You do not need to wear a cape to be a hero. Heroes within the communications sector often sit behind desks and type at keyboards, much like Clark Kent, although they never wear their underpants over their tights. Governments, law enforcement and the public are usually incapable of distinguishing between the heroes and the villains because they dress alike, and real villains never make the mistake of monologuing about their plans for world domination. Some villains use marketing to make themselves appear heroic; genuine heroes are often overlooked. That is why Commsrisk is different to other sources of information about the risks faced by the comms industry and its customers, and why one article per year is devoted to praising individuals that did something which demonstrates they are special. These were my heroes of 2024.
- For Leadership: Johannes Vallesverd of the Norwegian Communications Authority and His Peers at GIRAF
- For Digging Deeper and Sharing More: Cathal Mc Daid and His Colleagues at Enea
- For Fighting on Behalf of Other Fraud Managers: Morgan Ramsey of Vodafone
- For Protecting the Public from SMS Blasters: Pepijn Kok and His Colleagues at AIS
- For Persistence: Stephen Ornadel, Chair of the GSMA’s Global Title Leasing Task Force
- For One Sentence When It Mattered: Elena Alexi of Ofcom
- For Restoring Some Faith: The Children of Granbury Middle School, Texas
For Leadership: Johannes Vallesverd of the Norwegian Communications Authority and His Peers at GIRAF
The Global Informal Regulatory Antifraud Forum (GIRAF) is the best hope for worldwide coordination of fraud prevention in the communications sector. GIRAF was launched this year, and has many obstacles to overcome. However, great change must begin somewhere, and it usually begins with people who are willing to invest their time before there is any guarantee of success. There are other prominent individuals who were instrumental in the creation of GIRAF, such as Philippe Millet of the i3Forum, but the greatest bravery was exhibited by the regulators who committed to GIRAF whilst others waited to see what would happen. I am not privy to the discussions that occur within GIRAF, but sources confirm my impression that Johannes Vallesverd of the Norwegian Communications Authority (Nkom) has played a vital role in the formation of GIRAF. Nkom volunteered to be the first chair of this new international body for regulators. If GIRAF succeeds then all regulators will want credit, but it will be worth remembering who stepped up first.
For Digging Deeper and Sharing More: Cathal Mc Daid and His Colleagues at Enea
Not everybody who seeks the status of an expert does the hard work involved in discovering facts; even fewer gift the fruits of their labor to others. This causes problems when the objective is security. We all claim to want a unified front against hackers and crooks, but a lot rests on the shoulders of the individuals who investigate vulnerabilities and exploits, and who then take the time to explain their complicated findings so others will understand what action they need to take. Cathal Mc Daid and his co-workers at Enea have long impressed me with their detailed research into the methods used to subvert communications networks. The dedication shown when circulating this research is equally impressive. Cathal began this year with a thorough analysis of the techniques used to monitor the movements of opposing soldiers in Ukraine; you can read Location Tracking on the Battlefield by clicking here. I expect Cathal’s report will be considered seminal before long. It provides important insights into the development of hybrid tactics for warfare, and some of those tactics will become threats in civilian life too.
For Fighting on Behalf of Other Fraud Managers: Morgan Ramsey of Vodafone
Morgan Ramsey should not really qualify as an unsung hero. He gets invited to speak at a plethora of industry events by virtue of leading the anti-fraud efforts of Vodafone Group, and because he has served as the Deputy Chair of the GSMA’s Fraud and Security Group for almost three years. More than anybody else, Morgan is asked to endorse the potential real-world benefits of various new security systems and initiatives. However, Morgan deserves this shout-out because of something he keeps doing which receives less attention than it deserves. He uses his position to keep emphasizing the importance of the people who have specialized in fraud management.
One of the worst mistakes is to throw lots of money at solutions which rely upon technology whilst pinching pennies when hiring, training and promoting people. New technology often underwhelms because the wrong managers made ill-informed decisions about how to tackle crime. Decades of low pay and low respect for fraud managers have contributed to the current crisis with consumer scams. Corporate attitudes have begun to change because of the public’s anger over scams but inadequate reporting lines means the topic can be hijacked by managers who never previously cared about fighting crime. Trying to stop crime by taking the advice of people with only a transient interest in the subject results in costly mistakes, as demonstrated by the failure of STIR/SHAKEN in the USA. Executives and regulators should not be dazzled by tangential expertise. Network engineers, wholesale product managers and public policy wonks each have roles to play in the domain of consumer protection, but anti-crime initiatives should be led by professionals who watch what criminals do, learn from the experience, and thus develop the instincts to anticipate what criminals will do next. Morgan is one of those people, and he strives to boost the status of like-minded professionals, irrespective of who employs them. That is an objective worthy of more praise.
