Podcast

Podcast: Telco fraud spikes in Ukraine, while service providers fined in US and UK

June 13, 2022

Posted by: IoT global network

Crime and Punishment:It’s all kicking off in telecoms and IoT! As supporters try to keep Ukraine connected, experts see a huge rise in communications fraud. In the UK, administrators for failed CSP Phones4U allege some network operators colluded in its downfall – allegations they deny. Twitter can’t deny data breaches and coughs $150 million to US FCC. And Clearview AI is fined UK£7.5 million for illegally collecting facial images. Fraud expert, Kelvin Chaffer helps Trending Tech Podcast’s Jeremy Cowan make sense of it all.

Listen on

Listen all episodes

Jeremy Cowan  00:05

Hi and Welcome to the latest Trending Tech Podcast. I’m Jeremy Cowan, co-founder of the technology sites, VanillaPlus.com, IoT-Now.com and The Evolving Enterprise (https://www.theee.ai ), our joint sponsors today. It’s great to have you here for the latest, sometimes serious, sometimes light-hearted look at digital transformation for enterprises.

Today, I am delighted to be joined on the pod by Kelvin Chaffer, who is Chief Operating Officer of Lifecycle-Software.com. Kelvin mentioned that through their work as a global provider of business support systems for mobile network operators, they’ve been seeing rising levels of fraud on the networks since the start of the Ukraine war. So, it seemed to be a good moment for us to discuss, more broadly the role of technology in Russia’s invasion of Ukraine. And here we are. Kelvin, welcome to the Trending Tech Podcast.

Kelvin Chaffer  01:05

Hi, Jeremy. Thanks for having me on today. I’m really excited about it.

Jeremy Cowan  01:09

Great to have you. Well, we’re going to start by looking at two recent news stories in the tech space, then we’re going to hear more about how telecom and IoT services are being sustained in Ukraine. And when all of that’s covered, in our closing section called What The Tech, Kelvin and I will take a dive into a couple of stories that amazed us. So, what was the news story that caught your attention, Kelvin, and where did you find it?

Kelvin Chaffer  01:38

Okay, so there was a story this week on TechRadar about Phones4U and their administrators, claiming that there was a plot to destroy them by some of the network operators back in 2014. (https://www.techradar.com/uk/news/phones4u-administrators-accuse-operators-of-plot-to-destroy-retailer )

Jeremy Cowan  01:53

That’s a pretty extraordinary claim.

Kelvin Chaffer  01:55

It is. It is. I mean, I was quite close to this at the time. We were doing all the back office for Life Mobile, who were the MVNO that Phones4U had span up to help drive some of their growth. Phones4U themselves were a huge business. They were a big high street retailer. In 2013, they turned over £1 billion. And, although they lost Three as a provider in 2012, they still had the other big three (network operators) in the UK, who they were selling contracts for. And then on September 14th, 2014, literally overnight out of nowhere, they went into administration. And it was literally out of nowhere. No one, I think, saw it coming. So, yeah, it was pretty crazy, really. Huge shock.

Again, Three had gone their own way in 2012, O2 had started cutting ties at the start of 2014. So, they still had EE and Vodafone. And again the claim is that EE, Vodafone and O2, were collaborating together to try and push the prices down. Phones4U obviously didn’t want to go that low, they couldn’t come to a deal. And then when and EE effectively said no, that was it, the whole thing fell over.

Jeremy Cowan  03:33

We should say, of course, that this is a claim, an allegation that is refuted by all three of the operators in question. But it’s not a frivolous claim. This is by a respected administrator. So, it’s worth discussing, however briefly, and with the qualification that this has not been tested in law.

Like you, I mean I wasn’t as close to this as you, but I was observing it and I do remember Phones4U closing in 2014. And it really shook up the UK mobile sector. As you say, the company had only posted profits the year before, of £130 million. I mean, that’s over US$160 million at today’s prices. So, it was hard at the time to understand how the business had gone south quite so quickly. What was the discussion at the time? I mean, was there thought to be any outside interference or was this just one of those things that happens to businesses, that they can topple over quite quickly.

Kelvin Chaffer  04:43

I mean, I think they (Phones4U. Ed) assumed that they would have got the deal with EE and Vodafone. Again, they tried to look after themselves by spinning up Life Mobile which was their own MVNO, which they would then be able to sell contracts for, if the network operators were leaving. But ultimately, their main source of income was the kickbacks that they were getting from selling contracts through these network operators. And again, as soon as that came to an end, the money just wasn’t there for them.

