Scammers Using Internet Phone Service For The Deaf
Sep. 25, 2005 11:29 PM
Have you ever wondered how deaf people make a phone call? How they chat with a friend, order a pizza--or get hold of 911? At one time they had to find a hearing friend who could make the call for them, translating their sign language or written notes into speech for the person on the other end. Then came teletype (TTY) terminals, which allowed them to type their half of a conversation, while an operator served as the intermediary.
But for the past few years the Internet has been making the process cheaper, faster and easier. Using a system known as IP Relay
, which is offered by ATT, MCI, Sprint and others, deaf people--and people with speech impediments--can connect via any web-ready computer, PDA or phone. A trained operator is still required, but it's a huge improvement to be able to call from just about anywhere, as opposed to those few places where a TTY terminal might be found.
There's just one problem: The system is under attack by scammers and pranksters, causing trouble for the people it's designed to help, and costing American businesses and phone customers millions of dollars. It turns out that IP Relay provides a convenient way for its abusers to hide their identities, and it lets them make free long distance calls to boot.
Some IP Relay operators say they now spend much or most of their day unwillingly facilitating scam and prank calls coming in over the net. The scams usually involve purchases with fake or stolen credit cards or checks, and seem mostly to originate in Nigeria or other West African countries. They're easy to spot because of non-idiomatic use of English and sloppy use of common relay abbreviations. One frustrated operator has taken to using an excerpt from one of these calls as a sig:
NEED SHIP TO MOTHER LESS HOME CAN GIVE ADDRESS GAGA
That's from a call purportedly from an orphanage, or "mother less home". The repeated "GA" is the abbreviation for "Go Ahead", as in "It's your turn to speak."
An operator who goes by the alias "Clear-Conscience" told me about some of the scam purchase attempts to which he's been a reluctant party:
"Pharmaceuticals, especially Centrum Silver... a lot of copies of My Life by Bill Clinton for some reason... guns, guitars, sex toys.... [and] lately one of the more disturbing trends is they're ordering puppies, in bulk."
Scammers hope to make money by reselling the merchandise. In some cases they offer "payment" for more than the asking price, with a request for the mark to send them the balance as a refund (an example of the 419 fraud
, which is commonly committed via email and is named after the section of the Nigerian legal code that outlaws it).
When these frauds succeed, there are multiple victims. The vendor, of course, is out the value of the merchandise. A bank may be on the hook for a bad check it cleared. The operator has to live with knowing he or she assisted a crime, however unwillingly (and with little choice, as we'll see). Legitimate relay callers may find that the system is busy because of all the bogus traffic, or they may get hung up on by businesses that have been burned before (although it's illegal for a business to refuse to serve a deaf caller). And ultimately all Americans phone customers pay. That's because IP Relay service is paid for by the Telecommunications Relay Service (TRS) Fund, which is supplied by a levy on phone bills.
Abuse of IP Relay has probably cost Americans many millions of dollars so far. There has been a surge in billed relay minutes since 2003, such that the TRS Fund's administrator, the National Exchange Carrier Association
(NECA), recommended a 43% funding increase to $413.3 million for the current fiscal year. That sum is used to cover other kinds of relay calls as well, such as Video Relay for users of sign language, but it appears likely that much of the extra traffic is illegitimate. According to Lisa Markkula, the founder of a site called StopRelayAbuse.com
and herself a former relay operator, some operators estimate that between 25 and 80 per cent of the calls they handle on a given day are scams or pranks.
While scam calls appear largely to originate overseas, prank calls often come from Americans, especially adolescent males, and including fans and associates of Howard Stern. Pranksters will often use IP Relay
to phone a friend in the same room with them, and then make the operator repeat explicit, homophobic or racist comments, as in the following, taken from a transcript stored at StopRelayAbuse.com
HEY DANTE. I"M USING IP RELAY BUT THIS GIRL IS A *****. THE OPERATOR. I THINK SHE IS ADDICTED TO SEX TOO. I BET SHE WANTS TO F*** MY HUGE D***...
Howard Stern plays recordings of prank Relay calls on his show. This is from a summary of the June 20, 2005 episode
(see "Stuck In Your Head?"):
"...[Howard] then played a new prank call featuring Sal and Richard's newest favorite discovery--the Internet Relay Operator. In this call, the guys used recorded clips of [KKK member and frequent Stern guest] Daniel Carver, which you can imagine were a bit racy, but the operator kept up with them..."
