Battling Robocallers – Round 3

by Alan Percy, Senior Director of Product Marketing

This last month, a telemarketing firm hawking health insurance was fined $82 million for their role in 21 million illegal unsolicited robocalls.  Are the legal consequences enough to put an end to the nuisance calls?

As reported by the Washington Post, the Federal Communications Commission imposed an $82 million fine against a telemarketer who made more than 21 million unsolicited calls to consumers to try to sell health insurance and generate leads.

Despite this stiff penalty against one firm, the phones of Americans continue to ring with offers of bogus credit card protection offers, free vacations and fake IRS scams.

A root of the problem is the ease at which bulk phone calls can be made with spoofed caller-ID information, tricking unsuspecting victims to answer call they think are from friends or neighbors.  While there are legitimate reasons to substitute caller-ID information (Doctors office reminders, school notifications, etc) fraudulent abuse continues to be an industry-wide problem.

Meanwhile, progress is being made in the standards bodies with further refinement of the STIR/SHAKEN framework that will allow service providers to “certify” that the originating caller and communications service provider owns the rights to the calling number.

In August, the ATIS and SIP Forum announced the release of two key specifications needed to standardize the user experience and APIs needed for implementation of SHAKEN.  The first specification Technical Report on a Framework for Display of Verified Caller ID (ATIS-1000081) defines a standard user experience for calls from known callers, likely SPAM callers, suspect and potential fraudulent callers with color icons and information on screen-based devices.  The second specification Technical Report on SHAKEN API for a Centralized Signing and Signature Validation Server provides a proposed RESTful API for the implementation of the SHAKEN specification

This next couple weeks will see two industry speaking sessions addressing the issues, including:

Battling Robocallers – a Tutorial on STIR/SHAKEN presented by yours truly at Astricon in Orlando on Tuesday, October 9th at 10:00 AM

Comprehensive Approach to Illegal Robocalls presented by Eric Burger, CTO at the Federal Communications Commission at the Illinois Institute of Technology Real-Time Communications Conference on Tuesday October 16th at 9:00 AM

Later in December, the SIPNOC event has a dedicated Robocall Summit track specifically addressing the problem, including a number of industry thought leaders.

However, questions do remain on the timeframe and motivation of the service provider community as to when they plan to implement any or all of the recommendations, giving consumers a break from the fraudulent robocallers.

 

FreeSBC takes to the Cloud on AWS

by Alan D. Percy, Senior Director of Product Marketing

As a greater range of communications applications are migrating to the cloud, there is a greater need for affordable cloud-hosted session border controller network services.   To answer this need, TelcoBridges recently announced that the company’s FreeSBC session border controller software is now available on Amazon Web Services.   Offering feature-rich services comparable to native bare-metal installations and virtualized platforms, the AWS Amazon Machine Image (AMI), provides core network security, interoperability and media services for service providers and enterprises.

Across the industry, cloud-based communications is on a steady growth trend.  As application architects piece together their solutions using cloud-bases services, it makes sense to have an affordable SBC to provide security, interoperability and media services.

Greg Collins at Exact Ventures forecasts that by 2022 nearly 75% of all session border controller shipments will be cloud-based

Luc Morissette, Director of Customer Support at TelcoBridges will be joining me for a live webinar on Tuesday, September 25th to deliver an overview of the new FreeSBC on AWS offer, covering the capabilities, limitations and demonstrating the activation process.

During the webinar we explain the three distinct offerings, including:

  1. FreeSBC on AWS as a fully hosted offering – making testing and evaluation much easier for prospective customers, allowing evaluation without dedicating a VM or hardware servers.
  2. FreeSBC PRO-edition – offered as an Amazon Machine Image (AMI) with all the PRO-edition features and standard support for $1/session/year
  3. FreeSBC free-edition – offered as an Amazon Machine Image (AMI) without support

The session will wrap up by putting a spotlight on the many use cases, showing how hosted contact centers, hosted Unified Communications and traditional telephony services will benefit from cloud-based FreeSBC.

