"Rachel" in the funny papers [telecom]

-or-

I'm rather surprised that they haven't nailed the perp on this one yet. The calls had to originate somewhere.

independently-operating perps, who have bought the same robocalling spam/scam software package which includes that particular recording."

Quite a few phoneslimers either use VoIP call termination (with missing or falsified caller ID information) or call from outside the U.S., or both. They could be "calling" from almost anywhere having good connectivity.

On Mon, 21 Jan 2013 11:14:54 -0800, snipped-for-privacy@radagast.org (Dave Platt) wrote in comp.dcom.telecom:

Since I am paying for all calls that reach my cell phone, shouldn't I have the right to receive ANI instead of or in addition to caller ID?

I'm probably getting as many calls nowadays from other than credit card scammers. Just got another one peddling home security systems, and there's also one about a medical alert system for seniors.

I've got so I press 1 for more information and then put the phone down, hoping that annoys them half as much as they annoy me.

--snip--

If law enforcement were serious about this, there'd be no need to trace the call. The whole scheme is futile unless the scammer gets paid. Therefore, all that's needed is to follow the money.

So, agent X gets a phone spam. Agent X plays gullible and pays via credit card. At this point, all it takes is one or more subpoenas to find where the money goes. Then, prosecute the receiver.

Maybe not so easy. I don't know about "Rachel", but similar operations seem to have the technique down. Some of the "antivirus" hostageware worked with the pattern: web domain registered in the Ukraine, web server in Hong Kong, credit card charged in Panama. Hey, for $4/month you can rent a VPN slot with a vendor who doesn't keep any records of IP assignments, accepts payment in Bitcoin, and has servers in Sweden. The perps could be anywhere in the world. Yeah, it's theoretically traceable, but so long as their nationals aren't getting victimized, what police department overseas is going to care very much? Like cops everywhere, they have a backlog of local cases, and are late for an appointment at the doughnut shop.

The FTC, who are not entirely stupid, have done quite a lot of this, and put a lot of them out of business.

Unfortunately, as someone else noted, "Rachel" isn't one person or one gang, but a whole lot of them who've bought the package.

Neal Stephenson's latest novel, called "REAMDE", is about a similar scheme: the problem with fraud-by-wire has /always/ been "getting paid", and Stephenson's villains have found a (pun intented) virtually untraceable way to get the gold.

IANALB, ISTM that Rachel and her friends have bypassed the problem of having to hide their booty by providing a very dubious "service" which their marks have agreed to pay for. Rachel's pitch, when it works, means Rachel does /something/ for which she is paid, which has been the weak spot in the consumer's armor ever since Ronald Reagan gutted the consumer protection laws: if Rachel had a valid list of phone numbers she could robocall, there would be no violation of the DNC law. That's why the Federal *TRADE* Commission is the only agency involved: violating the DNC isn't a crime that the FBI or other law-enforcement agencies are willing to prosecute, since annoying millions of people is a much less serious matter to the FBI than annoying one person who /has/ millions.

The only remedy I know of for violations of the do-not-call list is to sue the violator, and (as Rachel has discovered), very few victims are willing to spend thousands of dollars in legal costs to recover hundreds in damages. As with tobacco, the perpetrators are too powerful for anything but a government to stop them.

Bill

Is selling the package legal?

legal _where_? that is the question.

In the U.S., it is _possible_, albeit *unlikely*, for it to be used legally.

Now, IF they _market_ it, where they promote/suggest/recommend using it in a manner that is illegal in the jurisdiction where it is sold/used, they could be charged with 'aiding and abetting' and/or 'accomplice before the fact' and/or 'conspiracy'.

In any case it's hard to fathom the stupidity of the company in wasting its efforts calling people who don't want to be called. Surely the success rate of such calls approaches zero. Seems like their success rate would improve dramatically if they obeyed the do-not-call list. Albeit what they are selling is a scam.

There are several reasons that Rachel and friends might ignore the DNC:

1. They may not be able to check it: I don't know anything about the software Rachel runs on, but I think it robo-dials at random, and it may be coded to do only that.
2. The DNC, from what I've heard, was successful beyond anyone's expectations, and was therefore an unexpected barrier to Rachel's developers. They may have decided to ignore the DNC as a matter of expedience just to get their software "out the door".
3. I suspect that DNC entries are made by a single "techie" family member in most homes, and other family members might be unaware they even have the protection, so Rachel might have decided to go after them just to up her averages.

