It is the season of goodwill, but not all is well. If life seems unfair, we might reflect upon some ancient wisdom found within a holy book.
There is something else meaningless that occurs on earth: the righteous who get what the wicked deserve, and the wicked who get what the righteous deserve. This too, I say, is meaningless.
Ecclesiastes 8:14
Many readers of Commsrisk will be able to relate the truth of this Bible passage to their daily work. If we measure success through material rewards then a great deal of success has been enjoyed by bad people who exploit networks. Their success can be seen in the luxury cars confiscated from those few crooks who were caught by the police, and inferred from the knowledge that most of their peers will never face justice. Meanwhile, too many people who were tasked with combatting the wicked find themselves jobless as a result of downsizing by comms providers. Others fear they will soon be replaced by agentic AI. It pains me to have received so many requests for help with finding new employment this year. Despite the obvious problems faced by the comms sector, there are not enough vacancies for those with specialist risk management experience.
Tossing aside the hard-won knowledge of these people is a tragedy for them as individuals and a tragedy-in-the-making for the comms industry and the rest of society. Criminals and other bad actors dance around the under-resourced teams tasked with foiling their schemes. There is a thoughtless rigidity to the decisions of executives and politicians who now pretend artificial intelligence will end the abuse of networks. No artificial intelligence will make much difference in an environment where human intelligence has been ignored whenever it makes an observation that decision-makers do not want to hear. Does anyone really believe the best outcome will inevitably result from leadership that may sometimes spend more on technology but always chooses to spend less on staff? Stock markets measure success through ratios that favor a reduction in headcount but stock markets are not held responsible for the crimewaves that may result. I would rather be poorer and live in a society where I keep what I earn than be richer and constantly afraid of losing everything. There is no hiding the scale of crime now being endured by the public although many leaders behave as if this is coincidental to decisions they make about the way society is organized.
It is not fair that some will have to work harder at thankless and poorly-rewarded tasks to compensate for the greed and vanity of their bosses. However, nobody promised life would be fair. Religious texts have had much to say on this topic. If being good means being selfless, then we must forego the hallmarks of success coveted by conniving crooks and idiot rulers. The unsung heroes have my thanks, not just for what they have done this year, but also because their example encourages me to persist with my own meager efforts. Keep reading for my unsung heroes of the year, after this reflection from another holy book.
When the Tao is present in the universe,
The horses haul manure.
When the Tao is absent from the universe,
War horses are bred outside the city.
There is no greater sin than desire,
No greater curse than discontent,
No greater misfortune than wanting something for oneself.
Therefore he who knows that enough is enough will always have enough.Tao Te Ching, Chapter 46
- For Citizen Journalism: Radio Yakuza, geek and social media enthusiast
- For Conventional Journalism: Ben Marino of the Financial Times
- For an Unconventional Police Investigation: Álvaro Azofra of Europol
- For the Pursuit of Harmonized KYC: Sarah Delphey, Rebekah Johnson, Katia Gonzalez and Fionán Mc Grath
- For Speaking Plainly about the Limits of Blocking Traffic: Endre Syvertsen of Telenor Linx
- For Revitalizing My Career: Lyn Du of Telstra
For Citizen Journalism: Radio Yakuza, geek and social media enthusiast
When Japanese politicians and telcos were choosing to be tight-lipped about the reasons for repeated ‘interference’ with mobile phone connections there was a Tokyo resident who investigated why his phone had connected to a mysterious 2G base station, then shared the explanation with his 40,000 followers on social media. Calling himself Radio Yakuza on X, a geek with a deep fascination with radio telecommunications joined the dots in ways that nobody in the government, police or media had done before. He pinpointed and photographed the fake base station that his phone had connected to, researched the prevalence of Chinese-language scam SMS messages across Japanese cities, and plotted the route of SMS blasters driven around Tokyo.
Radio Yakuza also inspired other members of the public to hunt the scammers and raise awareness of the risk to phone users. Their collective efforts even led to the identification of a car that changed number plates as it ferried an SMS blaster around Tokyo. The attention generated through social media eventually forced the government to admit SMS blasters were being used to send scam messages after weeks of prevarication. Japan’s telcos followed suit a fortnight later with a low-key warning to the public that contrasted sharply with the high-profile SMS blaster awareness campaigns found in most East Asian countries.
The internet has given people the power to share news that others would prefer to keep hidden. Radio Yakuza’s persistence and willingness to share provided a shining example of the good that can be done through citizen journalism.
