Hacker News new | past | comments | ask | show | jobs | submit login
RCMP arrest 'money mules' tied to scam calls from India (cbc.ca)
140 points by the_unknown on Feb 15, 2020 | hide | past | favorite | 61 comments



Thanks you CBC Marketplace for getting the RCMP to finally do something.

Marketplace has been exposing these scam companies for years. They even traced their location in India multiple times.

Canada needs to secure our telephone systems. It is way too easy for a scammer to get a Canadian VOIP number or to spoof phone numbers. Scam calls lately are have been spoofing my number to call me.


CBC is Canada's publicly funded TV and radio news - https://en.wikipedia.org/wiki/Canadian_Broadcasting_Corporat...


How about putting a small tariff on every phone call originating from countries that do not shut down these fraudulent call centers? The tariff perhaps could be as small as 2 or 10 cents per call to make these operations unprofitable. I'm sure that the telecom operators in the foreign country could easily track down (or already know precisely where to find) the call centers. Once the fraud falls below a threshold the tariff can be removed.

Punitive tariffs, quotas, bans get applied to every kind of product -- counterfeits, contaminated foods, polluting vehicles. I never heard any government agency suggest applying it to countries that are the overwhelming source of scam calls.


It may be a surprise to the HN "incentives are the only way to do anything" crowd, but there simply is not an incentive structure that will fix this problem, because nobody knows where the calls are coming from. Not the US, not the telcos, not the countries the calls are coming from, nobody. You can place the tariff on countries, and then the countries just have to accept the tariff because there's not a damn thing they can do about it as long as scammers can spoof phone numbers.

The converse of this is that it's pretty ridiculous to assume that countries have scammers in them because they're just tolerating them.

Sure, we could rush out a technical solution, but then it would run the risk of being broken rather quickly, and further it's important to not compromise the reliability of the phone system. Too many critical services rely on it. It's worth taking the time to do it right.

Last I heard, the FCC was in talks with telcos to finalize a solution, but I would expect it to take at least another year to implement and deploy it.

Until then, I guess we'll all have to deal with annoying scammers and comments by people who don't understand why spoofing makes their pet incentive idea irrelevant.


It’s not right, that a sensible comment like yours is being downvoted. Spoofing is real, and not easy to track down depending on the resources you have at your disposal. And Indian law enforcement is certainly behind the western world in that regard.

Besides, it’s not like these scammers are paying taxes to the Indian government, so they don’t have any national incentive to facilitate scammers. Tax compliance in countries like India, outside the first world, is very poor. Though the article mentions that Indian authorities are cooperating with Canadian officials, it needs to be understood that this cooperation isn’t based on any incentive structure, other than civilised societies need to crack down on crime. Crime in Canada is a low priority for Indian officials, just like I’m sure it’s the other way around.

Finally, Canada doesn’t even feature in the top 15-20 trading partners for India, last time I checked, so I don’t know what punitive incentive can be hoped for here. If you need a solution, it would be more productive to approach from a more pragmatic, cooperative point of view, rather than being all high and mighty and taking a carpet bombing style approach that affects legitimate business as well. Or, you could do that but it wouldn’t even matter.

Edit: I’d like to add that every day there is news about people, here in India also losing their life savings to these scammers. So it would be wrong to have an impression that authorities and citizens of this country take pleasure in people from richer countries being scammed. I’ve old, not so tech savvy parents myself, who I realise are pretty vulnerable to this evil.


> Spoofing is real, and not easy to track down depending on the resources you have at your disposal

Mmm, but some Canadian or American legal entity is bridging these onto the phone network, and needs to be doing its due diligence better.


The problem is that the way the phone system is currently set up, it is not possible to do this due diligence. That is what's being worked on.


This is mostly true, but it would be worked on a lot harder if the companies involved had a financial incentive to work on it. Currently the scammers pay their bills and the incentives work the other way - it's best for them to say they are working on it but drag their feet.


You think "people are switching away from using the traditional phone system entirely" isn't enough incentive? And how, exactly, does an Indian scammer paying a bill to an Indian telco incentivize US telcos to drag their feet? You can blame the Indian telcos, but they also don't have incentives to tolerate scammers--their business would benefit a lot more if calls from Indian numbers weren't automatically assumed to be scams.

