USPS text scammers duped his wife, so he hacked their operation

(blog.smithsecurity.biz)

460 points wglb | 1 comments | 08 Aug 24 23:00 UTC | HN request time: 0s | source

Show context

janalsncm ◴[09 Aug 24 05:33 UTC] No.41199037[source]▶

>>41197300 (OP) #

> The Smishing Triad network sends up to 100,000 scam texts per day globally

This should not be possible. I guess the iMessage scams used e2ee, but the SMS scams should have been caught. It would be great if there was law enforcement that competently handled cybercrime, or at least triaged it.

More broadly, and at the risk of creating another TLA, the US needs a Blue Team version of the NSA. In other words, identify critical infrastructure, figure out how it can be hacked, and require that companies fix the issues. Use national security if need be. Banks have to undergo stress tests to prove they are solvent, there is no reason that critical infrastructure should be able to leave their doors unlocked.

replies(4): >>41199054 #>>41200287 #>>41201580 #>>41201685 #

fullspectrumdev ◴[09 Aug 24 09:46 UTC] No.41200287[source]▶

>>41199037 #

Spam filtering for SMS is still not particularly broadly implemented by network operators apparently.

I remember during Covid there was a few startups in that space trying to work with MVNO’s to get a foothold in the market, but don’t think any of that went anywhere.

replies(2): >>41200342 #>>41203219 #

newsclues ◴[09 Aug 24 09:59 UTC] No.41200342[source]▶

>>41200287 #

Network operators make money from scam industry there are not incentivized to deal with the problem beyond offering additional paid services

replies(1): >>41201319 #

LinuxBender ◴[09 Aug 24 12:46 UTC] No.41201319[source]▶

>>41200342 #

I can vouch for this. There were a myriad of cases I brought to my boss, the director of operations for a major wireless carrier that was absorbed into another one that still exists. "They are paying their bills, right?" was all I could get. I had text messages scrolling on my desk in a different workspace all day. Agencies would have me grep for homicide threats between gangs but that's about it. I was not only required to support spammers and scammers, but also required to make sure everyone's messages got through quickly, including those that were overloading my gateways from SS7 links controlled by obvious scammers. I was not allowed to get the hicap folks to decom nefarious SS7 links. This was a long time ago and I doubt the situation improved.

replies(4): >>41201615 #>>41203174 #>>41203218 #>>41203854 #

yabones ◴[09 Aug 24 17:40 UTC] No.41203854{3}[source]▶

>>41201319 #

Works the same way as old-school junk mail. Your postal service gets paid well by junk mailers to put trash in your mailbox, so they're disincentivized to fix the systemic issue. I can't find a good quality source on this, but it's been said that about 45-50% of USPS & Canada Post's revenue comes from junk mail. They could fix it, but it would probably lead to a collapse of the entire post system due to revenue shortfalls. A true tragedy of the commons.

replies(2): >>41206031 #>>41209747 #

1. fn-mote ◴[10 Aug 24 14:26 UTC] No.41209747{4}[source]▶

>>41203854 #

The assertion that scam texts are the same as junk mail is absurd unless you believe that there are unsophisticated victims falling for junk mail offers. I don’t buy the comparison at all.

I assume the point is “there is no economic incentive to fix the situation” … but that is an extremely generic claim.

↑