So, this is a crime right? Why isn't there a well known '911' for cybercrime to report things like this to and get help? Society needs to catch up with the actual dangers out there and build support networks for this ASAP. This is organized crime and needs organized defense to deal with it.
I see several comments like this implying nothing can be done. But that is far from the truth. First, an agency that actually answered the phone could coordinate directly with LinkedIn and other tech companies to quickly take down these fake accounts and minimize harm to others. We all know how incredibly hard it is to contact a tech company. Second, an agency that answers the phone could help less technical people find what may have been compromised and push people towards support services if needed. And finally, maybe, they could do the hard job of combining leads and working with appropriate agencies to maybe find and prevent these things over time.
Taking things down doesn't help much unless the platform has something in place to make it hard to recreate them.
>they could do the hard job of combining leads and working with appropriate agencies to maybe find and prevent these things over time
At least in the U.S., everyone will cry government overreach and no one will fund it. In other countries, they should probably just ban U.S. platforms unless they're reachable and actually resolve these type of problems.
Won't that require laws that allow the said agency to compel LinkedIn or whatever tech company to actually pay attention and take action? Like laws compelling tech companies to unlock the bootloader once they stop supporting a device.
I wonder why such common sense laws don't exist and who is preventing them from being introduced and passed despite wide public support in general?
I'm not a lawyer but it would be odd if a government agency couldn't communicate a possible threat to a tech company. It is in a company like LinkedIn's best interest to set up a phone number/channels for a centralized agency to communicate potentially malicious accounts and other emerging threats. I suspect that actually already exists for big companies. I doubt they are required to -do- anything without laws but this seems like a win that is easy for all sides. The problem is likely mostly on the US (and other govt) side of things. No clearly defined agency with a clear mandate, resources and leadership to take on this task.
You're describing the FBI or your state level equivalent. And they actually do exactly what you are describing, but in measured efforts. I've even had them come by my place of employment before. They clearly lack the resources to work at this scale though.
The problem with a phone number you suggest is that it will get spammed and abused with fraudulent imposters too (the complete and utter destruction of trust in phone calls and text messages should also be corrected by the government, but that's a different topic).
Sounds like socializing the harms instead of requiring these companies to bear the burden themselves. Could still be a valid approach but I'm afraid it will make them take less responsibility, not more.
Something I've always wondered, because I'm a bit of a contrarian and I wonder if we're really any different: Could an American citizen hack and steal from Iranians and Russians with impunity from America? The issues that prevent the US from extraditing Russians who hack us -- don't they work both ways?
Legally speaking, no - it would still be a criminal offence.
Practically speaking, there is zero chance that the USA would extradite someone to Iran, even if they weren't currently at war with them. Whether they did anything about it would probably depend on exactly what the situation was - there's a big of difference between targeted IRGC or defence systems and ransomwaring an Iranian hospital or scamming random citizens.
Where they'd probably get you is if you tried to monetise it, and get stolen/extorted cryptocurrencies (or whatever) into your bank account. But that could easily fall under tax evasion laws rather than computer misuse ones, because they'd be a lot easier to prove in court.
It would be very dependent on the exact circumstances - who made a complaint, what exactly they're accusing you of, what evidence there is, how high profile it is, the current diplomatic position (which changes by the hour), etc, etc. I don't think you can really get a simple answer for this kind of question.
As far as I know it has never happened. On the contrary, when Alejandro Caceres admitted to ddosing North Korea - taking down all their public websites for a week - he was questioned by the FBI who decided to take no further action.
You won't hear back from them, though. But, at least for US citizens (and possibly for anyone?), this is as far as I know the closest thing there is to an "Internet 911".
To put it bluntly and perhaps a bit cynically, on the tree of bad things that people do to other people, this is pretty high-hanging fruit. Right up there next to scam phone calls that prey on the elderly while claiming to be from Microsoft support.
It's basically impossible to catch suspects because they are either smart enough to cover their tracks very well, or (more often) live in countries whose governments don't care about their citizens (even pay them for) scamming westerners.
Hard disagree on the scam phone calls. It would be trivial to eradicate them almost completely if the phone operators did the bare minimum to fight against it. At any point in time, any given US phone number is handled by exactly one phone carrier. There is nothing stopping that carrier from requiring name and address to issue that phone number. They already do for 99.99% of their legitimate customers. It would be very easy to make it so that every single phone call originating from the US, including all VOIP calls made with US phone numbers, can be traced back to a specific business or person that can later be sued or prosecuted.
And no, number spoofing isn't an excuse either. We literally solved the much harder problem of email spoofing already. There are, what, 3 carrier networks in all of US? And they cannot do with each other what DMARC did for the hundreds of thousands disjoint organizations that comprise the internet? Please.
