The DOJ press release [1] mentions that a majority of these calls are coming from India. Does anyone know what the Indian government has done to try to fix the problem? I would assume enforcement should start there.
Why? The US has the prime responsibility for enforcing US laws. And the US also has plenty of control over the calls, because they have to go through US equipment before reaching the phone of a person residing in the US.
I mean if they even took the small step to ensure that these calls do not spoof the caller ID, and appear as coming from India, this would decrease a lot of the scams.
Trade deals and sanctions are carrot/stick. And in practice..
folks share intel all the time.
Digital crime has been increasing ~20% YoY for awhile now, matching the rise of e-commerce and weaponization, and is very much a global thing -- this stuff is why we have governments, the NSA exists, etc. (Our startup builds GPU graph viz analytics & automation often used for scalably mapping this kind of stuff, both for fraud+attacks, and the defender side is very much a team sport both at enterprise and gov levels.)
As I pointed out a couple of hours before your comment, there's certainly plenty of news articles about the Indian police arresting people for call center scams -- often in cooperation with international authorities -- search [india call center scam arrest]
I'm aware that they do. I'm suggesting that the answer to "why?" India might want to address the issue is because their own legal system also prohibits fraud, and is not simply a concession to foreign interests.
True and USA has a gazillion ways to force other states to crack down on stuff that hurts USA. Fraud is illegal, but in a way, this is hurting USA and bringing money to India (see Mexico and drugs)
Agree, also there are quite a number of robocall and voice bot scams that originate within the domestic US. FCC doesn't seem to have an interest in forcing carriers to do anything about this other than develop products in which they charge you for providing some layer of security which should have been there in the first place.
Indian justice system is a joke. Not sure what you could hope for there.
I don't see why this can't be fixed client-side? The vast majority of people don't need to receive calls from overseas, problem solved.
As a former shiftworker who was on call I begged my telco to only allow Australian numbers to my phone, they couldn't do it, despite trying to escalate the issue it was fruitless, all day while I was sleeping I would get phone calls from the Seychelles, Mexico, etc.
Short of MitM'ing all VoIP traffic, how could this be proactively enforced? It's far more practical to focus proactive enforcement where actual phone lines are used, which is exclusively in the U.S.
Scam call centers employ 1000s of people. You just need one of them to talk and collect evidence. The companies pay poorly and have high turnover, so they shouldn’t be hard to find.
That is not proactive enforcement. Also, it has been done before, and is clearly too slow - they may arrest one or two people, while the other thousands can easily relocate their laptops and headsets.
The most effective place to stop it is at the "border", and that is what DOJ is doing here.
The big telecoms get call traffic from a manageably small number of interconnect companies/organizations.
They probably can’t figure out the initial source, but they can figure out which interconnect it’s coming from.
They should call them at their 24/7 NOC and tell them to trace it back a later to trace back another layer to trace it back another layer. Or else they’re getting shutdown in 24hrs.
Same as AT&T would do if Cogent was sending them spoofed scam traffic.
The problem is that the telecoms get paid for these 4th string interconnects by the minute.
How do you enforce that with how disposable DIDs are?
It is trivially easy to acquire a block of numbers from any number of sources with easily falsifiable information, connect them to a SIP application to robocall/robotext victims using easily falsifiable CID data and disappear just as trivially.
Programmatic voice via SIP trunking only makes this worse-not critiquing services like Twilio, Plivo or Telnyx, just highlighting one of the unfortunate risks the technology available to us enables.
CID enforcement is a grand idea but I have no clue how you'd actually accomplish it.
How about the number? If I'm making a SIP call on, say, Alianza, shouldn't what I present as my number for Caller ID match what Alianza thinks my number to receive calls is? Or, if I'm a large organization, shouldn't it at least be one of the numbers registered to my organization?
I may be able to spoof the name. The number? Not so much.
You also send your number as part of the invite. Responsible VoIP providers limit this to numbers you own, but it's totally possible to send calls using a number you don't own. There are CNAM databases but not all carriers make use of them and they aren't a source of truth. How would your solution deal with numbers which go back into a carriers pool? How would your solution deal with newly claimed numbers? How do you verify the numbers on file for an organization?
I was thinking along these lines: It may be possible to send calls using a number I don't own. It should not be possible to send calls using a number that the VoIP provider doesn't own. If I'm sending a VoIP call to someone's cell phone, and I'm saying that I'm a cell phone in the same block of numbers as the destination phone, a responsible VoIP provider should block that, even if they don't restrict me only to my number.
But we both used the word "responsible". I think that's the problem - there are some irresponsible VoIP providers. Maybe even deliberately irresponsible. For obvious reasons, they attract the spammers and scammers. And that brings us back to this lawsuit as a reasonable response to that kind of irresponsible behavior.
[1] https://www.justice.gov/opa/pr/department-justice-files-acti...