But no matter how obvious it is that a call is illegitimate, a relay operator is usually not allowed to do anything about it. Throughout the call, he or she is supposed to act as an entirely neutral presence, like just another switch or wire in the circuit. That's because IP Relay is intended to provide "functional equivalence", as laid out in FCC regulations mandated by the Americans with Disabilities Act. That means that making a phone call should be as convenient--and as private--for someone with a disability as it is for those without. Operators are therefore forbidden to take any role in a phone call beyond facilitating it.
This works well for legitimate users, who want to know they can trust operators simply to relay their words accurately. But some operators find it unbearable to stay in their machine-like role no matter what they have to repeat. A group of them are so angry about having to participate in fraudulent or prank calls that they have become online vigilantes. On a web forum called Nigerian Scams Using IP Relay
, relay operators trade tips about how to stop or even bust the scammers, even though such efforts are disallowed by their employers and by federal law. As one Nigerian Scams poster puts it:
"I never signed on for this, none of us did... I am exposing as many fraud calls as I can, I will continue to do my job to put an end to every one that comes through my computer, I will process all regular calls as they are meant to be, but every IP relay call is suspect in my book... I know that what I am doing and what all us are doing is far more valuable than sitting by and doing nothing..."
Posters on Nigerian Scams use aliases for fear of losing their jobs. "Clear-Conscience", one of the site's founders, contributes this tip among many others:
"Got a call that I wasn't sure about then found out it had to do with a flight to you-know-where. Didn't have a whole lot of information from the call...at least not enough to make a decent report. So, I got on relay and called the sugar mamma back. She thought I was the perp the whole time and gave me all the information I asked for. Reported to the credit card company and the airline... In the last week, my reports have saved well over 10,000 dollars in fraudulent activity..."
"Sugar mamma" refers to a US-based intermediary helping an overseas perpetrator. According to operators--as well as the FBI--some of these accomplices are recruited through online dating services, where scammers troll the chat rooms. Often the accomplices are themselves dupes, unaware that they are assisting in fraud.
Do The Companies Care?
Many IP Relay operators posting on Nigerian Scams
criticize their employers for not doing enough to control abusive IP Relay calls. Some charge that the relay providers have an interest in keeping call volume high, since they are paid about $1.31 out of the Telecommunications Relay Service Fund for each minute of call time. According to Clear-Conscience:
"They want them to continue... A supervisor told me that if we hang up on scam calls, we're hanging up on money. Another supervisor said he has morals too, but he doesn't wear them on his sleeve."
Clear-Conscience works for MCI, but operators for other relay providers make similar accusations. They say providers don't do enough to block calls from foreign IP addresses (relay calls are required to originate from the US), don't do enough to warn the general public, and are overly harsh with operators who try to call attention to illegitimate calls--including summarily firing those who interfere with such calls.
The relay companies, though, say such complaints are ill-informed.
For a start, says MCI spokesperson Natasha Haubold, providers can't simply choose to ignore the law: "Federal law prohibits [operators] from interfering with a call in any way... It's like a phone tap--when you and I are having a phone conversation, there isn't a third party listening. So they have to act as if they're not there. If they didn't, it would be like an unauthorized phone tap"
Haubold says the legal prohibition on interference extends even to flagging calls that appear suspicious, since that would put the operator in the role of an active eavesdropper; complaints must come from affected parties, such as businesses that have been paid with an invalid credit card. But, she says, MCI's response to such complaints is aggressive: "MCI will take immediate corrective action and notify the authorities if necessary. We will identify IP addresses and block them if they have been used in a fraudulent way." Haubold says MCI engineers have been able to cut the incidence of unwanted relay calls to a low percentage of the daily total.
Those comments are echoed by spokespeople for ATT and Sprint. Sprint's Debra Peterson describes the complaints of the relay operators as anecdotal, and adds that they are hard to assess, since many of the operators who complain are anonymous (posters on Nigerian Scams use pseudonyms for fear of being fired). She says Sprint tries to warn businesses to be on guard, but prefers not to publicize the risk more widely, as that might encourage even more scammers and pranksters. Sprint sent a tip sheet to businesses last year; the Illinois Pharmacists Association stores a PDF copy here
, and see "Sprint's Tips", below. The FCC also has issued advisories, such as this PDF
In response to the charge that relay providers like the revenue they reap from abusive calls, Peterson says that "any sort of fraud really hurts a valuable service", and points out that in the context of Sprint's annual revenues (nearly $27 billion last year), the income from IP Relay "is not something that would make or break" the company.
