Robocall attack on real estate agent illustrates need for STIR and SHAKEN
Kim France, a real estate agent in Hilton Head, was recently harassed by 700 robocalls a day for five days. As a real estate agent, France relies on her phone, and has to often answer calls from unknown numbers. But when she went to bed one night, she didn't realize she would wake up to a robocall nightmare.
After about eight hours of sleep, France woke to discover she had missed 225 calls. The calls continued and the call volume got worse. She contacted an attorney, the police, Verizon, and the technology site, Ars Technica.
She reached out to the website three days into the ordeal writing "my phone started ringing three days ago and has continued to ring every few minutes since then. Each time it is from a different number… I can’t conduct a client call, can’t text because calls coming in interrupt the process, can’t even take photos for the same reason." After five days of being inundated by a constant stream of calls that left voicemails with fax-like sounds, the calls stopped and haven't returned.
The website reached out to a few companies specializing in preventing robocalls for consumers and it appeared to them that this was a targeted attack that wanted to only disrupt and harass, not make any money. The perpetrator of this crime utilized caller ID spoofing, the practice of hiding the true originating number from the receiver of the call. They also concluded this was most likely a DDoS attack and that France just had the wrong phone number at the wrong time.
It illustrates, however, how large and pervasive a problem robocalls are when it's easy for a developer/criminal to disrupt a business like France's so quickly and efficiently, while leaving the consumer and police helpless to do anything about it. Most in the industry are familiar with caller ID spoofing and the problem it is causing for consumers and businesses everywhere.
STIR and SHAKEN are the technologies developed to put an end to caller ID spoofing. The first phase of stopping spoofed robocalls is authenticating the calls with STIR/SHAKEN. STIR “defines a digital signature to verify the calling number and specifies how it will be transported in SIP.” This information is used by telephone service providers to verify the call’s authenticity. SHAKEN is a framework to implement the protocols produced by STIR. Using STIR/SHAKEN, the call is authenticated by the calling party’s service provider that digitally signs the calling number.
These technologies most certainly would have helped prevent the five-day attack on France. She is surprised, however, that attacks like these can go unchecked and that there is not a viable solution yet. “I just feel like there has got to be something that could be done to protect consumers from this type of crime. Being told that no one can do anything for me was the most shocking part to my story.”