Vigilante Used Traffic-Pumping Fraud to Pay for Denial of Service Attacks on Robocall Scammers

Yes, you read the headline correctly. One difficulty with measuring fraud is that there are some criminal endeavors that straddle several common categories of fraud at once. But rarely do you hear of a criminal enterprise that:

  • commits traffic-pumping fraud
  • by making robocalls to toll-free numbers
  • to generate revenue to finance a vigilante operation
  • that openly sought tip-offs about telcos that profited from scam calls
  • so those telcos could be hit with denial of service attacks
  • but which then attacked somebody working for an industry traceback group instead.

Hello, I am the Scammer Blaster and I’m going to break your telephone system

Those words are repeated at the beginning of every video on the YouTube channel of ScammerBlaster, the name of a business run by Thomas Dorsher of North Dakota, USA. The incorporation documents for ScammerBlaster Inc say its purpose is “disrupting the activities of individuals who employ deceitful practices”. These disruptive exploits, which include singing rude songs to scammers and publishing the email addresses of the staff of telcos blamed for scam traffic, are routinely described on the ScammerBlaster website, where Dorsher refers to himself as “part of an elite group of people” that uses “call flooding” to punish scammers for the harm they do. The ScammerBlaster Twitter account describes the company as a nonprofit organization. So whilst Dorsher rarely uses his own name in association with ScammerBlaster, he is clearly proud of what he does, and is so confident about the correctness of his actions that the ScammerBlaster list of demands includes…

4. Federal funding to expand our operation. A Federal Grant would be nice and also go a long way in scaling up our organization!

However, instead of giving him a grant, it seems the government would prefer to take Dorsher’s money away. The Federal Communications Commission (FCC) has officially proposed to jointly and severally fine Dorsher, ScammerBlaster Inc, and two other corporate entities controlled by Dorsher a total of USD116,156,250. One of those entities, OnTel Inc, was used to launch Dorsher’s denial of service attacks. The other, ChariTel Inc, is said to have pumped almost 10mn robocalls to toll-free numbers in order to generate revenue for Dorsher’s vigilante activities. The ChariTel robocalls played automated messages that purported to be ‘public service announcements’ about the dangers of illegal robocalls. These messages would claim robocall fraud is used to fund Al-Qaeda and ISIS, then encourage listeners to report illegal robocallers to the FCC and ScammerBlaster. However, the underlying purpose of these calls was allegedly to generate income through a revenue sharing arrangement with a local exchange carrier. This would be a violation of the Telephone Consumer Protection Act (TCPA), which prohibits calls to numbers where the recipient pays for the call unless that recipient has given prior express consent. The FCC’s Notice of Apparent Liability states:

Between January 1, 2021, and March 2, 2021, ChariTel apparently made 9,763,599 prerecorded voice message calls to toll free numbers. Bureau staff verified 20,650 of these calls for violations of the TCPA. Charitel also made two calls to AT&T Service, Inc’s… toll free fraud protection hotline. AT&T attested that it never consented to those calls. Additionally, several consumers complained to the Commission about the Dorsher Entities’ toll free robocalls… When one complainant confronted the Dorsher Entities about the calls, the Dorsher Entities allegedly responded, “if you think the FCC will do anything, you are very much mistaken.”

The extreme and peculiar nature of the US telecoms market, as compared to those found in most other countries, does lend itself to exotic frauds like traffic pumping for toll-free calls. Whatever his faults, Dorsher must have had some appreciation of the intricacies of the US telecoms ecosystem to execute such a fraud. However, there were limits to Dorsher’s insights. Dorsher painted a target on his back when he made the comical mistake of launching a robocall denial of service attack upon the telephone of a consultant working for the Industry Traceback Group (ITG), the US consortium-cum-monopoly that is tasked with identifying the source of bad calls.

ScammerBlaster Inc’s methodology for identifying illegal robocallers appears flawed. The Dorsher Entities launched a TDoS [telephone denial of service] attack against an ITG consultant believing that the consultant was associated with a tech support scam. Dorsher or someone affiliated with the Dorsher Entities threatened the consultant and said “how about if I break your phone system?” Subsequently, the consultant received more than 100 phone calls in a matter of minutes. Shortly thereafter, the ITG traced several of the TDoS calls to OnTel. After discovering the error, Dorsher called the consultant, apologized for his error, and then proceeded to explain the Dorsher Entities’ operations.

A fine of USD116mn is undeniably big, and the FCC claims it will serve as a deterrent. There is only one problem: the FCC has a track record of calculating enormous numbers for the penalties described in their press releases, but these fines are rarely collected. This has become a repeated cynical tactic that delivers positive press coverage for the FCC. Self-serving journalists use these enormous figures as clickbait for articles. They never run follow-up stories about settlements negotiated by prosecutors which usually deliver nothing but a promise that the defendant will behave well in future. FCC Chairwoman Jessica Rosenworcel is aware of this routine failure to collect fines. She railed vociferously about the failures of the justice system before there was a change of government and she was promoted to her current role. To her credit, Rosenworcel still alluded to the problem of fines not being collected in her personal statement about Dorsher’s fraud.

We propose a $116 million fine for a scammer responsible for a traffic pumping scheme built on robocalls. This fine is big. But it also calls attention to the fact we need new rules of the game. We have issued many fines just like this one. But after we do, we have to hand them over to our colleagues at the Department and Justice (sic) and hope for further action. I like hope. But instead of wishing for the best, I would like the certainty of this agency being able to go to court directly and collect fines against these bad actors – each and every one of them. This will take a change in the law and we need Congress to fix that.

The FCC calculated their proposed fine by counting 20,650 calls which they confirmed were illegal, then multiplied this figure by a standard penalty of USD4,500 per call, then added another 25 percent because they considered Dorsher’s behavior to be especially egregious. We can safely assume that Dorsher, who registered all his companies at his home address, cannot afford a USD116mn penalty, even though the FCC’s notice says they are willing to take payment by credit card. It is almost certain that Dorsher will not need to hand over a penny. Just a few months ago the US Department of Justice negotiated a settlement with a Pakistani businessman and owner of several US-registered corporations who admitted to disseminating ‘tens of millions’ of illegal robocalls. The settlement referred to a nominal penalty of USD3.3mn but then agreed that nothing would need to be paid in practice because the robocalling businessman said he lacked the funds.

Dorsher is accused of fraud but we can question whether a penalty of USD116mn is proportionate. He generated revenues of USD0.0001 for every minute an illegal robocall was connected to a toll-free number. When US authorities determined the executive leadership of Deutsche Bank had knowingly engaged in bribery over the course of seven years, and had intentionally manipulated the prices of precious metals for a five-year period, the bank negotiated a settlement in 2021 worth USD130mn. Security breaches at Morgan Stanley put 15mn customers at risk but the bank walked away with two separate penalties of USD60mn each, one for the 2021 settlement of a class action lawsuit, the other a 2020 penalty imposed by a bureau of the US Treasury. US telecoms operator T‑Mobile was fined USD19.5mn by the FCC after a 2020 network outage resulted in the failure to connect more than 23,000 calls to emergency services. Dorsher’s ultimate penalty is likely to be nil, but why calculate such an enormous theoretical penalty for Dorsher when much bigger businesses pay smaller penalties for putting people’s lives and savings at risk?

The FCC’s explanation of Dorsher’s proposed penalty is peppered with gossipy trivialities and irrelevances, hinting that he caused embarrassment to the FCC and telcos. Dorsher openly sought to make a career out of punishing telcos for their failure to prevent fraud. He disparaged the FCC’s lack of enforcement activity. Numerous petty asides are included in the FCC’s account of the so-called investigation, which was conducted by the same professional clique that Dorsher routinely castigated. The inclusion of these remarks suggests Dorsher so successfully wounded the feelings of those professionals that they lost perspective about what they were meant to be investigating. This suggests the US industry was motivated to investigate Dorsher more out of spite than because of a conscientious and systematic approach to identifying and tackling wrongdoing.

Here are some of the strangest oddities in the FCC’s notice about Dorsher.

  • The notice includes an irrelevant estimate of fraud conducted globally. Why would the total worldwide value of certain kinds of fraud have any bearing on the penalty that Dorsher should pay for the harm he caused, and why is the FCC making claims about the seriousness of frauds worldwide when the scope of their work and Dorsher’s actions are limited to the USA?
  • A top fraud manager submitted an affidavit saying his team’s global fraud hotline was put out of service because Dorsher made two calls to it. If a telecoms business which generated total revenues of USD168.9bn in 2021 is spending so little on fraud management that two calls are sufficient to overload its fraud hotline then there are simpler solutions than investigating who made those calls.
  • Dorsher is quoted being rude about the FCC. Western civilization has not yet decayed to the point where hurting the feelings of bureaucrats is considered a punishable offense, so why are supposedly professional fraud investigators and well-paid government lawyers compiling dossiers that contain tittle tattle like this?
  • Much of the supposed investigation into Dorsher was merely the recounting of a conversation where Dorsher disclosed his crimes to a consultant working for the Industry Traceback Group. This conversation occurred after Dorsher spammed the consultant’s phone in the mistaken belief that the consultant “was associated with a tech support scam”. On one level this suggests Dorsher is a prize buffoon. But what was this ITG consultant doing which encouraged Dorsher to reach such a bizarre conclusion? Did the ITG consultant use their real identity from the outset, and if not, is there a possibility that their actions might be construed as entrapment?

Dorsher was not shy about pointing out the telcos he believed were profiting from frauds perpetuated against ordinary Americans. He may have been delusional about his chances of receiving a government grant for his work, but there is every reason to believe he was sincere in his belief that US telcos have been corrupted by the profits generated from fraudulent traffic. One especially large telco was singled out for criticism on the ScammerBuster website:

Sinch, a Swedish telecom, recently purchased Onvoy/Inteliquent…

PROBLEM: Approximately 60% of all scammers are on the Onvoy network, and we have all the data to prove it. If Onvoy would actually take this problem seriously, you would have 60% fewer Robo and scam calls! Don’t just take our word for it. Look up the phone carrier on any NON-SPOOFED scam or robocalls you get and you can see for yourself that about 60% of the junk calls you get are on the Onvoy/Inteliquent network.

I have no desire to indulge conspiracy theories, but I wonder if Dorsher’s worst mistake was shaming organizations that had the power to fight back. In the final reckoning, Dorsher ran a website, Twitter account and YouTube channel that repeatedly claimed he launched denial of service attacks. He promised to break telephone systems. Such attacks are prosecutable offenses. But instead of building a case about those denial of service attacks, the telecoms industry focused on Dorsher’s toll-free fraud, which was committed by playing recorded messages that emphasized how bad robocall fraud really is.

Dorsher brought about his own downfall when he believed he was launching a denial of service attack on a scammer that was then revealed to be a member of staff at the industry consortium responsible for tracing the origin of robocall scams. Not many fraudsters are going to be so unlucky that they make hundreds of illegal calls to one of the few individuals able to trace the origins of those calls. Perhaps Dorsher launched that attack because he is divorced from reality but he may also have identified some truths that are embarrassing to the professionals who keep saying fraud is a game of whac-a-mole. Dorsher proved to be one target they were sufficiently motivated to hit. Whatever the full truth, I would not be surprised if this robocall vigilante eventually stages a comeback, though he may make more effort to disguise his identity next time.

Dorsher theoretically faces a theoretical penalty of USD116mn as punishment for making USD0.0001 per minute illegally. The reality is that Dorsher will show details of his bank account to prosecutors who will then agree he will pay no penalty at all. Dorsher will promise not to do anything similar again. But there will be no meaningful monitoring of his activities, so if he is more discreet in future then he will be able to commit the same crimes without fear of being caught. Meanwhile, the people responsible for enforcing the laws that Dorsher broke will produce other long documents that seek to justify the calculation of enormous notional fines for other scammers identified from time to time. These documents will be padded with more trivialities and irrelevances whilst the actual penalties will remain nil.

A system that vacuously threatens a USD116mn fine for just 20,650 provably illegal calls will totter on as if nothing is wrong, even though the nominal scale of the fine is also an admission that most crime remains undetected or unproven. Such a system does not aspire to proportionate punishment for criminals or reliable protection for the public. The Chairwoman of the FCC clearly appreciates that empty threats will not deter wrongdoing by savvy criminals. Dorsher already believes most fraud is ignored, and he has gained new experience of the disjointed way the US investigates and enforces laws concerning abuses of telecoms systems. Dorsher broke the law and deserves to be punished, but the way the US industry and authorities have responded to his case lends credence to his criticisms.

You can download the FCC Notice of Apparent Liability for Forfeiture pertaining to Dorsher and his companies from here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.