While you don't understand the problem, you can't possibly have anything of value to say about the solution.

There may well be perverse incentives causing certain entities to tolerate scammers, but we shouldn't pretend we know what those perverse incentives are when we can't even trace the calls. On the other hand, it is much more likely that once the spoofing problem is solved, the incentives are all already in place and the vast majority of scam calls will be solved.

If a rational person only knows how to use a hammer, they pause when they come across a problem that isn't a nail. But when the HN crowd comes across a problem that isn't immediately solved by incentives, they argue that the people who actually are qualified to solve the problem with other tools, should be using incentives!


Exactly why STIR/SHAKEN is currently being deployed. That's the issue with widespread legacy systems, you can't pull it out and rebuild from scratch without causing a major disruption.


Is that entity not a common carrier?


> nobody knows where the calls are coming from

So is the US telco terminating these calls free of charge?

It seems unlikely you can spoof payments and telcos turn a blind eye to it...


What part of "they don't know where the calls are coming from" don't you understand? Are they supposed to just close down customers at random hoping they close down a scammer by accident?

Do you really think you're smarter than everyone at the FCC, since you apparently think nobody at the FCC thought of this?


I'm not in the telco space, but I've seen some signs that the telcos are changing protocols to solve the spoofing problem.


Indian law enforcement officials do take action against those who are complicit in scams similar to this. E.g., see here: https://globalnews.ca/news/6182793/india-call-centre-scam-ar...

> In a press release issued Sunday, Delhi police said they had arrested 32 “white-collar criminals” and seized 55 computers along with dozens of cellphones, internet routers and “illegal software” being used in what they described as a “swanky international cheating scam call centre targeting Canada citizens.”

> All of those arrested are residents of India and between the ages of 18 and 38, according to the statement.

> The Delhi police alleged the scheme has been targeting Canadian citizens by claiming their social insurance numbers had been compromised.

Here's another: https://economictimes.indiatimes.com/news/politics-and-natio...

> LONDON: British Police service on Monday said it had shut down two sophisticated criminal call centres in Kolkata, instrumental in defrauding thousands of victims in the UK alone, with the cooperation of Indian police.

> The call centres were raided by 50 officers from the Cyber Division of Kolkata Police last week as part of a worldwide four-year operation conducted by the UK police and Microsoft.


My understand use these call centers use VoIP providers in the country though. The traffic crossing the border is likely just an encrypted stream, indistinguishable from some VPN or other generic service.

The VoIP providers are getting paid (by the scammers), your cell/phone company is getting paid twice (by both you and the VoIP provider). It's not like customers are switching to the other spam-less phone option, or giving up having voice service entirely.

I hate to be cynical about it, but literally all the players in a position to track and shut these calls down via technical means have absolutely no tangible incentives to do so.


This. Exactly this. Some company in the US does the VoIP->POTS connection. Someone's name and CC is on their file.

Saying "oh there's no way to know where the calls come from" is just lame excuses. CallerId spoofing is one thing, but POTS has other systems.


Why not put the onus on the last mile?

If you get spam calls, your carrier is liable unless they can point to the source of the disruption. If they can't point to where they got it from, they are liable, and so on. If they can identify them but they're unwilling to pay out, their link to you is still liable.

Eventually, the buck has to stop somewhere.


+1

If you facilitated criminal to directly connect with me - you’re liable.

Telcos should be liable for “call laundering” similar as banks as for money laundering.

If you don’t know identity of person calling me - you’re responsible for damages.

Problem solved.


Please point me to the technical solution that I am avoiding.


The phone system seems pretty absurd. Just the fact that we can't trust originating phone numbers seems odd. There's lots of good ideas to go around, and there's so much in internet technology that could be applied to the phone system, but I'd love to read an article on why its hard to update the phone system.


There are many reasons:

-You forward your office phone to your cell phone. You want the number of the original person calling to show up on your cell phone. This means that the office phone system needs to spoof the original caller's phone number. This could be a local call, an overseas call, etc.