's Lisa Markkula is unsatisfied by these explanations. She charges that the release of business advisories and the blocking of IP addresses are both ineffectual. She points out that many if not most people are still unaware of the risk and that it's all too easy to use free or cheap IP-masking software. Markkula features a chart
on her web site showing the rapid rise in relay minutes and linking it to what she roughly estimates as $25 to $40 million dollars spent on bogus relay calls in a recent six month period. She speculates (though with limited evidence) that some of that money may be going to terrorists:
"Early on, Internet Relay was flooded with calls to Pakistan, a well-known hub of terrorist activity. Eventually this problem was solved when Internet Relay providers stopped placing calls to numbers outside the U.S. and its territories. In his book Blood from Stones, The Secret Financial Network of Terror, author and former West Africa bureau chief for The Washington Post Douglas Farah describes petty scams similar to those run through Relay."
From Sprint's "Tip Sheet For Businesses Using Internet Relay
"Businesses should taken caution when they receive the following types of requests through a relay call to prevent from becoming a potential victim of this type of scam:
What Can Be Done?
- The caller wants products fast ("can you ship it today?")
- Multiple units ordered and asked for in "pieces" (1000 t-shirts is "1000 pieces")
- Lack of knowledge of the product
- Lack of questions about the product
- Not concerned about price
- Poor grammar or spelling is used
- Uses American names in reverse (last name as first, first as last)
- Repeatedly calls via Relay to rush the order
- Refuses to wire money directly to you
- Often poses as a religious or charitable organization"
Efforts to fight IP Relay
abuse are complicated by the open, networked nature of the system, and by the diverging interests of the people involved.
In response to complaints from fraud victims, the FBI has begun tracking the problem, and has had some success in pursuing scammers all the way to Nigeria. Last year, 17 people were arrested in Lagos by a team led by agent Dale Miskell of the FBI's Internet Crime Complaint Center
(IC3). Miskell's team inspected courier packages in Lagos, emailing IC3 about any that looked suspicious: "By morning I'd have an e-mail back with a list of the ones suspected of fraud. Then, we'd pay a visit to the addressee. A Nigerian officer would pose as a parcel company driver and would make the delivery and subsequent arrest, with several Nigerian officers and I in my Suburban as backup."
The FBI also helped investigate a bizarre case
in which a scientist specializing in technology to assist the deaf admitted to charging the federal Telecommunications Relay Service (TRS) Fund for bogus calls in order to fund his research. Ranaan Lieberman and his then company Publix agreed to return the nearly $8 million they had received from the TRS Fund while operating a teletype (TTY) based relay call center in 1999 and 2001.
The IC3 is interested in hearing reports of IP Relay fraud; complaints can be filed here
. However, given that the abuse is widespread and decentralized, it seems unlikely that enforcement alone will be able to stamp it out, any more than it has been able to stop email fraud.
Lisa Markkula of StopRelayAbuse.com
argues that there is a simple safeguard against bogus relay callers: Register the genuine ones. "Legitimate relay users would submit a letter from a licensed health care professional saying they need the service," she says. "After verification, they would then be issued a username and password to log on to the Internet Relay websites."
But that solution becomes less simple when you run it by people who are in fact deaf, hard of hearing or speech-impaired. Many of them hate the idea of registration.
"Do you have a registration number as a hearing person?" asks Erin Casler, a spokeswoman for Telecommunications for the Deaf, Inc
., a non-profit advocacy group. Speaking via Video Relay (in which an operator translates sign language to and from speech), Casler says, "In order to have equal access, we shouldn't have to have [a number]."
In answer to that objection, Markkula points out that handicapped people are required to register for their parking placards. Casler, though, maintains there is a difference. Communication, she says, is "a fundamental right", and registration would be an invasion of privacy, which would violate the functional equivalence requirement of the Americans with Disabilities Act. Casler also objects to interventions by operators because of privacy concerns, saying legitimate users will worry that operators are listening to and judging everything they say.
Some relay users recommend switching to Video Relay Service, as Casler has. Since it requires the use of sign language, VRS presents a tall barrier to entry to bogus users. And as, Casler points out, "It's a smoother communication. I don't have to say GA [Go Ahead] or SK [Stop Keying]." But VRS costs the TRS Fund significantly more per minute, and not all legitimate relay users know sign language.
It may be that the best hope is public education. Even here there is some resistance. "If you write something, then it gives people ideas, like the copycat effect after a movie comes out," says Sprint's Debra Peterson.
But the current popularity of relay abuse may actually be an argument for the effectiveness of awareness. Nigerian email scams, for example, are now so well known that they are the object of widespread ridicule
, with thousands of web sites exploring the topic. The scammers' move to IP Relay could be seen as a forced adaptation, like a virus mutating in response to a somewhat successful treatment. So, as with attacks on other information systems, information may be the best available vaccine.