[VoiceOps] Robocall mitigation SCAM!

Mary Lou Carey marylou at backuptelecom.com
Wed May 26 16:25:07 EDT 2021 

I understand it might provide helpful information, but from the sound of 
it these carriers were punished for keeping the traffic up as they were 
instructed to do. No one at the ITG or large carrier took responsibility 
for advising the carrier to keep the traffic up so either the right hand 
didn't know what the left hand is doing or there's some funny business 
going on. I'd say document the calls as much as possible and then turn 
them down. Better to not let it go through than to keep passing it and 
open yourselves up for retaliatory actions. You can always remove the 
block once the investigators get involved, and help them at that point 
but when you do nothing to stop it then it makes you look guilty even if 
you were just trying to help.

MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111

On 2021-05-26 02:50 PM, Mark Lindsey wrote:
> Good tips, Mary Lou!
> 
> Do you think there's potentially any good intentions behind the advice
> to leave the traffic up?
> 
> In the cybersecurity space, authorities will say that if your network
> has been compromised, you shouldn't immediately shutdown the hacked
> systems. For example, just this past September, this Joint
> Cybersecurity Advisory (AA20-245A) from the US and a few other
> governments...
> 
>> 
> https://us-cert.cisa.gov/sites/default/files/publications/AA20-245A-Joint_CSA-Technical_Approaches_to_Uncovering_Malicious_Activity_508.pdf
> 
> _Under actions to avoid: _
> 
>> _"Mitigating the affected systems before responders can protect and
>> recover data _
>> _ - This can cause the loss of volatile data such as memory and
>> other host-based artifacts._
>> _ - The adversary may notice and change their tactics, techniques,
>> and procedures."_
> 
> Mark R Lindsey, SMTS | +1-229-316-0013 | mark at ecg.co |
> https://ecg.co/lindsey/
> 
>> On May 26, 2021, at 3:38 PM, Mary Lou Carey
>> <marylou at backuptelecom.com> wrote:
>> 
>> I just heard through the grapevine that several companies have been
>> shut down and/or threatened with the confiscation of their equipment
>> for passing Robocall traffic. The companies that this happened to
>> all claimed someone contacted them and told them to keep the
>> TN/traffic up so they could help catch the offenders. Unfortunately,
>> whoever is advising carriers to keep the traffic up is not on the up
>> and up. The ITG and large carriers came in and shut them down
>> because they continued to pass traffic that was identified as
>> robocalls.
>> 
>> If someone contacts your company about a trace back and advises you
>> to keep the TNs / traffic up, DO NOT LEAVE IT UP! Document
>> everything and turn down the Robocall traffic as soon as possible!
>> Then send both the ITG and large carrier involved the account number
>> and CDRs for the calls in question.
>> 
>> Be safe out there.....it's getting crazy!
>> 
>> MARY LOU CAREY
>> BackUP Telecom Consulting
>> Office: 615-791-9969
>> Cell: 615-796-1111
>> _______________________________________________
>> VoiceOps mailing list
>> VoiceOps at voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops

More information about the VoiceOps mailing list