For Conventional Journalism: Ben Marino of the Financial Times
People may think I welcome publicity but I turn away plenty of enquiries from journalists because their goals are too superficial. When Ben Marino of the Financial Times first contacted me in October 2024, he asked more thoughtful questions than most, though I was still wary of whether a promising opening conversation would lead to a documentary that properly examined the complicated themes we had discussed. I need not have worried. That Ben’s documentary was only released last week is an indication of how much work went into it. The final product, entitled Scammers, spies and triads: inside cyber-crime’s $15tn global empire, is the best exploration of the relationship between cybercrime-as-a-service, rogue base stations, privacy invasions and scam compounds that I have seen.
Ben criss-crossed the globe to explore how electronic networks are abused and how criminal networks are run. Based on my own exchanges with Ben during this time, it is obvious that lots of material was excluded from the final cut as he strived to condense the scale of the transnational networked crime orchestrated by Chinese syndicates into a half-hour documentary that anybody can understand. I hope Ben’s documentary sets a new standard for journalists seeking to inform the public about the extent and the sophistication of networked crime.
For an Unconventional Police Investigation: Álvaro Azofra of Europol
It can be tedious to correct misunderstandings about what certain anti-scam technologies do in practice. There are many kinds of fraud, and there are many techniques that can be used to mitigate fraud, but not every fraud mitigation technique is a mitigation of every type of fraud. Most mitigations only have an effect in specific circumstances. Many mitigations can be defeated by criminals with sufficient resources and determination. That is why we need comprehensive strategies that embrace multiple mitigations and which anticipate changes in the methods that will be used by criminals. It is troubling that some people who claim to be professionals will repeatedly exaggerate what particular kinds of mitigation can accomplish. There are even high-profile professionals who consciously seek to mislead politicians, regulators, the police and the public. So it comes as a relief to discover police in Europe may be making themselves immune to bad advice by doing their own research into technologies that could potentially be used to reduce scam traffic.
Álvaro Azofra is the Head of the Expertise and Stakeholder Management Unit of the European Cybercrime Centre at Europol, and his team produced a short paper on CLI spoofing that is better than anything the comms industry has written on the same topic. If the police can produce analysis of this quality then the private sector can do the same. And if the private sector will not provide analysis of this quality then its so-called experts deserve to be ignored. Azofra and his colleagues are offering a different way forward, if they are permitted to continue researching how to reduce networked fraud. They have demonstrated what objective, impartial research should look like, and hence the potential benefits of using this kind of research to inform policymaking instead of saving pennies by trusting the private sector to fairly compete for work only to later waste millions when the private sector supplies the wrong solutions. I hope there will be more research about networked fraud mitigations from Azofra’s Europol team in future, and it would be good if law enforcement agencies in other regions also develop expertise within their own organizations. For all the talk about cooperation, the police should strive to reduce their dependence on advice given to them by vested interests in the private sector. Good impartial research in the present day will result in less crime to fight in future.
For the Pursuit of Harmonized KYC: Sarah Delphey, Rebekah Johnson, Katia Gonzalez and Fionán Mc Grath
Social media users use the term ‘ratioed’ when there is a ratio of comments to likes that indicates a lot of disagreement with the content in somebody’s post. It is a shame we cannot use simple mathematical ratios to assess the quality of the things people say when talking to a live audience. If we could, then many of the comments made in support of robust know-your-customer (KYC) checks would be ratioed because they are made by people who do absolutely nothing to make KYC controls more robust. A KYC decision is ultimately a decision that needs to be made by human beings, no matter how many layers of technology are involved in crystallizing that decision for each prospective customer. Somebody has to establish when it is too risky to accept a customer because the potential harm they will do is too great relative to the amount they are going to pay for the service they want. That means somebody becomes accountable. The cynicism of decision-makers who never want to tell shareholders that revenues have fallen or that a user base has shrunk is in direct conflict with vague promises to deny service to bad actors. Harmonizing KYC so that all comms providers get fair returns, with none profiting by consciously adopting a lower standard than their competitors, is going to be a battle waged over decades, just like the battle that has long been waged to stop businesses leaking personal data or the new battle to prevent the destruction of jobs by AI. It takes a courageous kind of person to join the front line of this battle.
Three women stand out for the roles they have played in the battle so far. Sarah Delphey, now of Bandwidth, did much of the work that fed into the KYC Code of Conduct adopted by i3Forum this year. Sarah’s work was initially published when she was at Numeracle, through a model KYC standard authored in collaboration with Numeracle CEO Rebekah Johnson. I plagiarized this work (with their knowledge) to draft the code approved by the i3Forum. But writing a code means nothing if the code is not accepted. Katia Gonzalez provided crucial support for the adoption of the code through her leadership of the i3Forum Fight Fraud group, and through her role as the leading anti-fraud voice on the i3Forum board. She shepherded the code through to its eventual approval by the i3Forum. I expect Katia’s influence will be equally essential to securing the support of One Consortium, who began reviewing the code following i3Forum’s endorsement.