Register for the live event today at:  https://www2.telcobridges.com/FreeSBConAWS

For more information on FreeSBC, visit www.freesbc.com

Battling Robocallers – Round 2

By Alan Percy, Senior Director of Product Marketing, TelcoBridges

The battle to tame fraudulent robocalling made some significant advancements this week as the SIP Forum released two new technical reports.

If you’ve been following along, you know that fraudulent robocalling and caller-ID spoofing have become the tools-of-the-trade for criminals trying to trick unsuspecting victims into their scams.   (By now you’ve come to realize that you can’t trust the caller-ID on your phone.) The FCC and the CRTC have put deadlines in front of the carriers, requiring implementation of secure caller-ID technologies to prevent spoofing of caller-ID.

To address these requirements, the ATIS and SIP Forum announced this week the release of two key specifications needed to standardize the user experience and APIs needed for implementation of SHAKEN.


The first specification Technical Report on a Framework for Display of Verified Caller ID (ATIS-1000081) defines a standard user experience for calls from known callers, likely SPAM callers, suspect and potential fraudulent callers with color icons and information on screen-based devices.   The specification details the user experience study that went into the graphical images, providing data on real-world user responses and behaviors to the information displayed.

The second specification Technical Report on SHAKEN API for a Centralized Signing and Signature Validation Server provides a proposed RESTful API for the implementation of the SHAKEN specification, used to authenticate and verify caller-ID for network-based calls.  This recommendation is an alternative to the SIP-based mechanism as specified in the SHAKEN recommendations, as is currently used by a number of vendors, including TransNexus and TelcoBridges.

“These two new resources are critical to helping service providers implement SHAKEN,” said ATIS President and CEO Susan Miller. “They are products of ATIS’ continued collaboration with the SIP Forum and are instrumental to industry efforts to address the robocalling problem and maintain consumer trust in the voice network.”

“The SIP Forum is committed to working together with ATIS to continue to develop the operational documents for the SHAKEN Framework, and these two new reports provide important additional guidelines and details essential to the successful deployment of the SHAKEN standard,” said SIP Forum Chairman Richard Shockey.

In addition to the above announcement, we’ve made significant progress with TransNexus on their SHAKEN fraud prevention framework, recently posted detailed configuration notes on how to configure both FreeSBC and TransNexus OSPrey server and completed our bench testing milestones.

Looking ahead and demonstrating the level of interest on the topic, a dedicated track and session on Robocalling is scheduled for SIPNOC 2018.

To learn more about STIR/SHAKEN, view the recording of our Battling Robocallers webinar and/or sign-up for one of the TransNexus Discover SHAKEN events.

NEW: FreeSBC Case Study – Marcatel

FreeSBC’s small footprint is making great strides in the call center world on COTS servers and service virtualization switches as a Virtualized Network Function (VNF). We’ve just published a case study detailing this type of deployment of FreeSBC in a high-capacity SIP-trunking network run by Mexican telecommunications provider Marcatel. Of particular interest is how FreeSBC intelligently manages call requests capping call traffic before entering Marcatel’s network. Read more about it in our case study here.

CommCon 2018 – The Open-Source Community Comes Together

By Alan Percy, Senior Director of Product Marketing, TelcoBridges

Imagine as your taxi is pulling into the driveway of a conference center and as you get closer, it appears there are badge-wearing conference attendees chasing ducks around the front lawn. The first thought goes through your head is “am I at the right place?”  And the answer is, yes, you are…

A few years ago, I had the fortune to met Dan Jenkins, a young software developer by trade who is deeply engaged in the open-source developer community. Dan and I first met at some of the hack-a-thon events where he was helping contestants build voice and video applications with the APIs he had built for WebRTC. During our first meeting, Dan was like many of the people that participate in hack-a-thons: pretty quiet and very knowledgeable about their craft.

