D J Shinreader comments 27
Share this story
New data shows that the majority of robot-enabled scam phone calls came from fewer than 40 call centers, a finding that offers hope the growing menace of robocalls can be stopped.
The calls use computers and the Internet to dial thousands of phone numbers every minute and promote fraudulent schemes that promise to lower credit card interest rates, offer loans, and sell home security products, to name just a few of the scams. Over the past decade, robocall complaints have mushroomed, with the Federal Trade Commission often receiving hundreds of thousands of complaints each month.
In 2013, the consumer watchdog agency awarded $50,000 to three groups who devised blocking systems that had the potential to help end the scourge.
Three years later, however, the robocall problem seems as intractable as ever.
On Thursday at the Black Hat security conference in Las Vegas, a researcher said that slightly more than half of more than 1 million robocalls tracked were sent by just 38 telephony infrastructures.
The relatively small number of actors offers hope that the phenomenon can be rooted out, by either automatically blocking the call centers or finding ways for law enforcement groups to identify and prosecute the operators.
“We know that the majority of robocalls only come from 38 different infrastructures,” Aude Marzuoli, research scientist at a company called Pindrop Labs, told Ars. “It’s not as if there are thousands of people out there doing this.
If you can catch this small number of bad actors we can” stop the problem.”
Pindrop researchers reached the conclusion by creating a security honeypot of phone numbers that received more than 1 million robocalls.
The researchers transcribed about 10 percent of the calls and analyzed the semantics with machine-learning techniques to isolate identical scams.
The researchers combined those results with analysis that tracked 150 different audio features of each call.
By studying the codecs, packet loss, spectrum, and frequency inside the audio and combining the results with the machine learning, the researchers were able to obtain a fingerprint of each different call center.
Pindrop has been using such techniques to help phone centers operated by banks and other businesses identify fraudulent calls in real time.
The unique audio features transmitted in a call to a credit card company, for instance, can allow a call center employee to know that the person on the other end is located overseas, and not in the US as claimed by the scammer.
A library of known bad actors can also help call centers block them in real time.
Now, the same techniques are being used to help identify the people and infrastructure responsible for robocalls.
The more than 1 million calls received by the honeypot came from about 200,000 different phone numbers.
The phoneprinting analysis also showed that just 38 call centers placed 51 percent of the calls.
Marzuoli said researchers are still devising methods for determining the location and other characteristics that could identify exactly who is placing the calls. Once that happens, law enforcement agencies might be able to shut them down.
In the meantime, large organizations can use the phoneprinting to flag fraudulent calls in real time.
Given the almost unlimited number of phone numbers at the scammers’ disposal, the technique is more effective than number blacklisting.
People who receive robocalls should hang up without saying anything, or if possible, not answer calls from unrecognized numbers at all.
FTC officials have also requested people report robocallers.
D J Shinreader comments 27