Oz Blog News Commentary

Disruptive Robocalling

June 21, 2016 - 06:59 -- Admin

Three months ago, I wrote up a worst case scenario for how the US could end up in a civil war this fall.  Unfortunately, nothing has changed.  The conditions that make the scenario possible are still valid.  

In fact, in one way it has gotten worse:  one of the theoretical methods of disruption that I featured in the scenario was recently used in the real world.  In my scenario, robocalling was used to shut down polling places to skew election results and plunge the US into chaos:

Robocalls pour in to police departments and polling places in heavily (Rep or Dem) polling locations with bomb/terrorist threats. Widespread poll closures occur. Calls continue until late.

This speculation became reality last month when threatening robocalls were used to shut down dozens of schools in at least 21 U.S. states: Colorado, Delaware, Florida, Illinois, Iowa, Maine, Massachusetts, Minnesota, Montana, New Hampshire, North Dakota, Maryland, New York, Oregon, Rhode Island, South Dakota, Utah, Vermont, Washington, Wisconsin and Wyoming. As many as 10 schools received the threats in some states.  Further, in the UK, several schools received a 90-second recorded call from a voice with an American accent promising that "shrapnel" would "take children's the heads off," according to multiple news reports.

Robocalling threat

This was the first time we've ever seen a nation-wide/international use of this technique.  It's also likely we'll see it again since:

  • it works,
  • there isn't a clearing house for threats of this type,
  • responders/bureaucrats are extremely risk averse (even more so since Orlando and San Bernardino), and (most importantly)
  • the US phone system is easy to hack.  

Let's expand on that last point.  The reason the US phone system is easy to hack is due to the pervasive influence of the US direct marketing and collections (bad debt) industry.  These industries lobby hard at the state level to ensure full hackable access to the system.  However, this means it's easy for attackers to exploit the system to do real harm.  

Here's an example:  It's possible to dynamically change the caller ID used on every call you make.  This means an attacker can insert fake caller IDs such as "FBI" , "Atlanta Police" etc. to make their calls seem more credible and increase the disruptive impact.


John Robb 

PS:  bots will make it possible to automate terrorism....