and an internet connection.

That’s backed up by the testimony of the “robocaller king” himself, Adrian Abramovich. In May, the FCC fined Abramovich $120 million for the nearly 97 million spoofed calls his marketing companies made to sell vacations at resorts that, surprise surprise, turned out to be so not the Marriott, Expedia, Hilton and TripAdvisor vacations initially mentioned.

In April, the Senate Commerce, Science & Transportation Committee subpoenaed Abramovich to explain exactly how easy it is to download automated phone-calling technology, spoof numbers to make it look like calls are coming from a local neighbor, and robo-drag millions of hapless consumers away from what should be their robot-free dinners.

His answer: pretty darn easy. He told senators:

There is available open source software, totally customizable to your needs, that can be misused by someone to make thousands of automated calls with the click of a button.

What do they want the FCC to do about it?

There are two protocols the AGs want to see the FCC adopt: the STIR (Secure Telephone Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs) protocols. Those are frameworks that service providers can use to authenticate legitimate calls and identify illegally spoofed calls.

There has, actually, been progress on this front.

Last month, the Alliance for Telecommunications Industry Solutions (ATIS) announced the launch of the Secure Telephone Identity Governance Authority (STI-GA), designed to ensure the integrity of the STIR/SHAKEN protocols. That move paved the way for the remaining protocols to be established, and it looks like STIR/SHAKEN is going to be up and running with some carriers next year.

The FCC hasn’t issued a notice of proposed rulemaking concerning additional provider-initiated call blocking, but the AGs anticipate that there will be requests for more comments on the subject.


Source : Naked Security

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend