What’s the more horrifying part of robocall Hell: getting some 700 nuisance calls a day over the course of five days, or being told that there’s nothing anybody can do to stop it?
For Kim France, it’s the latter.
She’s a real estate agent who lives in Hilton Head Island, in the US state of South Carolina. In her line of business, she gets plenty of calls from numbers she doesn’t recognize.
But hundreds a day? No wonder the sound of her ringing phone still makes her cringe. Ars Technica quotes her:
Every time a number flashes up on my display that I do not recognize, the hair on the back of my neck stands up.
She talked to Ars’ Jon Brodkin three days into what she described as the “cell phone nightmare” that mysteriously enveloped her in June, making it near impossible to answer legitimate calls from friends, family or clients.
On the first night, she went to bed, slept for seven and a half hours, and found 225 missed calls when she awoke. It kept up at that pace for five days, for a total of roughly 700 calls a day.
She tried robocall blocking services. They didn’t work. That’s not surprising: such tools, which rely on blacklists of known scam numbers, don’t generally work when the numbers’ caller IDs have been spoofed.
Adam Doupé, a security researcher and professor at Arizona State University, told Ars that the core problem is that Caller ID is extremely easy to spoof. There’s no way to verify who’s calling, unlike with email, which relies on making a TCP connection to an email server with a specific IP address:
Because it’s an old, circuit-switched network, none of the switches along the way need to know who actually is placing the call. I was shocked to find out that the Caller ID is just an optional part of the original address message that gets sent along. You don’t need it, and nobody is checking it along the way for authenticity, and, really this means you can put that to be whatever you want. To top it off, there are a lot of online services that allow you to send out phone calls and specify exactly what Caller ID you want them to come from.
This is a problem that the Federal Communications Commission (FCC) is painfully aware of. In March, FCC Chairman Ajit Pai said in a blog post that the commission has proposed greater leeway for providers to block spoofed robocalls:
Specifically, they could block calls that purport to be from unassigned or invalid phone numbers (there’s a database that keeps track of all phone numbers, and many of them aren’t assigned to a voice service provider or aren’t otherwise in use). There is no reason why any legitimate caller should be spoofing an unassigned or invalid phone number. It’s just a way for scammers to evade the law.
Was it a scammer who plagued Kim France? No. She heard from neither robot nor human scam artist when she answered. Rather, she heard the sound of a fax. Most of the calls came from fake numbers: from area codes or exchanges that don’t exist. Scammers go to more effort than that, spoofing their Caller IDs to make people think they’re getting a local call.
Nobody’s even sure it was actually robocalls she was receiving. The Federal Trade Commission defines a robocall as one in which the recipient hears “a recorded message instead of a live person” …but “robocall” is as good a word as any to describe these nuisance calls, which basically amounted to the phone equivalent of a distributed denial-of-service (DDoS) attack.
Ars quotes RoboKiller co-creator Ethan Garr:
It is possible that whoever did this to Kim France did play a recorded file of the fax-like sound, but I think it’s also possible that they just generated the sound programmatically with each call.
It’s more of a DDoS attack over the telephone lines rather than a spam or scam call.
France tried to get her carrier, Verizon, to help. No luck. After six calls, all the company could come up with was a suggestion that she change her phone number: a no-starter, given that her business’s number is spread across a real estate landscape of third-party websites. Changing it would have been hugely disruptive to her business.
The response when she contacted a consumer rights attorney who specializes in phone call harassment: there’s nothing you can do to figure out where these calls are coming from.
The response from police: sorry, we can’t stop the calls.
The response from the FCC: a form letter explaining what spoofed Caller ID is… as if she didn’t know by that point.
There are intriguing tools in the works that could help to cut spoofed nuisance calls.
For example, Doupé and a PhD student are working on a caller verification system, to integrate into the core backbone of the SS7 signaling protocol, that adds an authentication token to messages so the call recipient can verify that the caller owns the phone number. It’s described in this paper (PDF). Brodkin says it’s similar to the green security lock displayed in browsers with HTTPS-enabled websites.
It relies on SMS, so the prototype is only working with mobile phones at this point.
When the possibility of this being a targeted attack was suggested, France couldn’t fathom who might want to target her. Then again, maybe it wasn’t a phone DDoS; maybe it was a glitch in auto-dialing software? Or then again, maybe it was, as RoboKiller’s Garr suggested, a “fax scam gone awry”.
Garr’s advice for handling an attack like this: “Weather the storm.” Stop answering, and tell friends and family to contact you some other way.
It is unlikely that anybody is going to make harassing calls to your number indefinitely. Scammers and spammers change their numbers very often – most numbers are active for just two hours. Kim’s attack lasted a long time, but even someone trying to do such an attack is likely fearful that if they do it forever they will get caught, and it is probably costing them a little bit to do this consistently.
He suggested using your phone’s Do Not Disturb mode and not allowing repeated calls from the same number.
As for France, so far, the robocall bombardment hasn’t recurred, thankfully. Now, all she’s left with is astonishment that there’s nothing anybody can do to stop this type of attack:
I just feel like there has got to be something that could be done to protect consumers from this type of crime. Being told that no one can do anything for me was the most shocking part to my story.
FreedomISaMYTH
we use a lot of “new” tech that is built on “dated” tech… phones, computers, browsers, etc all the way down to programming libraries… there was a time when security was not on the list of concerns… can we go back to that time of peace and love? (im kidding)
Wilderness
Yup, it’s a kick in the pants. Just like you can’t stop anyone from calling a million people and saying “Hi, this is [your name] and I think you suck!’
kokoronagomu
my phone service (comcast) only blocks 20 numbers but i bought a phone that will block a few hundred. both my cell and my landline phones have that feature. still, i get a single ring from a blocked number and some days it rings and rings with blocked numbers.
ejhonda
This victim’s name should have been changed / left out of news items on the incident. Now she’s easily Googled and copycats will take up the cause….
Paul Ducklin
Reading the Ars Technica article from which this story comes, I formed the opinion that Ms France came forward with her story so it would get told and thus did not expect or even want her name changed. (Ars gives her name and approximate address, plus a publicity-type photo, plus quotes that she apparently willingly provided.)
s31064
Sounds like she’s found a way to turn it to her advantage — free advertising.
John
“There’s no way to verify who’s calling, unlike with email … I was shocked to find out that the Caller ID is just an optional part of the original address message that gets sent along”
Hey Adam, remember that time you discovered that caller ID was just an informational field that could be set to anything and dismayed that it didn’t work like email? Well, funny story…
Raven
It would have been neat to feed that fax-like sound into a fax machine or old modem to see if there was any data in it.
Laurence Marks
This story is so full of errors that it should be retracted.
> “There’s no way to verify who’s calling, unlike with email, which relies on making a TCP connection to an email server with a specific IP address:”
Wrong! Cellphone, ISDN, and VoIP calls are controlled by digital “call setup” packets using a protocol called International Telecommunications Standard Q.931. The initial call packet includes the Calling Line ID (CLID) and a bit indicating whether the CLID was provided by the telecom authority (telephone company) or by the user. It would be a trivial matter for the telco or VoIP provider to give the user the option to block all calls with user-provided CLID, or this feature could be included directly in the cellphone or VoIP handset.
> “Was it a scammer who plagued Kim France? No. She heard from neither robot nor human scam artist when she answered. Rather, she heard the sound of a fax. Most of the calls came from fake numbers: from area codes or exchanges that don’t exist. ”
Did you never hear of FAX spam? FAX spammers search for FAX machines and send spam which prints at the victim’s machine. They are the same types: Nigerian princes, Irish Sweepstakes, sell your timeshare, etc. FAX spammers will fake the CLID so their source isn’t tracked, but they have no need to randomize the number or match your local area code/exchange because the target machine doesn’t discriminate like a human does. I have no idea why Ms. France didn’t simply hook up a FAX machine to the line to see who was sending *Real FAX Spam* (not FAX-sounding DDOS) to her, so she could hare reported it to the police. (There are laws against FAX spam.) Sadly it doesn’t surprise me that law enforcement couldn’t figure out to connect a FAX machine to the line, but it does surprise me that Ethan Garr couldn’t figure it out.
> “…it is probably costing them a little bit to do this consistently.”
Probably not. Almost all domestic calls are not metered (charged) these days, whether landline, cellular, and VoIP.
> “Or then again, maybe it was, as RoboKiller’s Garr suggested, a ‘fax scam gone awry’.”
I didn’t interpret Garr’s comment this way, but if he did mean it, why didn’t he suggest connecting a fax machine to see what was being sent?
This is one of the areas in which I consult.
Lisa Vaas
Thanks for the comments, Laurence. I’m circling around to Adam Doupé and Ethan Garr for clarifications—I could have oversimplified or misinterpreted—and will update the article after I get their feedback.
Mahhn
I have had to do that years ago. Just the fax mam.
EthanGarr
Mr. Marks, This is Ethan Garr from RoboKiller. Lisa Vaas, who wrote the piece, asked me to review your comments, and further asked me to post my response to her here:
Hi Lisa,
Thanks for reaching out. I think Mr. Mark’s criticism of your article is a little over the top. There might be some reasonable clarifications, but to call it “so full of errors that it should be retracted” seems overboard. I did see your article before you reached out, and I was at first taken aback by the headline. I would just say that for most people who are dealing with robocalls and telemarketers there are very effective solutions. RoboKiller is incredibly effective, and we are proud of it. What Kim France experienced, wasn’t what you, and I, and the vast majority of your users will ever experience. This wasn’t a telemarketer or robocaller trying to scam her as far as we can tell. This, in all likelihood, was a targeted attack on her as an individual. RoboKiller is effective in stopping more than 90% of spam calls, including stopping spoofed calls where the spammer spoofs a local number to get the recipient to answer.
In terms of Mr. Mark’s specific criticisms, it is not possible to reveal the true identity of a spoofed call–that information is not available in the packet information he is referring to. While it is accurate that calls include packet information, the originating number is not available if the call is spoofed. If you subpoenaed each link in the chain you might be able to eventually work your way back to an originating carrier, but it certainly isn’t something you can reasonably do during a call. Telco’s could possibly stop the connections of calls that didn’t include certain packet information as he described, but that isn’t a reasonable solution. Many of the calls you receive are legitimately spoofed for very good reasons–when you get a call from an extension at your bank, but your caller ID shows the bank’s main number, for example, it came through a PBX, and that is a “spoofed” call. Mr. Mark’s solution would block all of those calls to you.
Mr. Mark’s seems to think that the answer was simply to attach a fax machine to the line to solve this problem. Unfortunately, I couldn’t do this because I wasn’t part of the investigation; Jon Brodkin reached out to me for comment well after the attack. Not to mention, that Kim France described the sound as “fax-like, but not a fax” so it is pretty unlikely that this would have worked. He is awfully critical of me and law enforcement for “not figuring this out”, but he is simply wrong about the circumstances.
Jon Brodkin thoroughly investigated this story, and I provided a few possible explanations to him based on the information I had available. I don’t think your story was factually inaccurate; my only minor complaint was that the headline somewhat conflated Kim France’s situation with the robocall and telemarketing problem at-large. From my perspective the latter is a solvable problem, the former is a one-off kind of situation.
If you have an iPhone and would like to try RoboKiller, I’d love for you to put it to the test and see for yourself.
PM Laberge
Some years ago, I had the same problem. I was on a party line system, so neither the cops nor the phone co could / would help. And I could not hook up a fax, because of the party line. It would not work. But I was getting these calls once or twice every hour, 24 hours a day, for about a month….
I too dreaded answering the phone. Then one day I get a call from a little old lady. She was quite miffed, and wanted to talk to the local hydro utility… I told her she had reached a private residence. NO! she said! I CALLED THE NUMBER ON THE BACK OF MY BILL! So I went and got my bill, and I studied it. And I found my answer! The info was printed in light gray on cream. No Wonder She Was Miffed! Anyhow, she had been trying to dial their fax number. It was the bottom most number, and thus, the easiest one to read! She was in her 90’s and had no idea what a fax was. BUT: This Time… she had flipped the last 2 digits of the fax#, and thus called my number. No wonder she was miffed at the buzzing noises!
But I thanked her profusely, as this gave me the CLUE, I needed. After some talking with the hydro commission, we discovered that the fax calls came from an engineer in some foreign country. His computer sent the faxes (a resume) repeatedly. And he had not verified that he had entered the fax number information properly, thus calling my phone#.
Needless to say… He was not hired.
But the France lady, might be subject to something like that. And finally the people faxing her, discovered their error….
Tattooed Mummy
The simple plans seem to be the best – I have a BT phone that has caller announce, if you call from a number not in the phone memory then you have to manually speak a name, so automated calls never get past that, the phone doesn’t ring, just shows a call was refused.
Jim
That sounds like a WONDERFUL feature. Maybe BT can teach US companies how to do it.
chez
Here in England an old lady called Olive who had volunteered for charities for many years, was so stressed by all the spam calls she was getting from assorted charities that she jumped off the top of the Cheddar Gorge. Needless to say she died. Really sad but it started bringing about a change and our spam calls have reduced considerably.
BM
This happened to my daughter when the phone was connected to wifi (with the fax machine sound). It didn’t happen when phone was on cellular network. However, the phone went to wifi mode frequently. We think it is with some automatic processes that were probably legit, based on the apps installed, so we don’t think it was malware.
SOLUTION (as such): was to turn phone to airplane mode and leave it so for several days – taking it off only occasionally when needing to connect to cell network, and being careful not to let it go to wifi (don’t know that if it does, if a “reset” on the rogue dialer is engaged, lengthening the time for this to cycle to completion), where, if it does, it would be only a few seconds for the rogue calls to start again.
This won’t be practical for those who rely on their phone for business, and have frequent incoming already. But after a week or so, the calls stopped.
This was a difficult topic to search for, and no method was found to actually solve it, so thought I’d put this tip to mitigate it, here.
Al
This is a clear DDoS attack to phone lines and the FCC should take this more seriously and do something.. Otherwise, the telephone providers should allow users to choose for outgoing calls and incoming calls.. For example, have a list of numbers you want to dial to and numbers you want receive calls from. That could avoid all these stupid scam farms to keep spamming.
You could dial a number to hospital and choose to save it in your list and for any other number you want to be called from. For people who don’t want to be bothered at all, there’s any SMS system that allows to communicate. But the point would be to avoid dialing unless is an emergency and you could choose to do it.