Constructing a Hive Mind for Fraud

Humans have long solved problems by copying nature. Velcro was invented by examining the burrs of the burdock plant, LED bulbs were made brighter by replicating the anatomy of fireflies, and the Wright Brothers learned how to control planes by watching birds move the ends of their wings during flight. So what might bees teach us about fighting telecoms thieves? Much like a telco network, a hive regularly comes under attack from raiders: wasps that try to steal the bees’ honey. A single bee would not be able to prevent a wasp from flying into the hive, gorging itself, and then leaving with a full belly. Bees only succeed in defending their honey because they work together, releasing pheromones that draw reinforcements whenever a wasp tries to get inside. A lone bee would inevitably be circumvented by a persistent wasp but a large enough team of bees can successfully block the wasp from entering the hive whilst allowing other bees to come and go as usual. Though there are many bees who busily perform different tasks, they win because they behave as if they have a single hive mind. Could we develop a hive mind for fighting telecoms fraud?

This is the definition of “hive mind” per Merriam-Webster:

hive mind

noun

1 : the collective mental activity expressed in the complex, coordinated behavior of a colony of social insects (such as bees or ants) regarded as comparable to a single mind controlling the behavior of an individual organism

2 : the collective thoughts, ideas, and opinions of a group of people (such as Internet users) regarded as functioning together as a single mind

We know that fraudsters keep evolving, and that telcos need to keep progressing to avoid being overrun by them. We also know that fraudsters pick upon the weakest, systematically exploiting them to generate profits they might reinvest in new ways to commit crime. But unlike a hive, a telco’s network is not a discrete entity. All our hives are connected. A phone call that originates on one network may terminate on many other networks. This is a key enabler of many frauds. Per our analogy, a wasp that flies into an undefended hive may then steal honey from any of the hives it is connected to. That is why telcos need a hive mind even more than bees do. Bees patrol the entrance points to their hive, and react as a group when a wasp approaches. A telecoms hive mind should do the same, denying criminals access to every network, by systematically eliminating all unguarded points of entry.

What is needed to construct a mind? There are many answers to that question, but if we keep our analogy simple then we need three essential elements:

  • Input, or senses: A mind can only develop if there are eyes to see, ears to hear, or other sources of data about the world.
  • Storage, or memory: we cannot learn how to think without first being able to remember. The ability to recall and compare experiences is fundamental to identifying recurring patterns.
  • Calculation, or decision-making: The mind is realized by making meaningful choices and then acting upon them.

The weakest telcos have none of these essentials for fraud management. More specifically, they lack the mechanisms to identify fraud or are run by people who do not care about crime. However, most reputable telcos have at least some robust mechanisms to identify fraud, even if they may be incomplete. Fraud monitoring provides the first component needed to develop a hive mind for fraud management. Telcos that are successfully identifying fraud usually also have the second element, the memory, as most commonly reflected by the alarms and case histories maintained by their fraud management system. However, none of these separate memories are joined to each other.

There have been various initiatives that sought to connect the memories of different telcos, usually by asking telcos to voluntarily add information to a shared database. However, these have mostly failed. The effort required to upload data is considered too much of a burden by most telcos. We know that the sum total of knowledge captured by all the telco fraud management systems is far greater than the information that telcos share in practice, and we also know that the transfer of information can be be slow, expensive, incomplete and unreliable. So whilst telcos do make decisions based on the information they have, we have never developed the common memory needed to take efficient collective action to stop fraud at its source. An heroic effort may sometimes put a criminal gang out of business, but usually the fraudsters return like indefatigable wasps that continue to buzz around us, ignoring our futile attempts to shoo them away.

To develop the hive mind hence requires the connection of every memory of every telco. In other words, we need to connect all fraud management systems to each other, or otherwise make it so easy for telcos to share their existing intelligence that they have no reason not to. This would also be the crucial first step towards collective action. If no telcos share data, then every telco has an excuse not to share data. But if the cost of sharing data was approximately zero, and most telcos agreed to share data, then what would excuse the minority of telcos that refused? The emergence of a collective movement would encourage other forces in society – governments, regulators and consumers – to put pressure on telcos that resisted collaboration. The more that we have a collective map that shows the flow of fraudulent calls from one network to network, the better we will identify the origins of those calls, and the more suspicion will fall upon those networks that choose to remain opaque.

Evolution works because many cumulative improvements each deliver a small additional advantage, not because somebody plans to execute a grand design. Good intentions and hard work are not enough to realize the hive mind. Every step towards the hive mind must be taken because it benefits the people taking it. That is why the initial connection of fraud management systems will be seen as a way to better anticipate future attacks and to improve reaction times when they occur. If your normal process for identifying fraud involves allowing 10 fraudulent calls to take place on your network, and hence identifying the fraudster’s pattern of activity, it follows that you may be able to streamline your reaction time if you knew 10 fraudulent calls had just occurred on a competitor’s network. This will provide the initial incentive for information sharing, but it need not be the end goal. The final objective would be complete end-to-end visibility of fraud, because all telcos automatically share all pertinent data in real time. When that happens, we will be able to do far more than simply inhibiting the flight of wasps from one hive to another. We can stop their attacks at source, and seek to eradicate each wasp nest.

As ambitious as I am, it would be foolish to try to roll-out the hive mind model for every kind of fraud at once. But if demonstrable progress can be made for one common type of fraud, that will encourage the adoption of the hive mind model for other types as well. And all of this explains why my nonprofit association, the Risk & Assurance Group (RAG) has prioritized the expansion of the RAG Wangiri Blockchain, a consortium of telcos and vendors that are using blockchain technology to share intelligence about wangiri fraud. All reputable telcos are welcome to join the consortium, and access will be free if they reliably upload wangiri data. Many will find that the exchange of data can occur at the press of a button because the suppliers of their anti-fraud systems have integrated them with the blockchain.

The wangiri blockchain will first be treated as a kind of early-warning system, making telcos aware of wangiri calls on other networks. But as wholesale and retail telcos all share what they know about wangiri, we will start to build up a much more comprehensive view of the flow of wangiri calls across networks. This will help telcos to understand the relative strengths and weaknesses of their own monitoring programs. It will also help us to extend the visibility of wangiri fraud so that we get closer and closer to the origin of wangiri in near to real time. This will be attained through a series of evolutionary improvements, such as adding new telcos to the consortium, integrating more anti-fraud products, and refining the data that is shared. Such an evolution can succeed where a revolutionary new mechanism would fail because of inertia. We can deliver a hive mind for fraud in real practice.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.