So, this is a crime right? Why isn't there a well known '911' for cybercrime to report things like this to and get help? Society needs to catch up with the actual dangers out there and build support networks for this ASAP. This is organized crime and needs organized defense to deal with it.
Unfortunately most evil cybercriminals know the "one weird trick" of "do your crimes in countries that don't care about the crimes"
I see several comments like this implying nothing can be done. But that is far from the truth. First, an agency that actually answered the phone could coordinate directly with LinkedIn and other tech companies to quickly take down these fake accounts and minimize harm to others. We all know how incredibly hard it is to contact a tech company. Second, an agency that answers the phone could help less technical people find what may have been compromised and push people towards support services if needed. And finally, maybe, they could do the hard job of combining leads and working with appropriate agencies to maybe find and prevent these things over time.
> But that is far from the truth
Just install a Russian locale on your computer to prevent malicious programs even starting and get on with your day because it's the truth.
Snowden is a free man in 2026 despite the United States of America very much wanting to put him in jail.
Taking things down doesn't help much unless the platform has something in place to make it hard to recreate them.
>they could do the hard job of combining leads and working with appropriate agencies to maybe find and prevent these things over time
At least in the U.S., everyone will cry government overreach and no one will fund it. In other countries, they should probably just ban U.S. platforms unless they're reachable and actually resolve these type of problems.
> just ban U.S. platforms
Try that and see your champagne exports be tarriffed with 100% in no time.
china seems to be doing fine. what are you gonna do, tariff the country that makes all your stuff? 100% tariff on iphones and macbooks?
Won't that require laws that allow the said agency to compel LinkedIn or whatever tech company to actually pay attention and take action? Like laws compelling tech companies to unlock the bootloader once they stop supporting a device.
I wonder why such common sense laws don't exist and who is preventing them from being introduced and passed despite wide public support in general?
I'm not a lawyer but it would be odd if a government agency couldn't communicate a possible threat to a tech company. It is in a company like LinkedIn's best interest to set up a phone number/channels for a centralized agency to communicate potentially malicious accounts and other emerging threats. I suspect that actually already exists for big companies. I doubt they are required to -do- anything without laws but this seems like a win that is easy for all sides. The problem is likely mostly on the US (and other govt) side of things. No clearly defined agency with a clear mandate, resources and leadership to take on this task.
You're describing the FBI or your state level equivalent. And they actually do exactly what you are describing, but in measured efforts. I've even had them come by my place of employment before. They clearly lack the resources to work at this scale though.
The problem with a phone number you suggest is that it will get spammed and abused with fraudulent imposters too (the complete and utter destruction of trust in phone calls and text messages should also be corrected by the government, but that's a different topic).
https://www.fbi.gov/investigate/cyber
Sounds like socializing the harms instead of requiring these companies to bear the burden themselves. Could still be a valid approach but I'm afraid it will make them take less responsibility, not more.
whilst reducing crime is an honorable objective, as we all know, increasing the wealth of tech billionaires must take priority.
Won't that just create another channel for social engineering to delete a victim's account?
Something I've always wondered, because I'm a bit of a contrarian and I wonder if we're really any different: Could an American citizen hack and steal from Iranians and Russians with impunity from America? The issues that prevent the US from extraditing Russians who hack us -- don't they work both ways?
Legally speaking, no - it would still be a criminal offence.
Practically speaking, there is zero chance that the USA would extradite someone to Iran, even if they weren't currently at war with them. Whether they did anything about it would probably depend on exactly what the situation was - there's a big of difference between targeted IRGC or defence systems and ransomwaring an Iranian hospital or scamming random citizens.
Where they'd probably get you is if you tried to monetise it, and get stolen/extorted cryptocurrencies (or whatever) into your bank account. But that could easily fall under tax evasion laws rather than computer misuse ones, because they'd be a lot easier to prove in court.
What would happen if you honestly listed your earnings on your tax forms?
It would be very dependent on the exact circumstances - who made a complaint, what exactly they're accusing you of, what evidence there is, how high profile it is, the current diplomatic position (which changes by the hour), etc, etc. I don't think you can really get a simple answer for this kind of question.
As far as I know it has never happened. On the contrary, when Alejandro Caceres admitted to ddosing North Korea - taking down all their public websites for a week - he was questioned by the FBI who decided to take no further action.
https://www.wired.com/story/p4x-north-korea-internet-hacker-...
