RIP and children (It's all Ross Anderson's Fault)

Richard D G Cox Richard.Cox at mandarin.org
Tue, 19 Mar 2002 11:48:32 GMT 

On Mon, 18 Mar 2002 17:07:18 +0000, Ken Brown <k.brown@ccs.bbk.ac.uk> wrote:
> phone this number to find out who"). The number, I guess (we didn't call it),
> being a premium-rate line presumably of "adult" content.

Probably NOT Adult content - unless the number began 0909.  Perhaps you
would like to mail it to me off-list so that I can keep track of them.
In any event you also ought to complain to ICSTIS if it's 090-anything.

> It constitutes a denial of service attack on SMS (because there can only
> be 5 messages stored at once

True, but ALSO an offence under the Telecomms Act as "persistently sends ..."
nuisance messages.  Report this one to your local police, please, and point
out that it is a criminal offence which they have a duty to investigate and
report for prosecution.  If there is reluctance to deal, please let me know.

> Apparently there is no header info in SMS (I don't know the protocol)

Oh, there is ... lots ... but most users don't get to see it ...

> so I can't see what is going to stop the spammers.

The law, which is unusually clear on this point, is all there is.

> so far we haven't been able to get in touch with the suppliers.

Write to them, and fax it as well.  Contact me off list for numbers etc.

> Their service phone number has a huge menu of voicemail options, at least
> 4 deep, that she gave up in boredom after about 10 minutes

Yup, classic demand suppression ... just like the NHS!

> And I wonder how much money they get for selling numbers to spammers?

They probably don't, for no better reason than if we could show that they
do this on an identifiable basis, then there will obviously be an offence
under the Data Protection Act.  But it's easier for spammers to get the
list of active number blocks from oftel.gov.uk: start each block at 000000,
continue to 999999, then next block ...

And in practice that does't happen either.  It's more likely that the number
was given when she signed up for *something* (may not be directly related)
or was maliciously signed up by someone else (just like with e-mail spam).
The rule nowadays is to keep your mobile number private and perhaps have
several throwaway prepay SIMs to cope with this sort of thing.

To investigate this we'd need to know who else got the same messages and
what numbers, if any they appear to come from.  It's also worth pointing
out that some SMS messages can now come "Reverse Charge" which creates a
whole new fraud arena ...

-- 
Richard D G Cox <Richard.Cox@mandarin.org>
Penarth, UK: 029 2031 1111