Jeremy Cowan  05:18

Yeah, yeah. I think they’d probably use the term ‘commissions’. The previous and current owners of the accused networks obviously deny the allegations. And even if it’s proven, I think in the case of EE, I doubt if BT who are the current owners would be liable to pay any compensation as they’d surely be indemnified against any previous illegal activity. So, I guess the buck would stop, if it came to it, with the previous owners. We’ll just have to watch this one with interest. And I might call you back, if you wouldn’t mind to come on the podcast if there’s more to report, if this actually turns into a legal action. At the moment, it’s just allegations flying around and being denied.

Kelvin Chaffer  06:06

Indeed. I mean, it’s gonna be very difficult to prove regardless, this sort of thing.

Jeremy Cowan  06:11

Yeah. Well, the story that I wanted to look at was on Mobile World Live and headlined, “Twitter pays $150 million fine to settle probe”. (https://www.mobileworldlive.com/featured-content/top-three/twitter-pays-150m-fine-to-settle-probe )

For anyone who hasn’t seen the story, it’s about the violations of Twitter users’ privacy that were exposed by the US regulator, the FCC, in 2019. Twitter had stored addresses and phone numbers that were supplied by its users for security purposes. And then they had used the same data, by mistake apparently, for advertising. They couldn’t even say later how many phone numbers had been used.

Apart from that, they were obviously completely on top of their data management. It’ll come as a relief, I’m sure, to any billionaires who might be bidding to take over the platform at the moment, but that in itself is a whole ’nother story. Anyway, Twitter paid the fine, but grumbled publicly that it had already addressed the violation. Now I don’t know about you, Kelvin, I’m not sure that tidying up the crime before the police arrive is a particularly valid argument for not being punished. ‘Yes, I did shoot him, officer. But give me some credit for cleaning up the mess before you got here.’ I’m joking about this. But it seems to me that serious security concerns within the comms sector, are increasingly distilled into issues around privacy. And we’ve probably all seen reports that Generation Z are more willing to sell their data than Baby Boomers like me. We’re all right to be concerned that our data has been handled in either a cavalier or cack-handed way. What do you make of the story, Kelvin?

Kelvin Chaffer  07:56

I think it’s really, really sort of worrying that a company the size of Twitter are taking shortcuts on the security side of things. As you suggested there, I think 30% of Generation Z are very trusting with their information. And with that, again, I mean, if it’s being used in the wrong ways, from Marketing, and being resold elsewhere, then we’ve got GDPR rules for a reason.

Jeremy Cowan  08:26

Yeah. And it makes it all the more clear why those GDPR rules are so important for all of us for our protection.

Okay, let’s focus on the situation in Ukraine, which was really the starting point for us getting together. Kelvin, we’re all sadly becoming far too used to seeing the big picture on the invasion of Ukraine. But just for a few minutes, can we examine the impact on telecoms and IoT services? What has Lifecycle learned about it?

Kelvin Chaffer  09:03

Sure, when the crisis in the Ukraine started a lot of the network operators and MVNOs, etc, in the UK, offered free calls, free SMS, free data, as part of their services, to again enable contact, both in and out of the Ukraine. To us, we ended up seeing like a 3,000% increase in the traffic that was coming in and out. And with that comes fraud risks. If something’s given away for free, then people take advantage of that. And there’s lots and lots of different fraud scenarios that come into play where SMSs and voice are being used by bad actors to initiate fraudulent action. Some examples of this, which I think everybody has probably seen over the last couple of years with COVID, etc. is something called smishing. Which is basically where you’re receiving lots and lots of SMSs from people that you don’t know, often trying to get information about you. So, it might be a message from or pretending to be from Amazon or, or someone like that, saying that someone’s trying to log into your account and that you need to click on a link to, to confirm it’s you. And it’s basically a fake website.

With the Ukraine, we have been seeing more along the sort of charity lines of that. So again, people have been spamming out SMSs to as many numbers as they can, because of it all being free, with charity links. The people in Ukraine are desperate aren’t they, and if they’re receiving links which are offering them help be it charity or to get themselves some help, then they’re going to click on those links, and, and put their information in.

Another thing that we have seen is a huge increase in international revenue share numbers. And these are effectively premium rate numbers in the Ukraine. The network operators have opened up all these tools, all these scenarios, which basically when you call these numbers, the fraudster gets a share of the cost of the call to the number or cost of the SMS to the number. What that means, again, is if you buy a lot of SIMs and you send a lot of SMSs or make a lot of calls to these numbers, the owner of that number is getting a portion of it. That can sort of really add up.

Jeremy Cowan  11:52

So how can the industry do more to prevent the frauds that you’re seeing?

Kelvin Chaffer  11:56

I mean, a lot of it is education. One thing with the SMS fraud, I mean, in emails we’re fortunate enough to have like junk mail filters, and stuff like that. So, a lot of the spam that you’re receiving via email is going into the junk mail filter. And by being in your junk mail filter, you’re a lot more aware that it’s probably not good SMS, it just comes straight in. There’s nothing really validating it currently. And people without education or without the knowledge are more likely to click on those links, follow them and add information that is going to help the fraudster to move on to their next sort of actions.