So hostile countries should be fair game for Americans who want a side-hustle. Plenty of Russian targets that could be profitable.
Cut the cables
https://www.ic3.gov
You won't hear back from them, though. But, at least for US citizens (and possibly for anyone?), this is as far as I know the closest thing there is to an "Internet 911".
> You won't hear back from them
You might. (I have.) They were able to get a wire sent to a fraudster reversed. (Not my wire.)
In the Netherlands there's an official government agency that allows a simple mail or report: https://www.ncsc.nl/en/report-an-incident-to-ncsc-nl
I presume more countries have this, not sure about the US though (CISA maybe? CERT/CC?). CERT is the overarching org that manages local agencies like this Dutch NCSC. Though I am not sure if and how easy it is, globally, to report incidents.
To put it bluntly and perhaps a bit cynically, on the tree of bad things that people do to other people, this is pretty high-hanging fruit. Right up there next to scam phone calls that prey on the elderly while claiming to be from Microsoft support.
It's basically impossible to catch suspects because they are either smart enough to cover their tracks very well, or (more often) live in countries whose governments don't care about their citizens (even pay them for) scamming westerners.
Hard disagree on the scam phone calls. It would be trivial to eradicate them almost completely if the phone operators did the bare minimum to fight against it. At any point in time, any given US phone number is handled by exactly one phone carrier. There is nothing stopping that carrier from requiring name and address to issue that phone number. They already do for 99.99% of their legitimate customers. It would be very easy to make it so that every single phone call originating from the US, including all VOIP calls made with US phone numbers, can be traced back to a specific business or person that can later be sued or prosecuted.
And no, number spoofing isn't an excuse either. We literally solved the much harder problem of email spoofing already. There are, what, 3 carrier networks in all of US? And they cannot do with each other what DMARC did for the hundreds of thousands disjoint organizations that comprise the internet? Please.
Number spoofing is not a solved problem because some carriers, which appear legitimate in all other respects, make a business out of routing your traffic over TDM trunks that don't support caller ID verification, and will claim it's extremely expensive to upgrade these to VOIP.
Fuck 'em? That's not a insurmountable problem in the slightest. Google or Apple could probably solve this problem themselves by simply not ringing the phone for any call that doesn't meet ID verification.
The behavior of the phone network is set by government regulation. If you refuse to service allowable calls, you are heavily fined or kicked off the network. The government has to update the rules.
I tried to find these rules yesterday (for another comment chain) but couldn't. As far as I could tell, nothing stops the carrier from silently dropping a likely scam call without receiver's knowledge or consent. Do you know which specific regulations would prohibit that?
I'd be 100% happy to block those carriers from calling me. Their users should just get a message that calling my number is not supported and they should try calling me from another device.
Not allowed. The same government rules that stop Google from refusing calls from Apple devices also stop them from refusing calls from whoever is doing this. The government would have to update the rules. They could mandate number verification for all calls, even those passing over TDM trunks, and make it the network's problem to figure out how to do that. The rules currently say that all calls which don't pass through legacy equipment must have verified numbers, so there's a market for making calls take stupid legacy routes on purpose.
>It would be trivial to eradicate them almost completely
Absolutely true, but droning their data centers might have some policy repercussions.
A majority of people would enthusiastically support drone strikes on scam callers and their infrastructure.
Wasn’t that sort of the premise of The Beekeeper?
You are not wrong. They don't do this because they make money from the scammers.
I have posted about this before. See here: https://news.ycombinator.com/item?id=35191971
Yeah 100%. It's criminal that this is not already done.
KYC just for a phone number opens the door for societal ostracization and essentially blacklisting of people from infrastructure. This is on par with being unable to open a bank account if the capability is matured. I'd advise that you think long and hard about the consequences of this system being applied against you maliciously before signing on the dotted line.
There already are laws that would prevent the exact thing you're talking about. A requirement to provide name and address would change absolutely nothing. And if legal protections are not enough for you then what are we even talking about? Your phone carrier could disable all your lines this instant with a few clicks if they wanted to; the technical capability is already there. They also have your name and address from listening to phone calls and triangulating cell towers - though realistically they didn't need to do it because you already gave them your details knowingly and willingly as part of starting the service, didn't you?
