Is the FCC Investigating Your Platform?

By: Tim Prugar

If your business model is similar to Dialing Services, LLC...they very well might be. 

Late last week, the FCC adopted a "Forfeiture Order" against Dialing Services, imposing fines totaling $2.9 million, citing their practice of placing pre-recorded calls to mobile phones without prior opt-in consent. The FCC asserts that Dialing Services placed more than 4.7 million calls over a 3 month period, ignoring multiple FCC warnings and a citation in the process. The FCC found that not only did Dialing Services offer a spoofing functionality for their clients, but they also participated in the creation of the content. 

So why is this decision significant?

1. Dialing Services is a Platform

This decision has enormous significance because it's not simply going after Dialing Service's clients - it's going after the platform itself. This may signify a sea change in legal thinking, identifying platforms that offer robodialing services as equality culpable for TCPA violations as firms that execute the calls. This is a big, big deal. 

2. Potential Crackdown on "Neighbor Spoofing"

The use of spoofing isn't limited to account takeover or prank calls. The practice of "Neighbor Spoofing" - spoofing the area code of the person you're calling in order to increase the likelihood they answer - has been picking up steam in the sales world over the last 5-7 years. The FCC citing this practice explicitly in their Order may indicate a dedication to cracking down on this type of spoofing. It would certainly be in keeping with the current FCC's clear vow to reduce Robocalls. 

 

Tim Prugar is the Director of Customer Success at Next Caller. He can be reached at tim@nextcaller.com

Should ISPs Prepare for "Hacktivism" in the Wake of Net Neutrality Vote?

     The internet erupted in a collective fury last week as the FCC voted to rollback net neutrality regulations. From the internet commons of Reddit to the New York Times Editorial Page, observers noted with concern, anxiety, or full-blown rage that the policy shift was a threat to the concept of a free and open internet. The popular wrath was directed at two main sources: FCC Chairman Ajit Pai and massive Internet Service Providers (ISPs) who potentially stand to gain from the deregulation. With ISPs squarely in the sights of the internet’s vengeful wrath, the rise of “hacktivism” should give ISPs significant pause about the security threats this policy change can bring to their organizations.

 

What is Hacktivism?

            A blend of hacking and activism, hacktivists leverage security breaches or other cyber attacks to advance a political or social cause. Rather than looking for money, Hacktivists are seeking to combat perceived injustices. Examples include an attack on the state of Michigan’s website in the wake of the Flint Water Crisis, the hacking of DNC Emails, and even the data breach at Ashley Madison.

 

Why Should Net Neutrality Make ISPs “Productively Paranoid”?

            First and foremost, there’s already been an alleged hacktivist attack as a result of the net neutrality vote. The FCC itself has claimed that it suffered multiple distributed denial-of-service (DDoS) attacks that they believe had the goal of shutting down the public commenting system in advance of the net neutrality vote. These tactics are becoming increasingly common as an expression of internet outrage, and ISPs don’t need to look much further than headlines to see the anger that these policy changes have caused:

Comcast and Verizon’s Sneaky Push to Kill Net Neutrality is Just Embarrassing

Comcast and other ISPs celebrate imminent death of net neutrality rules

Verizon Apparently Thinks You’re Stupid 

FCC Buried By Fake and Hate-Filled Comments on Net Neutrality

            To sum…many people are very unhappy.

 

 What Can You Do To Protect Yourself From Hacktivist Attacks?

            The most important thing to recognize is that attackers focus on vulnerabilities and weaknesses. Any plan to shore up security must identify and secure frequently-overlooked channels.

1.     The Phone

Whether it’s PBX, VOIP-based UC systems, or a consumer-facing call center, the phone channel is a prime target for bad actors. ISPs should be certain that PBX/UC systems have secure passwords and that systems are in place to detect suspected breaches. A hacked PBX can run up hundreds of thousands of dollars in long-distance calls in a single weekend, and would be a perfect way for hacktivists to make ISPs feel financial pain for the net neutrality shifts.

ISPs who operate consumer-facing call centers should employ technology that can detect instances of call spoofing or robodialing in real-time. Executing a Telephony Denial-of-Service (TDos) attack by flooding a call center with robocalls is an effective way to completely shut down a call center, like what happened at the Minnesota insurance exchange. ISPs want to be sure to have strong anti-spoofing technology in place to prevent account takeover protect their customers’ personal data in the event of an attack.

2.     Phishing Attacks

The human being is always the weakest link in the fraud chain. From Snapchat to the World Anti-Doping Agency to GoogleDocs, significant cyber threats can be facilitated by an employee clicking on a link or downloading and opening a file they shouldn’t. It is essential that ISPs exhibit a heightened sense of internal security, and ensure that all employees have received recent training on phishing attacks, social engineering practices, and basic email safety.

3.     Third Party Vendors

With the rise of interconnectivity and the Internet of Things, it’s no longer enough to worry about your own security protocols and practices – you must also be rock-solid certain as to the security credentials of your third party vendors. An air conditioning vendor contributed to Target’s data breach, and Lady Gaga’s album was leaked after a collaborator was hacked. How are you being certain that your vendor partners aren’t accidentally putting your business at risk?