The Commsrisk Review of 2018

Father Time is nearing the end of his reign, and a new year will soon be upon us. What did we learn in 2018? These were the highlights, and the lowlights, of a turbulent year.


Research by test call business SIGOS concluded that bypass accounts for 25 percent of interconnect traffic within the European Union. The rise in bypass was blamed on the incentives created by price controls.

The Check Point Mobile Threat Research Report stated that government employees are especially likely to have auto-dialer malware on their work phones.

UK police confiscated GBP3.8mn (USD5.2mn) from a criminal whose gang resold equipment stolen from BT.


Journalists slammed the Malawi Communications Regulatory Authority (Macra) for using their national RA system to spy on customers.

LinkedIn confirmed they are the best friends of plagiarists by encouraging the use of their platform to violate the copyright of a telco’s revenue assurance documents.


Network security specialists AdaptiveMobile announced they had demonstrably detected attacks performed using the Diameter signaling protocol.

Six market-leading vendors joined forces to fund the activities of the Risk & Assurance Group (RAG).

There were major changes at RAFM vendors with Vinod Kumar appointed as CEO of Subex, whilst private equity investors purchased Cartesian for just USD3.8mn.


Research by Merve Şahin and Aurélien Francillon of EURECOM showed that the UK’s Do Not Call register, known as the Telephone Preference Service (TPS), is used by fraudsters as a source of numbers to dial.

Former TM Forum RA team leader Rene Felber announced the results of another RA survey, but the figures suggested not much had changed since the previous survey.

There was conflict between the US nonprofit Internet Corporation for Assigned Names and Numbers (ICANN) and the authorities that enforce the European Union’s General Data Protection Regulation (GDPR). The clash signaled the EU’s determination to impose rules on the global internet.

A record audience at the RAG London conference witnessed the launch of the RAG Learning online education program and the release of the first RAG Revenue and Cost Risk Catalog.


The USA chose to adopt the SHAKEN/STIR digital signature framework to prevent spoofing of call identifiers. This followed a record USD120mn fine for a Florida businessman who falsified caller IDs for almost 100 million robocalls during a three-month period.

In response to a regulatory consultation, a wide range of experts highlighted the fraud and confusion caused by the UK regulator’s decision to place personal numbers beginning 070 alongside mobile numbers beginning 07.

Ghana’s government announced yet another hyper-expensive contract for the auditing of national telecoms revenues. A prominent critic of the expenditure told the police that he had received death threats.

A bug in the systems of US data aggregator LocationSmart caused them to leak location data for users of the major American mobile networks.

Subex announced the results of another disappointing year, with sales down by 9 percent.


FIFA threatened to take legal action to punish Saudi pirates streaming World Cup games, but without the help of the Saudi government there was little they could do to stop the continuing pattern of infringement by rebel internet and satellite broadcaster beoutQ.

Uganda sought to reduce crime by banning prepaid scratch cards.

The worldwide increase in CLI spoofing was further emphasized by the Chinese Embassy in London warning that their number had also been spoofed by fraudsters.

US mobile networks tightened the supply of personal information after Senator Ron Wyden complained about inadequate vetting of companies purchasing location data.


A distributor of Vodafone SIM cards was arrested for stealing biometric data from the Indian national Aadhaar database in order to generate commission from bogus sales.

There were public protests after Uganda implemented its national RA system and imposed taxes on mobile money and social media.

Rocco ranked Acision, Araxxe, Mobius and SIGOS as the best firms for detecting simboxes.

The UK entity which reviews Huawei technology to identify matters of relevance to national security reported on several ‘risks’ for the first time since its work began.

Warnings from around the world suggested there was more wangiri fraud than ever before.


The hack of Reddit, one of the world’s most popular websites, was blamed on using SMS for two-factor authentication.

Security engineer Martin Viggo demonstrated software that allows him to cheaply and efficiently hack the voicemail of other users, and then take control of their other services, like PayPal and WhatsApp.

Vodafone UK promised to automatically block wangiri calls, as well as recompensing customers who return calls to any wangiri numbers which are still connected.

Entrepreneur Michael Terpin instigated a USD224mn suit against AT&T after criminals performed a SIM swap to steal USD24mn from his cryptocurrency accounts.

The UK regulator rejected demands to fix the problems with the 070 number range that lead to widespread fraud. It further decided it was not worth pursuing targeted enforcement against the small number of fraudsters who most abuse this range.

The ‘biggest event in internet history’ prompted massive and blatant piracy via Amazon’s Twitch service, but a Google-funded survey found that internet piracy has fallen.


Safaricom CEO Bob Collymore announced his telco would use biometrics and temporary suspensions of mobile money to combat SIM swap fraud.

The Indian government pressured WhatsApp to take away the privacy of customers after a series of murders was blamed on false rumors spread using the messaging service.


The GSMA launched a new index designed to encourage a positive regulatory environment for mobile money.

Qatar escalated its World Trade Organization (WTO) dispute with Saudi Arabia over the continued operation of the pirate beoutQ television service.

The new Ghanian national telecoms RA audit went live.


The nonprofit Flowminder institute released free open source software for analysis of CDRs. Their goal is to encourage telcos to provide better intelligence about user movements when there is a natural disaster or outbreak of disease.

US authorities were reported to be openly lobbying allied countries not to purchase Huawei 5G technology because of the supposed risk it poses to national security.

A pop-up on the home page of YouTube lobbied users about EU plans to make upload filters mandatory.

The US regulator stepped up its campaign against robocalling and caller ID spoofing by writing to telcos and asking them to set deadlines for the implementation of SHAKEN/STIR.

An undercover investigation of SIM swaps by the BBC seemed designed to create customer panic out of proportion with the scale of issues it identified. Meanwhile, the UK regulator added to its growing list of fines for overcharging telcos by imposing multi-million pound penalties on both Virgin Media and EE.

Mobileum purchased Evolved Intelligence in a deal that shows they believe telcos will invest in improving the security of signaling.


The EU published its first ever watchlist covering internet piracy. The inclusion of Cloudflare, the US content delivery network, continued the pattern of increased European hostility to American organizations that dominate the operation of the internet.

Frost & Sullivan’s announcement that WeDo needs only a 15 percent share to be the leader of the RAFM market was troubling evidence of market stagnation.

LATRO offered a free animated geographic map of simbox users to any telco willing to send them the relevant data.

And Next Year?

There were some trends that will please telecoms professionals, and others that will cause concern. All the evidence suggested a widening division between those who are actively preparing for the future and those who are clinging to declining revenue streams. Read tomorrow’s post to see my predictions for 2019.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.