Gongol.com Archives: February 2022

Brian Gongol

February 1, 2022

Threats and Hazards Can't you do any better than this?

It seems odd that telephone companies are, on one hand, rolling out 5G network service and promising a whole new world of speedy data, while remaining utterly incapable of handling the epidemic of spoofed numbers on the other. The expansion of 5G service represents a triumph of technology -- one that resulted in a protracted dispute with the airline industry, because of the possibility that those electronic signals could interfere with the radio altimeters that tell airplanes how high they are above the ground. ■ Taking additional safety precautions over 5G may not have been strictly necessary: European telecommunications companies seem to have avoided aviation hazards through some collaboration with the aviation regulators there, and some of the European precautions may have been sufficient to protect aviation in the United States, too. But nobody wants to be the bureaucrat or the corporate executive who let an airliner crash. Thus, we have lots of inter-agency and partisan finger-pointing, but the end result is that safety concerns have prevailed. ■ Yet for all the safety-related concern that has gone into 5G regulation, why hasn't the problem of spoofing been treated as a similar safety issue? ■ It may seem that the main problems of spoofed numbers come from general nuisance or from the risk that calls originating from false numbers are a source of fraud. Indeed, spoofed numbers cause both, and the Federal Trade Commission has much to say about the problem and extent of phone scams. ■ But faked numbers are a very real security and safety problem, too. "Swatting", or placing an emergency call to police from a fraudulent or spoofed source, puts innocent people in real danger of finding themselves on the receiving end of an abrupt and potentially intense or even dangerous visit from police. ■ Spoofing is also a tool useful to some of those who would circulate rumors of school or workplace violence, including bomb threats. At least 14 HBCUs were targeted with bomb threats on the first day of February. It's too early for the public to have learned whether any particular threat involved spoofing or not, but it's virtually certain that the perpetrators tried to cover their tracks with spoofed numbers. ■ The criminals may have been domestic terrorists (and even a false bomb threat is likely to qualify as an act of terrorism). They may have been foreign, too -- and it should be plainly evident that bad actors abroad can see the weakness in our system and perceive how they might gain from stoking fear and division among Americans. It is known that malevolent forces in Russia have tried to instigate racial hostilities within the United States in very recent memory, and creating problems for HBCUs on the first day of Black History Month would be an unsurprising move on their part. ■ Fundamentally, the scope of the incident -- again, more than a dozen institutions were targeted -- is enough to demonstrate that real harm and disruption to security and safety can be facilitated through telephone calls. It's likely the HBCU threats were coordinated, and virtually certain that they were communicated using tools to evade detection. ■ Telecommunications companies have a civic (if not a legal) duty to take those security problems as seriously as the potential risks that 5G signals pose to aircraft. It's insufficient for phone companies to offer advice like "Don't answer calls from unknown numbers" and "Don't bother tracing spoofers". A perfect system may be beyond reach, but the status quo is entirely inadequate. Spoofing isn't just an inconvenience, it's a danger.

@briangongolbot on Twitter