Robocall mitigation SCAM!
I just heard through the grapevine that several companies have been shut down and/or threatened with the confiscation of their equipment for passing Robocall traffic. The companies that this happened to all claimed someone contacted them and told them to keep the TN/traffic up so they could help catch the offenders. Unfortunately, whoever is advising carriers to keep the traffic up is not on the up and up. The ITG and large carriers came in and shut them down because they continued to pass traffic that was identified as robocalls. If someone contacts your company about a trace back and advises you to keep the TNs / traffic up, DO NOT LEAVE IT UP! Document everything and turn down the Robocall traffic as soon as possible! Then send both the ITG and large carrier involved the account number and CDRs for the calls in question. Be safe out there.....it's getting crazy! MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
Good tips, Mary Lou! Do you think there's potentially any good intentions behind the advice to leave the traffic up? In the cybersecurity space, authorities will say that if your network has been compromised, you shouldn't immediately shutdown the hacked systems. For example, just this past September, this Joint Cybersecurity Advisory (AA20-245A) from the US and a few other governments... https://us-cert.cisa.gov/sites/default/files/publications/AA20-245A-Joint_CS... Under actions to avoid: "Mitigating the affected systems before responders can protect and recover data - This can cause the loss of volatile data such as memory and other host-based artifacts. - The adversary may notice and change their tactics, techniques, and procedures." Mark R Lindsey, SMTS | +1-229-316-0013 | mark at ecg.co | https://ecg.co/lindsey/ <https://ecg.co/lindsey/>
On May 26, 2021, at 3:38 PM, Mary Lou Carey <marylou at backuptelecom.com> wrote:
I just heard through the grapevine that several companies have been shut down and/or threatened with the confiscation of their equipment for passing Robocall traffic. The companies that this happened to all claimed someone contacted them and told them to keep the TN/traffic up so they could help catch the offenders. Unfortunately, whoever is advising carriers to keep the traffic up is not on the up and up. The ITG and large carriers came in and shut them down because they continued to pass traffic that was identified as robocalls.
If someone contacts your company about a trace back and advises you to keep the TNs / traffic up, DO NOT LEAVE IT UP! Document everything and turn down the Robocall traffic as soon as possible! Then send both the ITG and large carrier involved the account number and CDRs for the calls in question.
Be safe out there.....it's getting crazy!
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
I understand it might provide helpful information, but from the sound of it these carriers were punished for keeping the traffic up as they were instructed to do. No one at the ITG or large carrier took responsibility for advising the carrier to keep the traffic up so either the right hand didn't know what the left hand is doing or there's some funny business going on. I'd say document the calls as much as possible and then turn them down. Better to not let it go through than to keep passing it and open yourselves up for retaliatory actions. You can always remove the block once the investigators get involved, and help them at that point but when you do nothing to stop it then it makes you look guilty even if you were just trying to help. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2021-05-26 02:50 PM, Mark Lindsey wrote:
Good tips, Mary Lou!
Do you think there's potentially any good intentions behind the advice to leave the traffic up?
In the cybersecurity space, authorities will say that if your network has been compromised, you shouldn't immediately shutdown the hacked systems. For example, just this past September, this Joint Cybersecurity Advisory (AA20-245A) from the US and a few other governments...
https://us-cert.cisa.gov/sites/default/files/publications/AA20-245A-Joint_CS...
_Under actions to avoid: _
_"Mitigating the affected systems before responders can protect and recover data _ _ - This can cause the loss of volatile data such as memory and other host-based artifacts._ _ - The adversary may notice and change their tactics, techniques, and procedures."_
Mark R Lindsey, SMTS | +1-229-316-0013 | mark at ecg.co | https://ecg.co/lindsey/
On May 26, 2021, at 3:38 PM, Mary Lou Carey <marylou at backuptelecom.com> wrote:
I just heard through the grapevine that several companies have been shut down and/or threatened with the confiscation of their equipment for passing Robocall traffic. The companies that this happened to all claimed someone contacted them and told them to keep the TN/traffic up so they could help catch the offenders. Unfortunately, whoever is advising carriers to keep the traffic up is not on the up and up. The ITG and large carriers came in and shut them down because they continued to pass traffic that was identified as robocalls.
If someone contacts your company about a trace back and advises you to keep the TNs / traffic up, DO NOT LEAVE IT UP! Document everything and turn down the Robocall traffic as soon as possible! Then send both the ITG and large carrier involved the account number and CDRs for the calls in question.
Be safe out there.....it's getting crazy!
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Mary Lou, Are you referring to the super sketchy voip providers who list a US address but in reality are based overseas? Like the ones where you google search the US street address on their website using maps and find out it is just a run down apartment building? Or are you talking about more respectable outfits? Matt -----Original Message----- From: VoiceOps <voiceops-bounces at voiceops.org> On Behalf Of Mary Lou Carey Sent: Wednesday, May 26, 2021 3:39 PM To: voiceops at voiceops.org Subject: [VoiceOps] Robocall mitigation SCAM! I just heard through the grapevine that several companies have been shut down and/or threatened with the confiscation of their equipment for passing Robocall traffic. The companies that this happened to all claimed someone contacted them and told them to keep the TN/traffic up so they could help catch the offenders. Unfortunately, whoever is advising carriers to keep the traffic up is not on the up and up. The ITG and large carriers came in and shut them down because they continued to pass traffic that was identified as robocalls. If someone contacts your company about a trace back and advises you to keep the TNs / traffic up, DO NOT LEAVE IT UP! Document everything and turn down the Robocall traffic as soon as possible! Then send both the ITG and large carrier involved the account number and CDRs for the calls in question. Be safe out there.....it's getting crazy! MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
On 5/26/21 4:12 PM, Matthew Yaklin wrote:
the ones where you google search the US street address on their website using maps and find out it is just a run down apartment building? Hey! What if your business is based in a run-down apartment building? ?
-- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
All I know is that I was told it happened to several legitimate carriers that were small companies. Just be careful is all I'm saying because its not worth losing your business over. MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2021-05-26 03:12 PM, Matthew Yaklin wrote:
Mary Lou,
Are you referring to the super sketchy voip providers who list a US address but in reality are based overseas? Like the ones where you google search the US street address on their website using maps and find out it is just a run down apartment building?
Or are you talking about more respectable outfits?
Matt
-----Original Message----- From: VoiceOps <voiceops-bounces at voiceops.org> On Behalf Of Mary Lou Carey Sent: Wednesday, May 26, 2021 3:39 PM To: voiceops at voiceops.org Subject: [VoiceOps] Robocall mitigation SCAM!
I just heard through the grapevine that several companies have been shut down and/or threatened with the confiscation of their equipment for passing Robocall traffic. The companies that this happened to all claimed someone contacted them and told them to keep the TN/traffic up so they could help catch the offenders. Unfortunately, whoever is advising carriers to keep the traffic up is not on the up and up. The ITG and large carriers came in and shut them down because they continued to pass traffic that was identified as robocalls.
If someone contacts your company about a trace back and advises you to keep the TNs / traffic up, DO NOT LEAVE IT UP! Document everything and turn down the Robocall traffic as soon as possible! Then send both the ITG and large carrier involved the account number and CDRs for the calls in question.
Be safe out there.....it's getting crazy!
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
participants (4)
-
abalashov@evaristesys.com -
lindsey@e-c-group.com -
marylou@backuptelecom.com -
myaklin@firstlight.net