As things stand now, there is no effective way to prevent Rachel from violating the DNC, since enforcement depends on civil, not criminal, action by the FTC or the persons who are being called. Moreover, there's no mechanism to enforce the list by electronic means: there's no way to classify originating calls so as to divide them by "unsolicited" vs. "existing relationship" status. The SS7 system has no bits assigned for information of this sort, and introducing them would be a major modification to the telephone signalling network.

In addition, and this /does/ need to be said, legislators are reluctant to restrict /any/ commercial activity during the current depression. As repugnant as Rachel's franchisees may be, they are generating money for /someone/, and that's not something that an elected official wants to look at too closely.

Bill

I call bull***t. If the Feds actually cared about this there are huge numbers of laws that "Rachel" is breaking, way above and beyond the Do Not Call list.

Wire fraud, lying to law enforcement, money laundering, and a dozen others before breakfast.

Martha Stewart went to jail for a lot less.

Agreed. First, the Feds could (and should) order regulations to stop callers from entering the network with inadequate or erroneous identification; so that Caller ID and Call Trace would work properly to identify them.

Secondly, the Feds should start acting on reports of abuse.

Third, in the cases where the illegal activity originates overseas, there still is some way payment from this country gets to the crooks elsewhere. The Feds should investigate and control those weakspots in international payments.

Some of the solutions might take some creative legal work and reprogramming and rethinking of telephone network protocols. But this should not be that hard to do.

The FTC does all this stuff, you know. But tracking these clowns down and stopping them is hard, particularly when they're outside the US.

Sending fake caller ID is already illegal, but the problem is that SS#7 was designed in the era when only real phone companies could attach to the network, and so it's technically hard to keep random VoIP servers from sending fake info. Yes, this is stupid, but it's the way it works.

The only remedy I can believe in for this situation is phone service providers that are willing to block repeat offenders, or to give the end user enough tech information and access that he can do so himself.

There probably will never be enough competition among traditional telcos to make it worthwhile for one of them to protect its customers (if the regulators will even permit it). But VoIP is very likely to be a different story, which is why I hope it replaces POTS completely, the sooner the better!

There's a -simple- reason the 'Card Services' scammers don't use the do-not- call list -- it costs *money*. Over $17,000/year, if calling all areas of the U.S.

That amount of money would pay for something like half-a-million to a million phone calls at wholesale 'per-minute' rates.

"Beyond anyone's expectations" is an *understatement*. As of 10/1/2012, the DNC list has over 217.5 _million_ -active- numbers in it. That's roughly 10% of all the possible numbers in all the currently-in-use areacodes in the U.S. Given that -active- cell phones are about 18% of that numberspace, 30% for 'assigned to cell providers' seems reasonable. Using a WAG of 30% for business numbers, and 20% for 'not in use'/dis- connected numbers -- it begins to look like fully _half_ of all residential lines may be on the DNC list. If the ratio of 'sales' to calls is marginal in the first place, cutting the number of calls in half could kill what profitability there is in the scheme.

Trivia: the DNC list size is almost *twice* the number of households in the country.

Correction: there is =presently= "no effective way" -- a simple legal change -- making any telco that handled the call liable for the 'statutory damages' in 47 USC 227, -unless- they can provide a legal record of how the call entered that telco's network, and from whom that connection came.

With -that- in place, the recipient of the call sues their local phone co., who can avoid judgment only by 'proving' that the call came from a particular 3rd party. that 3rd party is either the party who originated the call (if it originated within the telco) or the 'upstream' telco that handed the call off to them, including the trunk circuit ID, timestamp, etc., sufficient for that 'upstream' telco to identify the call in their records. (Telcos _have_ all that info already -- it's used in calculating and verifying inter-carrier "settlements".

If the telco comes up with that 3rd party, one then amends the suit to substitute that 3rd party for the currently-named defendant. (and, if not, one collects from the telco :)

If that party is a telco, it is "lather, rinse, repeat", until one reaches the actual call origin.

For the actual originator, it's 'the death of a thousand cuts' -- all those small-claims suits.

*AND* with submitted copies of a bunch of _those_ judgments, it's *really*easy* for the Feds to go after them for the 'big ticket' violations. Actually, -one- small-claims suit, properly done, can be sufficient -- subpoena the call-records for all outgoing marketing calls defendant made that day, _and_ the 'permission' to make robocalls to that number. Then, somehow, _that_ falls into the Feds' hands. "So sorry, Rachel. NOT!"

This is true. But there isn't just one Rachel. A few have been arrested, a few more will be arrested. But it's like playing wack-a-mole. For every one you arrest, a dozen more will spring up. And, thanks to VoIP making long distance service very cheap, many of them will spring up offshore.

Yes, but there was only one of her.

--scott