Image my surprise when last year Dan kicked off CommCon, a new conference focused on the open-source developer community. Billed as “a conference done right”, my first thought was “was that the same Dan?” Yes, it is the same Dan!

Back to the ducks. Like many conferences, breaking the ice between attendees and doing some team building is an important part of a successful event. Being held in the English countryside, what better activity to break the ice than lessons on duck herding with a team of border collies. Under the guidance of “Bob the duck whisperer”, a group of the attendees soon learned how to use calls to get the dogs to go left, right, stop and start. In teams of three, we all had an opportunity to work together with the dogs to guide the ducks through a series of posts and back to their pen. Other team-building events gave teams an opportunity to try archery, Segway navigation, falconry and try a bounce in a Zorb.

Like Bob, Dan herded his 50+ attendees through an incredible week of technical learning, workshops, networking and team-building events in a stellar setting. During his opening keynote, Dan challenged the attendees: “Don’t be a Knob” – meaning you should treat others as you would like to be treated.  (A simple rule  –I may get it made into a bumper sticker) With this tight-knit group all under one roof, and many of whom complete with similar solutions, there are plenty of opportunities for friction. I had plenty of opportunities to meet and talk with nearly everyone else – building some great new relationships and share what TelcoBridges had to offer the open-source community.

The week wasn’t all fun and games, there was plenty of time to learn from the other attendees during the technical presentations (which can be viewed here). Three days of jam-packed presentations on two tracks, one focused on VoIP while the other focused on WebRTC. The VoIP track featured presentations on Asterisk, FreeSWITCH, Kamailio, OpenSIPS, Kubernetes and more.

The key take-away from the event is a fresh appreciation for the inter-twined and inter-connected nature of the various network elements needed to build a service provider solution. Call switching from here, media services from there, network diagnostics from somewhere else. All supported on a volunteer basis. It left me wondering – is this the right way to manage a revenue-producing network? Frankly, some simplification and tight technology alignments would help significantly.

Daniel-Constantin Shares Kamailio

I came away from the event better educated, with a host of new contacts and a new appreciation for the open-source community.

Tip of the week: “Come bye” makes the dog go clockwise and “Away” makes the dog go counter-clockwise.  Just don’t forget to stop the dog in-between commands with a “Lie down”.

 

Battling Robocaller Fraud – Top 5 Questions

By Alan D. Percy, Senior Director of Product Marketing, TelcoBridges

Last week we hosted a webinar with our Alliance Partner TransNexus, titled “Battling Robocaller Fraud – an Introduction to STIR/SHAKEN”.  As we expected, the topic was wildly popular with a larger than normal audience attending the live event and a long list of great questions during the Q/A.

As noted by Jim Dalton, CEO of TransNexus at the start of the session, automatic dialers with pre-programmed IVR scripts (aka Robocallers) do have valid applications (reminder calls from medical offices, bill pay reminders, school closures, reverse 911…)  But they are increasingly being used as part of elaborate fraud schemes, bilking victims and stealing their identities.  As noted by the Treasury Inspector General for Tax Administration (TIGTA), over 10,000 victims have collectively paid over $54 million because of phone scams since October 2013.  And that’s just the crime that was reported.

What is STIR/SHAKEN?

In a nut-shell, STIR/SHAKEN is a framework that adds an encrypted identity certificate to the header of a SIP INVITE (the message that initiates the call), proving that the originator has permission to use the associated caller-ID.

Once the call makes its way through the various IP-based wholesale operators, the terminating operator can use a public key to examine the certificate and verify that the caller-ID is intact and rightfully being used by the originator. Calls with a valid certificate will pass to the recipient unimpeded and with the associated caller-ID, knowing it is valid.  If a call arrives without a valid certificate, the terminating operator may flag the call as possible SPAM, send the call to a Captcha-like screening application or block the call altogether.

With literally billions of unwanted robocalls being made every month, they have become the largest source of complaints to the FCC, a very popular topic for a webinar and a great source of questions.