There is a db (database), prison dB, which is holding a lot of the revenue share numbers, which the network operators can sign up to, and can add to their own blacklists. If the network operators have an OCS, again you can add it to a blacklist pot. And any call to those numbers is basically denied at that point, so that they should be doing that. They should be stopping calls and SMSs to those numbers. We have quite a lot of forums in the UK and abroad; TUFF, GSMA, RAG. And these forums should be sharing as much information to stop the fraud going forward.

Jeremy Cowan  13:23

Yeah. So, have you seen any evidence of what was initially predicted as an expected Russian disinformation campaign?

Kelvin Chaffer  13:32

Again, I mean, SIM boxing, which is basically where someone buys a lot of SIMs, and they stick it in a little machine then sends out lots and lots of SMSs or makes lots and lots of voice calls. What we have seen and heard about is the Russians buying lots of these SIMs in the Ukraine, putting them in the SIM box, and then spamming out messages so that it looks like it’s coming from a Ukraine number. And it’s full of the wrong sort of information. It’s telling the people that it’s messaging that the war is not going well, that people have died, etc, etc. It’s trying to demoralise the people that it’s sending the information to. It’s sending the wrong information and then cause problems.

Jeremy Cowan  14:16

Sending it to Ukraine numbers.

Kelvin Chaffer  14:19

Indeed. And again, if it ends up with the troops, and they think that Kyiv has been lost, or whatever, then that’s demoralising.

Jeremy Cowan  14:28

Yeah. So lastly, if anyone listening to the podcast wants to take some positive action, to support ordinary Ukrainians and the businesses they rely on, what can they do? I wanted to mention before I hand over just one Ukraine charity that I’ve seen, which is called One Ukraine. You may be familiar with it, but it’s a charitable platform, built around data to provide humanitarian aid for Ukraine and spearhead scalable infrastructure projects. Do you know about this or any others?

Kelvin Chaffer  15:05

Yeah, I mean, one thing I will say is, again, if you’re receiving SMSs don’t trust it immediately, verify it before doing anything with it. That there are lots of charities out there such as Ukrainian Red Cross, UNICEF, UN Refugee Agency, etc., etc., amongst others that are proper charities and your money’s going to the right places. But if you’re receiving SMSs there is a good chance that it is a smishing attack of some description. So again, please don’t just trust the stuff that you are receiving.

Jeremy Cowan  15:43

Yeah, just for peace of mind, the One Ukraine charity that I mentioned, is a charity registered as a GmbH in Germany, and it’s audited by Ecovis, which is an auditor specialising in charities. So that one is kosher. Yeah, really interesting. Thank you very much for that, Kelvin.

We’ve reached the What The Tech section of the podcast and after such a serious discussion, let’s just take a moment to look at what in the world of tech has, if not amused us, certainly amazed us. Kelvin, you go first, what amazing tech news have you seen?

Kelvin Chaffer  16:21

Okay, Jeremy. One of the stories I saw was based on the Fronton Russian botnet. So, this was identified about a couple of years ago originally as a bot that would take over IoT devices and send out disinformation.

More recently, they’ve identified it’s been enhanced with a dashboard called SANA. And basically, that dashboard allows you to set certain parameters around the sort of disinformation that you’re going to send out. And what it effectively does is it sort of floods social media with fake news. And around that sort of fake news, it can specify how many likes, you’re going to allow each bot to make. And, again, make it very difficult for the likes of Twitter and Facebook to realise that all this information is coming from bots.

And Elon Musk is in the throes of trying to take over Twitter. And one of the big things that he wants to do is stop spam bots. And that’s very difficult when there are bots out there that have taken over devices that are doing distributed denial of service attacks, and have the intelligence to not just spam, but spam in a way that makes it very difficult to identify.

Jeremy Cowan  17:47

Yeah, so it’s not just personal social media accounts. From what I understand it can provide an army of compromised IoT devices for staging DDoS attacks and disinformation campaigns. So, it’s reaching into the IoT as well.

Kelvin Chaffer  18:04

Exactly, it’s taking over devices. And it’s using those devices to send out that disinformation, to sign up for social media accounts, and put stuff in the news that is wrong.

Jeremy Cowan  18:18

Well, we’ll put the link to the Hacker News source of the story into our transcript of the podcast, so people can follow it if they want.
(https://thehackernews.com/2022/05/fronton-russian-iot-botnet-designed-to.html )

What I saw was hinted at was that it might have been used by the Russian security service, the FSB – that’s the successor to the KGB – or possibly by Byelorussia or China. Is there any truth in that, do you know?