Number spoofing is not a solved problem because some carriers, which appear legitimate in all other respects, make a business out of routing your traffic over TDM trunks that don't support caller ID verification, and will claim it's extremely expensive to upgrade these to VOIP.
Fuck 'em? That's not a insurmountable problem in the slightest. Google or Apple could probably solve this problem themselves by simply not ringing the phone for any call that doesn't meet ID verification.
The behavior of the phone network is set by government regulation. If you refuse to service allowable calls, you are heavily fined or kicked off the network. The government has to update the rules.
I tried to find these rules yesterday (for another comment chain) but couldn't. As far as I could tell, nothing stops the carrier from silently dropping a likely scam call without receiver's knowledge or consent. Do you know which specific regulations would prohibit that?
I'd be 100% happy to block those carriers from calling me. Their users should just get a message that calling my number is not supported and they should try calling me from another device.
Not allowed. The same government rules that stop Google from refusing calls from Apple devices also stop them from refusing calls from whoever is doing this. The government would have to update the rules. They could mandate number verification for all calls, even those passing over TDM trunks, and make it the network's problem to figure out how to do that. The rules currently say that all calls which don't pass through legacy equipment must have verified numbers, so there's a market for making calls take stupid legacy routes on purpose.
KYC just for a phone number opens the door for societal ostracization and essentially blacklisting of people from infrastructure. This is on par with being unable to open a bank account if the capability is matured. I'd advise that you think long and hard about the consequences of this system being applied against you maliciously before signing on the dotted line.
> KYC just for a phone number opens the door for societal ostracization and essentially blacklisting of people from infrastructure.
We have that in Europe and the world has not fallen apart. On top of that, we don't have even close to the scale of problems with scammers that the US has. I won't deny we don't have scammers because we absolutely have them, but they are far from the scourge they are in the US.
> This is on par with being unable to open a bank account if the capability is matured.
The secret is... we have constitutionally protected rights. Unless you do not pay your bills, your phone line will not get disconnected. And same for bank accounts - every European has the right to a basic banking account, even if you are a target of foreign sanctions [1].
I'm in the US, I have two 20-year old phone numbers and 1 cell number, none ring through with span or scams.
I wonder why that is? I dont give the numbers out. That's why. Whenever a store says "do you gave a number with us" I say I don't have a cell phone. If they can plainly see I do have a cellphone, I add, "for that."
The second part is shopping at stores that dont tie prices to your having given them a number.
There already are laws that would prevent the exact thing you're talking about. A requirement to provide name and address would change absolutely nothing. And if legal protections are not enough for you then what are we even talking about? Your phone carrier could disable all your lines this instant with a few clicks if they wanted to; the technical capability is already there. They also have your name and address from listening to phone calls and triangulating cell towers - though realistically they didn't need to do it because you already gave them your details knowingly and willingly as part of starting the service, didn't you?
I'd advise that you think long and hard about the consequences of the current system before saying the alternative is worse.
Wonder if they’re effective in going after reports. I’d still report to IC3/FBI/powers that be, too. Just in case someone somewhere has the resources to do something… perhaps a high hope
I get more calls from Google Security than any other thing. Oddly the Pixel's built in scam detection and call screening lets them through without fail. I normally don't have my phone even ring unless it's in my contacts, but saying you are calling from Google is like a magic code.
I always wondered why US cannot pressure India to crack down on those scammers? They use phone network, it should not be difficult to find them. Some youtubers even hack into their computers and extract all the info. US probably has a leverage here, they could simply ban Indian companies from working with US if they don't cooperate.
US was so angry about "unfair" tariffs why are they not angry about criminals stealing from Americans?
secondary is the effort asymmetry between spinning up one of these scams (near 0 effort) and catching/prosecuting these scams (big effort, astronomical cost)
406 MHz is pretty close [1]. If you have a radio that screams on that channel, chances are the nearest search-and-rescue operation will at least be notified.
you arent getting jail for life for this, even in the extremely remote chance you are caught. you are probably getting more than one guy's computer, though.
I don’t know but the us kidnaps ehhh arrests people on foreign land on a regular basis… and brings them to the US to stand trial. So if it’s “important” enough it will be aced upon…
There is but the FBI is horrible at responding to cybercrime. They have IC3 but its basically useless. They arent going to help or even contact you if you report a crime to them.
I presume more countries have this, not sure about the US though (CISA maybe? CERT/CC?). CERT is the overarching org that manages local agencies like this Dutch NCSC. Though I am not sure if and how easy it is, globally, to report incidents.
The amount of crime in the world -that requires arguably "low skill" time to resolve- that just gets filed away because of low resources is insane. How are forces going to stand up high skill task forces for these kinds of things?