I'd advise that you think long and hard about the consequences of the current system before saying the alternative is worse.
> KYC just for a phone number opens the door for societal ostracization and essentially blacklisting of people from infrastructure.
We have that in Europe and the world has not fallen apart. On top of that, we don't have even close to the scale of problems with scammers that the US has. I won't deny we don't have scammers because we absolutely have them, but they are far from the scourge they are in the US.
> This is on par with being unable to open a bank account if the capability is matured.
The secret is... we have constitutionally protected rights. Unless you do not pay your bills, your phone line will not get disconnected. And same for bank accounts - every European has the right to a basic banking account, even if you are a target of foreign sanctions [1].
[1] https://www.tagesschau.de/ausland/europa/konto-eugh-usa-sank...
I'm in the US, I have two 20-year old phone numbers and 1 cell number, none ring through with span or scams.
I wonder why that is? I dont give the numbers out. That's why. Whenever a store says "do you gave a number with us" I say I don't have a cell phone. If they can plainly see I do have a cellphone, I add, "for that."
The second part is shopping at stores that dont tie prices to your having given them a number.
I always wondered why US cannot pressure India to crack down on those scammers? They use phone network, it should not be difficult to find them. Some youtubers even hack into their computers and extract all the info. US probably has a leverage here, they could simply ban Indian companies from working with US if they don't cooperate.
US was so angry about "unfair" tariffs why are they not angry about criminals stealing from Americans?
Saw Microsoft has a dedicated scam reporting page - guess it was damaging their brand https://reportfraud.microsoft.com/en-us
Wonder if they’re effective in going after reports. I’d still report to IC3/FBI/powers that be, too. Just in case someone somewhere has the resources to do something… perhaps a high hope
I get more calls from Google Security than any other thing. Oddly the Pixel's built in scam detection and call screening lets them through without fail. I normally don't have my phone even ring unless it's in my contacts, but saying you are calling from Google is like a magic code.
They must have whitelisted the word Google. Very useful to scammers.
the main issue is that we lack a global '911'.
secondary is the effort asymmetry between spinning up one of these scams (near 0 effort) and catching/prosecuting these scams (big effort, astronomical cost)
> main issue is that we lack a global '911'
406 MHz is pretty close [1]. If you have a radio that screams on that channel, chances are the nearest search-and-rescue operation will at least be notified.
[1] https://www.sarsat.noaa.gov/emergency-406-beacons/
> the main issue is that we lack a global '911'.
911 is for emergencies. I don’t think the global 911 service would give any attention to a LinkedIn scam.
i used the same terminology as the parent, and i think we all know what is meant by it
what about the outcome asymmetry between spinning up one of these scams (get one guy's computer) and getting caught (jail for life)
you arent getting jail for life for this, even in the extremely remote chance you are caught. you are probably getting more than one guy's computer, though.
I’m sure they’ve gotten more than one hot wallet from out of work crypto bros. Probably a profitable venture.
I don’t know but the us kidnaps ehhh arrests people on foreign land on a regular basis… and brings them to the US to stand trial. So if it’s “important” enough it will be aced upon…
There is but the FBI is horrible at responding to cybercrime. They have IC3 but its basically useless. They arent going to help or even contact you if you report a crime to them.
The amount of crime in the world -that requires arguably "low skill" time to resolve- that just gets filed away because of low resources is insane. How are forces going to stand up high skill task forces for these kinds of things?
The scammers are in a different whole uncooperative country.
Or they may be in this country, but uses proxies, virtual machines, hostings from uncooperative country.
Less likely and when they are usually they're immigrants and if they're investigated they just go back home.
Yes. But the perps are in North Korea.
[flagged]
> simply for being one of the last communist countries
Well, that plus their 50 nuclear warheads and continued ICBM development, amongst other things.
I read the other day they are making quite a turnaround in GDP by selling munitions to our enemies.
We have what, 2500 of them, and we threaten them with them... Wouldn't you? Iran deserves them too.
Yes and we want them to have zero. What do you not understanding about this?
Try calling 911 for a real world crime and see what it gets you.
Have you seen the state of *gestures at everything*
You mean organized crime like NSO Group? Sorry, governments all over the world are too busy using them to spy on opposition to care.
yes this is a crime.
Cool let's hear your solution, you seem well versed on how infosec works.