I understand it might provide helpful information, but from the sound of
it these carriers were punished for keeping the traffic up as they were
instructed to do. No one at the ITG or large carrier took responsibility
for advising the carrier to keep the traffic up so either the right hand
didn't know what the left hand is doing or there's some funny business
going on. I'd say document the calls as much as possible and then turn
them down. Better to not let it go through than to keep passing it and
open yourselves up for retaliatory actions. You can always remove the
block once the investigators get involved, and help them at that point
but when you do nothing to stop it then it makes you look guilty even if
you were just trying to help.
MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111
On 2021-05-26 02:50 PM, Mark Lindsey wrote:
Good tips, Mary Lou!
Do you think there's potentially any good intentions behind the advice
to leave the traffic up?
In the cybersecurity space, authorities will say that if your network
has been compromised, you shouldn't immediately shutdown the hacked
systems. For example, just this past September, this Joint
Cybersecurity Advisory (AA20-245A) from the US and a few other
governments...
https://us-cert.cisa.gov/sites/default/files/publications/AA20-245A-Joint_CSA-Technical_Approaches_to_Uncovering_Malicious_Activity_508.pdf
_Under actions to avoid: _
_"Mitigating the affected systems before responders can protect and
recover data _
_ - This can cause the loss of volatile data such as memory and
other host-based artifacts._
_ - The adversary may notice and change their tactics, techniques,
and procedures."_
Mark R Lindsey, SMTS | +1-229-316-0013 | m...@ecg.co |
https://ecg.co/lindsey/
On May 26, 2021, at 3:38 PM, Mary Lou Carey
<mary...@backuptelecom.com> wrote:
I just heard through the grapevine that several companies have been
shut down and/or threatened with the confiscation of their equipment
for passing Robocall traffic. The companies that this happened to
all claimed someone contacted them and told them to keep the
TN/traffic up so they could help catch the offenders. Unfortunately,
whoever is advising carriers to keep the traffic up is not on the up
and up. The ITG and large carriers came in and shut them down
because they continued to pass traffic that was identified as
robocalls.
If someone contacts your company about a trace back and advises you
to keep the TNs / traffic up, DO NOT LEAVE IT UP! Document
everything and turn down the Robocall traffic as soon as possible!
Then send both the ITG and large carrier involved the account number
and CDRs for the calls in question.
Be safe out there.....it's getting crazy!
MARY LOU CAREY
BackUP Telecom Consulting
Office: 615-791-9969
Cell: 615-796-1111
_______________________________________________
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