For Protecting the Public from SMS Blasters: Pepijn Kok and His Colleagues at AIS
Pepijn Kok is the CISO of Thai operator AIS, and earlier this year he briefed me about the methods they use to determine the location of SMS blasters. These portable radio devices mimic base stations in order to transmit scam messages to any mobile phone within range. They have often been found in East Asian countries, but that is because they are looking for them, whilst most other countries are not. I cannot share what I learned from Pepijn, but it was impressive. The effectiveness of their techniques was proven several months later when the driver of a vehicle carrying an SMS blaster was arrested just three days after he began circulating Bangkok. An untold number of people have been spared harm because AIS worked with the police to rapidly locate a moving radio device that is not even connected to AIS’ network.
Pepijn expressed his willingness to responsibly share what he knows about SMS blasters with fellow professionals, but he would not expect his employers at AIS to bear the cost of flying him to meetings just so other nations can copy the example set in Thailand. Who will have the wisdom to learn from the leading experts in East Asia? Or will 2025 continue to see telcos and national authorities paying insufficient attention to the risk posed by SMS blasters because they do not want to learn from the best?
For Persistence: Stephen Ornadel, Chair of the GSMA’s Global Title Leasing Task Force
The response to the GSMA’s Global Title Leasing Code of Conduct has been near-universal indifference, even though the abuse of Global Title is:
- a threat to the privacy of every mobile phone user everywhere;
- an enabler of SMS spam; and
- a proven factor in the murder of a journalist.
Despite all this, not a single business is a signatory to the code, which was published in March 2023. Only three telcos have affirmed their support of the code, the most that can be offered by telcos which do not lease Global Titles anyway. Stephen Ornadel, the editor of the code, is widely respected and has plenty of admirers. There were 276 likes when Stephen shared the news that he had received a GSMA FASG Key Contributor award for his work on tackling the abuse of Global Title. But what good is 276 likes on social media if there are zero signatures on the dotted line?
I am one of the most stubborn men working in the domain of risk management for comms providers. That is not hyperbole; an objective measure would place me at the extreme end of any chart. So it is a compliment when I observe that Stephen’s extraordinary determination makes him even more extreme than me. I call Stephen a monster because he becomes an unstoppable force whenever he sets his sights on a target. If Stephen was approaching Tokyo from the North, and Godzilla was approaching from the South, then I expect Godzilla would be the first to turn tail and flee. Sometimes the world needs extreme people to accomplish goals that nobody else will. It took tremendous acumen to deliver a code of conduct for global title leasing in the face of indifference. The world needs somebody of Stephen’s epic proportions to persevere with his quest.
For One Sentence When It Mattered: Elena Alexi of Ofcom
None of us know the pressures that weigh upon the shoulders of strangers we meet. Sometimes an unexpected word will calm the nerves of somebody in distress, or help them to rediscover their purpose. That happened to me during November when Elena Alexi, an expert in voice and messaging scams at UK regulator Ofcom, approached me at the NICC Open Forum. Elena wanted to tell me one thing: Ofcom pays attention to Commsrisk.
Elena could not have known that I was feeling the heat after accepting an offer from Dario Betti, CEO of the Mobile Ecosystem Forum (MEF), to revive Commsrisk. Betti sought to use Commsrisk to boost the credibility of MEF’s anti-fraud program and had a vague intention to use the brand to generate more traffic for MEF’s website. However, it soon became apparent that he would dull Commsrisk’s edge. Betti wanted Commsrisk’s audience, but not the substance that had attracted that audience. Elena’s remark reminded me of why I had created Commsrisk and published it for so long. She could not have known it at the time, but she made it easier for me to walk away from MEF just a few weeks later.
Elena, if you are reading this, than I thank you for your unexpected kindness. This is my plea to you and to everyone at Ofcom who cares about protecting ordinary members of the public: please find more ways to listen to the real experts, including Morgan, Cathal, Pepijn and Stephen. I tried to create a platform for opinions that do not accord with the objectives of the money men who run this industry, but opposing their misinformation takes a toll. Regulators need to find subtler ways to work around the systematic stifling of impartial expertise by corporate interests. Our brief exchange gave me hope that regulators want that too.
For Restoring Some Faith: The Children of Granbury Middle School, Texas
It matters when a 13 year old recounts the story of smacking a phone away from their parent’s hand because the parent may be falling for a scam. It matters even more when you hear several other kids, all from the same school, telling similar stories. I did not appreciate how much I would learn when Jeffrey Ross of 1Route asked me to talk to the pupils at his children’s school about using their phones safely. I learned at least as much as they did. I learned things that should upset anyone working in the comms sector, if they care about their children and the future they will experience. But the children of Granbury Middle School also gave me hope that wiser heads will eventually prevail. Children can see the truth at times when adults will choose to confuse good with bad. If children can retain that capacity as they grow older, there will be more heroes in future.