Kelvin Chaffer  18:45

There is a good chance that there is truth in it. Some of the stuff that you’ve heard happening in Ukraine with these bots, they’ve been sending out videos with deepfake. We’ve seen examples where videos have been sent again to like Ukrainian troops with deepfakes of (President) Zelenski saying that they were to put down their weapons. Crazy times.

Jeremy Cowan  19:11

It’s amazing. Well, we had a whole episode on deepfakes a couple of episodes ago. So, if anybody wants to see just how much that can be used by bad actors, there’s more on our website (https://trendingtech.io/category/podcast/). Yeah, it’s an extraordinary thing that this is even possible.

The story that I spotted Kelvin, was on a company called ClearView AI, who many of our listeners will be familiar with, and they’ve been in the news a lot lately. In fact, we invited them onto the podcast not so long ago. I’m still waiting for their reply, but maybe they will now. It’s a report on the BBC website, and to be fair on many others, and the BBC story was headlined “ClearView AI fined in UK for illegally storing facial images”. In this case, it was a story about the UK privacy watchdog the Information Commissioner’s Office, which has fined the company £7.5 million, that’s almost $10 million, for gathering facial images from the internet to create a global facial recognition database. Apparently, the ICO has ruled that doing so breaches UK data protection laws. Not only has it fined the firm for the privacy breach, it’s ordered ClearView AI to stop collecting data and using UK residents’ personal data.

As I mentioned earlier, Trending Tech Podcast invited ClearView AI to join us to discuss something else that they’ve been doing which brings us back to the Ukraine topic. According to a report on wired.com a few weeks ago, the company has been collecting facial image data of Russian soldiers killed in Ukraine. I’m sorry that this is all fairly grim. But that’s the nature of this week’s episode, I’m afraid. Using facial recognition software from ClearView AI, on Russian social media platforms, it’s already identified soldiers and even contacted their families to inform them that they died. It’s fairly extraordinary that they’ve been doing that. Does that seem an ethical use of facial recognition to you Kelvin?

Kelvin Chaffer  21:34

Again, I mean, these are sort of really difficult times, aren’t they? Is it ethical? Getting the information back to the families of the troops that have died is something that we should do by collecting the information. And it sort of comes to the point of what data do individuals own now? There’s lots of new technologies coming out the Clearview capturing facial recognition, you’ve got on your iPhone it taking your fingerprint, you’ve got the new sort of VR headsets which is capturing information about how you’re reacting to certain scenarios. There’s so much information that’s being collected that currently probably sits outside of the GDPR piece. What do we really own? Because when we’re signing up to these different websites, most people most of the time don’t read the terms and conditions and you’re effectively signing away your life when that’s happening.

Jeremy Cowan  22:38

Yeah, I think it’s one thing to collect this data, and it’s obviously an incredible technology that enables them to identify the Russian soldiers that have been killed. And whilst one’s understanding that there might be a need to share that with the families, there’s ways of doing that don’t involve phoning people up and breaking the bad news to them in that way. I can’t help thinking that that’s highly insensitive and doesn’t put us any further ahead ethically than the Russians that we are trying to distance ourselves from in their behaviour. So, I for one would like to see a more ethical use of the data rather than turning it into some way of gaining an information advantage over the Kremlin. There’s got to be a better use that benefits the families without scoring points in that way. Otherwise, we’re kind of descending to the Kremlin’s level.

Kelvin Chaffer  23:39

Yep, I agree.

Jeremy Cowan  23:40

I can’t believe it. Time’s up! This has been a packed episode. So let me finish by saying a big thank you to Kelvin Chaffer, COO of Lifecycle Software. It’s been really great to have you here, Kelvin.

Kelvin Chaffer  23:54

Thanks for having me on, Jeremy. It’s been great talking, even if some of the subjects have been a little on the grim side.

Jeremy Cowan  24:01

Indeed. And how can people find you for more information?

Kelvin Chaffer  24:06

Okay, so you can find us on LinkedIn, Lifecycle Software. We’re also on Twitter and Facebook, but I’d look on LinkedIn primarily as that’s where the new news is being dropped the quickest.

Jeremy Cowan  24:19

Brilliant. And thank you too, ladies and gentlemen, for joining us around the world. Of course, you can subscribe to the Trending Tech Podcast wherever you found us today. And yes, I know I’ve said it before, but if you’ve enjoyed the pod, go on, be a star. Give us a top rating and give us a review. Just tell the world how much you’ve enjoyed it. It’s not just to make our Mums happy. It makes a massive difference to our ranking when people are looking for a new podcast to follow. So thank you, if you can.

Until next time, keep safe. Keep checking IoT-Now.com, TheEE.ai and VanillaPlus.com because there you’re gonna find more tech news and interviews. And join us again soon for another Trending Tech Podcast looking at enterprise digital transformation. Bye for now.