←back to thread

USPS text scammers duped his wife, so he hacked their operation

(blog.smithsecurity.biz)
460 points wglb | 2 comments | 08 Aug 24 23:00 UTC | HN request time: 0.022s | source
Show context
janalsncm ◴[09 Aug 24 05:33 UTC] No.41199037[source]
> The Smishing Triad network sends up to 100,000 scam texts per day globally

This should not be possible. I guess the iMessage scams used e2ee, but the SMS scams should have been caught. It would be great if there was law enforcement that competently handled cybercrime, or at least triaged it.

More broadly, and at the risk of creating another TLA, the US needs a Blue Team version of the NSA. In other words, identify critical infrastructure, figure out how it can be hacked, and require that companies fix the issues. Use national security if need be. Banks have to undergo stress tests to prove they are solvent, there is no reason that critical infrastructure should be able to leave their doors unlocked.

replies(4): >>41199054 #>>41200287 #>>41201580 #>>41201685 #
fullspectrumdev ◴[09 Aug 24 09:46 UTC] No.41200287[source]
Spam filtering for SMS is still not particularly broadly implemented by network operators apparently.

I remember during Covid there was a few startups in that space trying to work with MVNO’s to get a foothold in the market, but don’t think any of that went anywhere.

replies(2): >>41200342 #>>41203219 #
newsclues ◴[09 Aug 24 09:59 UTC] No.41200342[source]
Network operators make money from scam industry there are not incentivized to deal with the problem beyond offering additional paid services
replies(1): >>41201319 #
LinuxBender ◴[09 Aug 24 12:46 UTC] No.41201319[source]
I can vouch for this. There were a myriad of cases I brought to my boss, the director of operations for a major wireless carrier that was absorbed into another one that still exists. "They are paying their bills, right?" was all I could get. I had text messages scrolling on my desk in a different workspace all day. Agencies would have me grep for homicide threats between gangs but that's about it. I was not only required to support spammers and scammers, but also required to make sure everyone's messages got through quickly, including those that were overloading my gateways from SS7 links controlled by obvious scammers. I was not allowed to get the hicap folks to decom nefarious SS7 links. This was a long time ago and I doubt the situation improved.
replies(4): >>41201615 #>>41203174 #>>41203218 #>>41203854 #
1. ryandrake ◴[09 Aug 24 16:13 UTC] No.41203174{3}[source]
> I can vouch for this. There were a myriad of cases I brought to my boss, the director of operations for a major wireless carrier that was absorbed into another one that still exists. "They are paying their bills, right?" was all I could get.

I would have loved to ask him if he'd do business with Stormfront or ISIS as long as they were "paying their bills." It's not just the top of the food chain, these middle managers are all morally bankrupt, too.

replies(1): >>41206527 #
2. LinuxBender ◴[10 Aug 24 00:38 UTC] No.41206527[source]
I can't comment on ISIS and their ilk but I can say that wireless companies absolutely love drug dealers unofficially speaking of course. They pay cash, pay on time and always keep their accounts active. Some have multiple phones. A disabled phone is lost revenue.