The ongoing loss of valuable experience to the comms sector is illustrated by a change in the career of Fionán Mc Grath, the comrade and unsung hero who did most to assist with the drafting of the new KYC code. He was working for Cellusys at the time we worked on the draft. Now Finn is looking for solutions to a different problem: how to increase the production of healthy food in a way that also improves the environment. As much as I admire Finn’s current goals, I wish we had more men like him working on the challenge of reducing networked crime.
The efforts of these four people were stretched across a period that was much longer than a calendar year. This indicates how long it can take to accomplish something of value, and how the contributions of the individuals who were responsible can easily be forgotten. These four people still rank among my unsung heroes of 2025 because this was the year that their work resulted in a code that received the approval of a major association of international carriers. It is appropriate to rally the troops after any victory, no matter how small. My hope is that we have instigated a chain of events that will lead to more victories on the road to robust harmonized KYC for all electronic communications globally.
For Speaking Plainly about the Limits of Blocking Traffic: Endre Syvertsen of Telenor Linx
Not everybody wants to talk plainly about the limits of the methods being used to counter the abuse of networks. Individuals risk less by keeping their heads down, saying nothing, and waiting for the moment when stored-up troubles become so toxic that nobody can deny the existence of the root causes any longer. Endre Syvertsen of Telenor Linx took a bold step this year by publicly explaining why the automated blocks of bad traffic implemented by his business will not be unsustainable in the long run. He also emphasized the need for carriers to secure all traffic, not just the traffic they receive.
Endre and his colleagues on the executive team of the Global Solutions Council (GSC) want a holistic approach to cleaning up the carrier ecosystem. As part of this, they recently promised to publicly critique the KYC code approved by the i3Forum. I applaud their intentions. Too many industry associations compete at how far they can dilute and obstruct necessary change. It is refreshing to see an association competing by demanding a higher standard than their peers.
It may seem paradoxical to encourage criticism of a code of conduct that I helped to create, especially after praising the contributions of people named above. However, there is a need for greater transparency in the deliberations of this industry. Endre is establishing a healthy precedent by wanting to openly discuss the strengths and weaknesses of other anti-fraud initiatives. Too many decisions have been made behind closed doors, between people who claim to speak for the entire industry but whose motivations are not examined. Endre’s opinions about the limits of blocking, and the GSC’s desire for rigorous KYC have the potential to become an important counterweight to some negative influences on the communications industry. Nobody outside of the comms sector will appreciate the significance of the stance being adopted by Endre and his colleagues. I thank them for taking it.
For Revitalizing My Career: Lyn Du of Telstra
I know about the GSC’s intended critique of the i3Forum KYC Code of Conduct because I was kindly invited to attend the most recent GSC forum, held in Bucharest during November. Saying I was invited is something of an understatement. Lyn Du, another member of GSC’s executive team, went above and beyond the call of duty to get my involvement. I had thought my career as a public speaker was coming to an end. However much people think Commsrisk provides a valuable service, or however much some other people think Commsrisk is too loud when pointing out facts they would prefer to keep unknown, it is a lot cheaper to run a website than to fly around the world and speak at conferences. That is why the overwhelming majority of people who speak at conferences are salesmen or lobbyists, even when they pose as somebody seeking the best for humanity. It was my belief that I would never occupy another role which would justify the cost of foreign travel. Lyn did not allow that to stop her; her persistence secured the funding for my trip to Bucharest.
Even so, I firmly believed that my GSC presentation would be the last time I would speak in public about scams in the comms industry, as I later admitted to the audience in Bucharest. Neither Lyn nor I appreciated that her efforts would instigate a sequence that resulted in my being offered a new role which will involve much more travel, and much more public speaking in 2026. I had expected my career was nearing its end. It has been reignited instead, with a special focus on the topic I most care about: preventing consumer scams. I will tell you more about that next year. In the meantime, Lyn deserves thanks for her part in saving my career, in addition to thanks for all the effort she puts into organizing GSC’s superb events. As somebody who has run conferences myself, I recognize how much dedication it takes, especially when you really care about the quality of the agenda. So if you see me at an event next year, you might want to thank Lyn too, unless you would prefer never to hear from me again, in which case Lyn deserves a share of the blame.