This is not a simple update issue. How does the telco know that this is a legitimate spoof? Further, if this is blocked and the number is rewritten to the billing telephone number, the client will complain that they are answering outside calls, thinking it is their office calling.

-How the carriers are integrated, how do they trust the incoming call info from another carrier? Blacklists and whitelists are impossible to keep up as scammers are randomizing the data.

This is an expensive problem, and one that carriers would love to solve - there isn't a lack of incentive either. I've seen a few solutions out there, but I am not convinced they work as advertised.


If I want to call someone using a different caller ID through twilio, twilio makes me verify ownership of that number.

But of course, then twilio is only doing this to keep scammers off their own platform. Since the telcos don't validate anything, there are plenty of less scrupulous providers that don't validate anything.

So all the telcos need to do is require anyone providing access to their networks to validate their caller ID numbers.


Hahaha So true.

I actually deal with (part of) this problem from the other side: I maintain text messaging for the biggest company in our sector.

Within the last few months, we've been running into issues where our phone numbers are actually being stolen by these third parties.

Service providers are SUPPOSED to receive letters of authorization before porting a number. I.e. if I want to use my phone number on Twilio, I need to provide a letter showing ownership of the number (or blocks of numbers) I wish to provision on their platform.

Twilio, BTW, is one of the good guys on this. But FWIW, if the number's already provisioned they can't really tell you when a number's been hijacked, you won't know till you try to use it and Twilio's API gives errors.

Anyway... big takeaway is our numbers keep winding up 'stolen' by another provider (not Twilio). Every time we email them, they release the numbers back to us, but asking for LOAs to see how this happened gets crickets. Oh and this process leaves the numbers unusable for 1-3 business days.


Take the difficulties of IPv6 migration and remove the ticking clock of running out of IPv4 addresses. How long would the migration take? 10 years? 10000 years? I bet it would be closer to the latter than the former.


And add in the fact that Nortel made a ton of the currently deployed phone switch gear, and they haven’t existed for almost 20 years now.


The businesses were purchased by Avaya (enterprise) and Genband (carrier). There are support and upgrade paths available. This fact also has nothing to do with the problem.


The internet has been slowly getting better but remember that in general we can’t trust the ”from” field of an email message either. No need to even spoof it as it’s literally whatever the sender wants to put there, by design.


Things coming over lines no longer have a country. How do you determine which call are international? All of them are local and operated by foreign call center over the internet. They can easily acquire a VPN and the internet traffic will be local as well. How do you even track all that internet traffic? Are you prepared to give all your secret to government to track these things?


If connection between two nodes in the network is possible to establish, tracking it down is possible as well - giving the willing intermediaries. The fines or tariffs structure may help ensure they will be willing.

It is the same problem as with finance transactions wrt money laundering really, which is a solved problem. The only cover bad actors have is finding a sovereign state willing to cooperate.


> How about putting a small tariff on every phone call originating from countries that do not shut down these fraudulent call centers?

The calls are coming from Canada. These guys are buying Voip and dialing over the net.


With VOIP location is pretty much irrelevant. Unless the scam is getting people to call premium numbers this is much harder than you think.


Most unsollicited phone calls I receive are not from another country.


I get 2-3 calls like these every week. It's getting really bad.


Its doubly frustrating for me because I'm on a kidney transplant list and there is a small change I might get a call out of the blue even thought there is still some wait time. So I end up answering the phone most of the time...


Pick up the phone and stay silent until they speak. It should also help reduce incidence of scam calls.


what a nightmare. My very best to you and yours.


I bought a secondary phone (for the house, kids), and within 10 minutes of activating it ... spam calls.

For more than a year wife had calls from both the IRS and FBI, and some unknown lawsuit threatening to come after her.

We must be really good at hiding because the FBI never found us and just gave up calling!


Until about a month ago, I used to get 2-3 a day on my work phone. I gave up answering, and there's about 200 voicemails in there in a language I don't speak.


3 a day? Last week I got six in the span of 93 MINUTES.

They all matched the area code and prefix of my number but the last four were always different. Block one another calls 12 minutes later.

I’ve had this number for 13 years, have ported it across carriers and it’s long been known by friends and family as the default way to find me. This problem was a mild nuisance years ago. It’s a plague now.