Here’s the Top 5 questions (and answers) from the “Battling Robocaller Fraud” webinar:

#1 How will stir/shaken affect class 4 telephony?

Answer: Implementing STIR/SHAKEN only impacts the originating and terminating carriers.  The intermediary carriers (class 4) must pass the SIP identity headers without modification.

#2: Sounds great, but it depends entirely on the originating TSP to provide genuine authentication.  What guarantees do we have this will be done by all originating TSPs, especially cellular carriers?  What about calls that originate outside the US?

Answer:  As the terminating service providers begin to flag calls without certificates as potential SPAM, or begin screening calls, the originators (both domestic and foreign) will have a strong incentive to add certificates to their calls.  One of the beauties of STIR/SHAKEN is that the originators of bogus calls can be quickly found and dealt with by the regulators, making enforcement pretty easy.

#3: Does STIR/SHAKEN work only on the PSTN using SS7?  What about OTT calls?

Answer: STIR/SHAKEN depends on IP infrastructure and the certificate is lost when handing a call over to a legacy TDM network.  However, calls without a certificate can be flagged in the caller-ID by adding/substituting text in the caller-ID fields.   Other applications like Skype SIP trunks could pass this information too.

#4: Does the size of the SIP packet require carriers to use TCP instead of UDP?

Answer: No, the identity certificates do fit within a SIP/UDP INVITE packet.  However, there is a trend to consider SIP/TCP to handle traffic in the future.

#5: What role does TelcoBridges FreeSBC or Tmedia Gateways play?

Answer: When a call is originated, either the SBC or gateway passes the INVITE to the Authentication Server, which returns a signed SIP token to the SBC/gateway before passing the call to the network.

There were many more great questions (22 in all!) – take a listen to the recorded webinar, available now in the FreeSBC Video Library

More insight into STIR/SHAKEN can be found in an Understanding STIR/SHAKEN article by TransNexus article

Interested in integrating STIR/SHAKEN into your network?  Request a consultation at the Discover SHAKEN workshop from TransNexus.

Caller-ID Spoofing – No, That’s Not Your Neighbor Calling

By Alan Percy, Senior Director of Product Marketing, TelcoBridges

The phone rings and the number looks familiar, just a few digits off from your own.  You wonder if a neighbor or possibly your child’s school calling, so you answer only to hear “Congratulations, you’ve been selected for a three night vacation package”   You’ve been tricked into answering by a Robocaller, using caller-ID spoofing.  Continue reading Caller-ID Spoofing – No, That’s Not Your Neighbor Calling

Fraud and Robocalls – More Than an Annoyance

By Alan Percy, Senior Director of Product Marketing, TelcoBridges

This last week, the NY Times Tara Siegel Bernard published an article explaining the trends of Robo calls and their scams are surging.  With the International Telecommunications Week (ITW) conference this week in Chicago, Tara’s timing couldn’t have been any better.

Continue reading Fraud and Robocalls – More Than an Annoyance

TelcoBridges and Jerasoft – Connecting at ITW 2018

by Alan Percy, Senior Director of Product Marketing

Leading communication service providers depend on cloud-based and virtualized software to deliver services to their customers.  Like building blocks in a building foundation, communications software products fit together, creating an inter-locking base for reliable and profitable services. During the upcoming ITW event in Chicago (May 6-9th), CSPs have an opportunity to see the latest innovations in software solutions and learn how the various communications system building blocks fit together.

Continue reading TelcoBridges and Jerasoft – Connecting at ITW 2018

Building a Virtualized Session Border Controller

By Alan Percy, Senior Director of Product Marketing

Over my career, I’ve been through plenty of software installation processes – some were of my own doing, others from open source or commercial products. Almost all of them are like watching a Rube Goldberg machine where an intricate sequence of interdependent steps occurs before your eyes. This week, I saw something very different.


Rube Goldberg Machine

Continue reading Building a Virtualized Session Border Controller