Phone scammers lured in with ‘honeypot’ scheme set up by Abu Dhabi researchers
ABU DHABI // Abu Dhabi researchers are luring telephone scammers into virtual traps called honeypots to catch them in the act.
The honeypots are part of the Phone Genome Project, an initiative set up between New York University Abu Dhabi and Georgia Institute of Technology in the US to learn more about phone scams and other unwanted calls to enhance security in telephony.
The honeypot is a server which contains numbers that are not being used by anyone else and therefore tend to attract callers dialling random numbers in what would often be unwanted calls.
The project will help researchers to collect data providing insights into attackers’ motivations, how they make money from the attacks and how they exploit people, said Payas Gupta, post-doctoral fellow at NYUAD’s Centre for Interdisciplinary Studies in Security and Privacy.
“In the future, smartphone-like devices will influence how we connect with others and information sources with voice and data,” said Dr Gupta, 28, from Jaipur in India.
“The research in the UAE will allow us to defend the voice and data channels that will be critical for our social [and] professional lives in the future.”
Honeypots have long been used in cyber security to detect web-based scams using IP addresses. But this project marks the first time that what researchers at the centre are calling “phoneypots”, have been created. They can be used to analyse and record call data or even allow a researcher to interact with callers.
The centre has led an effort to set up the honeypots in the US, Canada, France, China and Singapore, as well as the UAE, monitoring more than half a million phone numbers.
The project comes at a time when new technologies allow scammers to converge telephone and internet systems and come up with new ways to attack users.
“Criminals are exploiting the telephony channel to craft an increasing variety of attacks,” said Dr Gupta.
The goal is to give users more leverage in deciding when to take a call, said Taha Sencar, the centre’s local director. A result could be a smartphone app that helps users to determine if the number is used by a scammer, similar to how Google uses user feedback to determine whether an email is junk mail.
Telephone scams and spam may be a bigger issue in countries such as the US, but the honeypot data would also benefit the UAE, Mr Sencar said.
“All this phone spam is becoming more relevant all over the place ... but the UAE is also becoming affected,” he said. “I think at some point the UAE will also have some benefits out of this as well.”
Call data from the UAE has not yet been analysed since some data is inconsistent as a result of the project’s move to the Saadiyat campus, but Dr Gupta said he hoped to start getting better data next month.
But so far, other countries’ data that Dr Gupta has analysed have revealed early insights, the telephone honeypots have generated interest from cyber-security organisations.
“Early experiences with these honeypots indicate the value they could offer in understanding and combatting telephony abuse,” Dr Gupta said.
One scam caller, for example, has a “massive call volume” of nearly a million calls a month, while call logs have also informed researchers about calls from debt collectors, telemarketers and telephony denial-of-service, which aim to disable an organisation’s voice services.
In Canada, the researchers found a lot of scams using numbers similar to the receivers’. The person sees the number and thinks that he or she may know the caller – but it’s actually a pre-recorded message from an automated source.
“People pick up those calls and they think, ‘OK, this is someone near by my area,’ and these are robocalls,” Dr Gupta said.
“This kind of thing is happening more and more.”
Updated: October 4, 2014 04:00 AM