It may be time to finally give it up.


I block just about every number from the area code my phone number is in. I haven’t lived there in that area for a long time and 100% of the calls were spam. One day the spammers will wise up and use the area code where I live rather than where my phone is based but so far Number Shield has worked out great for blocking entire prefixes.


Number Shield looks brilliant! I get a lot of spam calls from my area code and three number prefix. I don’t have any legitimate contacts with a phone number like that, so blocking the whole range looks like a good solution.

However, I don’t expect any urgent calls from anyone outside of my contacts so I was able to fix the problem by enabling iOS’s Silence Unknown Callers feature.


I was getting two calls every day from a number without any name. Every single day morning and evening even on weekends.

After months I answered and it was obviously a call center but it was from my bank. I'm in Canada and TD spammed me with phone calls for months every day just to ask if I wanted a travel credit card.

Even supposedly legitimate calls can be annoying and stupid.


I use Hiya, with "Scam and fraud calls" set to "Block (send to voicemail)" in Call Settings. It's very effective in my experience: it's rare that a scammer makes it through, and I haven't noticed any false positives.


Are they a real person? For me I've only had an automated voice and that will leave voicemail if I don't pickup; 2-3 times per month all during a condensed period.


2-3 A WEEK? Want to trade phone numbers? That sounds like heaven. I get at minimum that per day, sometimes per hour.


> ""We have disrupted the necessary flow of money from Canada to India, which will have a big impact on the operation and bottom line of scammers," Ogden said Friday, in announcing the charges."

Perhaps so, but to what extent and for how long? How many other mules are there, and how long will it take them to find replacement mules to replace those arrested?

I hope they throw the book at the mules, but I don't expect this to be a real solution to the problem.


It seems like a small story about a small bust, but if you keep reading the story keeps going. They are directly going after the scammers too.

> "Police have since worked with Indian authorities to carry out a flurry of raids against suspected illegal call centres in the country. Canadian officials said Friday they know of 39 call centres, in the New Delhi and Noida area, that have been shut down.

"Ogden said still others will face police scrutiny and that he anticipates more arrests and charges "in the next few weeks."


Yeah, but is 39 call centers a lot, or just the tip of the iceberg? It wouldn't really surprise me if there were hundreds of these companies, but I don't know.


Probably hundreds of them at least. But there may be only a smaller fraction of them targeting Canada.


Now hoping they put an end to duct cleaning services calls. Another scam. I get 10 of those a week.


Marketplace actually did a video about the air duct cleaning service scam a while back: https://www.youtube.com/watch?v=O13Vv4n__J8

It's really good, and they traced it all the way back to the call center (with an insider)! But of course, no one was arrested. Sadly, I don't think the punishment will fit how much annoyance and time wasted.


Good for the Canadian cops! Tax money well spent.


So the dude had a regular job so it doesn't seem like a kingpin of any kind. They've been tracking him for months, but they decided to take him down once he arrives for work, because ???

His wife is wanted too, but instead of going to where she is, they just call her and ask her to turn herself in?

By publicizing the arrest, the police likely killed their change to get the mule to lead to higher-up takedowns, no? Or have the police completely given up on shutting down the overseas operations?


That made me laugh, "unmarked vehicles tailed him, switching positions to avoid detection". Knowing Toronto drivers, I wouldn't be suspicious at all if someone tailgated me all the way to work.


The best part is after the police got done playing James Bond the couple was released under their own recognizance.


Wait, so they knew where he lived and where he worked, but still tailed him using multiple officers to make the arrest?


Maybe their thought is to make the mule role seem much more risky to Canadians. If the head org has to recruit from a smaller pool of people, or gangs, that could impact operations. Pure speculation, maybe most mules are already from gangs, etc.


i stopped answering my phone a long time ago, if someone really needs to contact me they can text, email (no guarantee on that though), or hit me up on discord, no spam there


[flagged]


Can you explain what the issue is with this particular story? Otherwise, your comment doesn’t add much value to the broader discussion IMHO.


What good is this story to be on HN ? There are so many scammers out there on CG. Let's list all of them in HN because it really pikes ones intellectual curiosity.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: