In the hours after Donald Trump claimed victory in his campaign for a second presidential term in November, Americans across the country started receiving disturbing text messages. Members of Black, Hispanic, and LGBTQ communities were instructed to report to nonexistent nearby plantations to "pick cotton," surrender themselves to fake nearby deportation centers or report to phony reeducation camps.
The recipients quickly reported the messages, kicking off a flurry of investigations across the country at the local and federal levels. Those investigations are still ongoing.
In the months since, the victims have largely moved on from the immediate panic caused by the racist texts. But the flood of messages set off alarm bells across the digital communications industry, because they exposed a weakness in the system that could be exploited by bad actors with a range of bad intentions. Three months later, there are still more questions than answers about who was behind the attack and whether the industry is prepared to prevent it from happening again.
…
In the past, it was relatively easy for marketers to sign up for a number and start texting. But over time, carriers were dealing with more and more complaints from users and law enforcement about bad actors that were abusing the system. "Three years ago, [mass-texting] would've been the Wild West," Brad Herrmann, the CEO of Text-Em-All, a mass messaging service, told NPR.
…
In 2020, the Campaign Registry was founded as a central repository to register, track and coordinate all the different parties in the corporate messaging ecosystem. That way, companies had to register their marketing or informational campaigns in detail, go through vetting processes and receive official authorization to start texting. It's designed to track 10-digit numbers, though there are other, similar bodies that keep track of short codes and toll-free numbers.
The Campaign Registry doesn't monitor or block campaigns itself. Instead, carriers and regulators can go to it for information to help them take action such as blocking bad actors or levying fines.
Slowly, carriers have been shifting towards requiring all corporate messaging to be registered.
"The good news is that all of these systems that have been put in place in the last couple of years are actually pretty good," Herrmann said. "And so, when I heard about [the racist] message getting out, I was like, you know, there's an open door and someone's going to get in big trouble for having that door be open still."
Meanwhile, most companies in the chain have their own spam filters and artificial intelligence systems designed to catch potentially dangerous or offensive messages. It's an extra layer of protection.
…
Despite the racist messages that were received and seen, many more were stopped. Some of the protections put in place by the messaging industry in recent years did succeed.
For one, the bad actors tried to make use of toll-free numbers but were prevented from ultimately sending out the messages that way, according to one source familiar with ongoing investigations.
Multiple campaign service providers told NPR that they detected attempts by users to send out messages about plantations and deportations, and those attempts were stopped.
…
Sources speculate that the messages were artfully crafted to not use specific slurs, possibly sketchy URLs or obviously malicious language that filters would catch.
"This message was kind of unique in that it was able to get past multiple levels of AI and machine learning filters at multiple companies in order to get out," said Herrmann of Text-Em-All.
Attackers might have also been searching for loopholes in the Campaign Registry system – most likely by bypassing it entirely.
…
Executives in the messaging ecosystem discovered the racist texts after several got flagged by filters. They acted quickly to block the numbers and investigate the culprits. But the campaigns weren't registered, and the trail quickly went cold.
…
One of those providers is TextNow, a Canadian company that offers free digital texting and calling. TextNow's openness has many benefits, like allowing low-income users to access communication and government services. But TextNow's platform has been abused in the past for various purposes like fraud, stalking, and fake shooting and bomb threats. TextNow has said it believes the offending accounts were part of a coordinated attack on their system and has since shut them down and is cooperating with law enforcement.
However, sources with knowledge of the investigation tell NPR that the attackers were also using Google Voice, another free or low-cost service that spins up phone numbers. It's difficult to tell if the attackers registered the numbers with Google or other third-party services that sell and manage Google Voice numbers. A Google spokesperson told NPR that "we have clear policies against using our tools to threaten, bully, or harrass, that we apply consistently to keep our users safe." The spokesperson confirmed that in the case of the racist mass-texts, "fewer than 100" accounts violated those policies, and Google "took action."
What a messy situation from a tech standpoint. Layers of complexity and nobody wants the responsibility nor the loss of revenue. Capitalism without accountability once again. ...And what a...
What a messy situation from a tech standpoint. Layers of complexity and nobody wants the responsibility nor the loss of revenue. Capitalism without accountability once again.
...And what a perfectly constructed scenario for increasing fascist power. This kind of scary but ultimately impotent attack provides just the motivation for building out controls and infrastructure into mms and sms that can easily strip away (unruly/disenfranchised) peoples' ability to organize (privately).
It sure smells to me like that attack and the reaction to it isn't about racist texts at all. Nor is it about being able to spy on your texts. This is about better controls and insights into mass communications. It's about being able to stop unions and protests from forming.
Or it's some kind of message to Washington about just how badly the country has been pwnd by whoever launched the attack, but IMO that theory is in a (very) distant second place.
Someone tell me I'm wrong please and why. I've been online too long and too often again and am gonna go do something more healthy.
Yes, it’s messy, but I don’t understand your position. Are you arguing for less regulation of mass text messages? Would you be willing to live with a lot more spam? In the old days (like the civil...
Yes, it’s messy, but I don’t understand your position. Are you arguing for less regulation of mass text messages? Would you be willing to live with a lot more spam?
In the old days (like the civil rights movement in the 1960’s), activists would use phone trees, where one person might call ten people on a landline, and they would call ten more people, and so on, to get the word out. This required more organization than today. More manual effort to communicate tends to favor organized groups.
Nowadays you could use private group chat or social media. I don’t think there is any shortage of ways to communicate for an organized group?
There are enough alternatives that I don’t think cracking down on text spam is all that big a deal.
My understanding of their argument is that they believe this incident will be used to increase regulation on text messages to an extent that they can be used to crack down on people and ideas, not...
Are you arguing for less regulation of mass text messages? Would you be willing to live with a lot more spam?
My understanding of their argument is that they believe this incident will be used to increase regulation on text messages to an extent that they can be used to crack down on people and ideas, not necessarily that there should currently be less regulation.
I guess I basically consider commercial text messaging outside of package delivery notifications to be roughly on par with smallpox or dysentery in terms of social value. I’m unsure what valuable...
I guess I basically consider commercial text messaging outside of package delivery notifications to be roughly on par with smallpox or dysentery in terms of social value. I’m unsure what valuable ideas are being transmitted in this form, or what value could conceivably be lost.
That’s the nice thing about armchair-quarterbacking this thing. I don’t have any solution… or rather, I don’t have any other than what we already have - the carriers doing what they can to stay...
That’s the nice thing about armchair-quarterbacking this thing. I don’t have any solution… or rather, I don’t have any other than what we already have - the carriers doing what they can to stay ahead of the spammers.
What I do have is the lowest trust I’ve ever had in any of the string-pulling nonsensical maneuvering going on.
Do I want more spam? Of course not. It drives me nuts. I’ve tried like three different blocking apps.
But the timing and contents of that attack are super suspect. It’s the kind of nonsense that IMO tells on itself as having some ulterior motive simply by being so nonsensical. It smell like a(nother) manipulation to me. Its manufacturing consent, that’s all.
It’s just like the new porn identity requirements. It’s not about porn. It’s about control. It’s about knowing who is behind the keyboard- not because they want to “come for you” but because they want to quietly mute any dissenting voices.
From the article:
…
…
…
…
…
…
What a messy situation from a tech standpoint. Layers of complexity and nobody wants the responsibility nor the loss of revenue. Capitalism without accountability once again.
...And what a perfectly constructed scenario for increasing fascist power. This kind of scary but ultimately impotent attack provides just the motivation for building out controls and infrastructure into mms and sms that can easily strip away (unruly/disenfranchised) peoples' ability to organize (privately).
It sure smells to me like that attack and the reaction to it isn't about racist texts at all. Nor is it about being able to spy on your texts. This is about better controls and insights into mass communications. It's about being able to stop unions and protests from forming.
Or it's some kind of message to Washington about just how badly the country has been pwnd by whoever launched the attack, but IMO that theory is in a (very) distant second place.
Someone tell me I'm wrong please and why. I've been online too long and too often again and am gonna go do something more healthy.
Yes, it’s messy, but I don’t understand your position. Are you arguing for less regulation of mass text messages? Would you be willing to live with a lot more spam?
In the old days (like the civil rights movement in the 1960’s), activists would use phone trees, where one person might call ten people on a landline, and they would call ten more people, and so on, to get the word out. This required more organization than today. More manual effort to communicate tends to favor organized groups.
Nowadays you could use private group chat or social media. I don’t think there is any shortage of ways to communicate for an organized group?
There are enough alternatives that I don’t think cracking down on text spam is all that big a deal.
My understanding of their argument is that they believe this incident will be used to increase regulation on text messages to an extent that they can be used to crack down on people and ideas, not necessarily that there should currently be less regulation.
I guess I basically consider commercial text messaging outside of package delivery notifications to be roughly on par with smallpox or dysentery in terms of social value. I’m unsure what valuable ideas are being transmitted in this form, or what value could conceivably be lost.
That’s the nice thing about armchair-quarterbacking this thing. I don’t have any solution… or rather, I don’t have any other than what we already have - the carriers doing what they can to stay ahead of the spammers.
What I do have is the lowest trust I’ve ever had in any of the string-pulling nonsensical maneuvering going on.
Do I want more spam? Of course not. It drives me nuts. I’ve tried like three different blocking apps.
But the timing and contents of that attack are super suspect. It’s the kind of nonsense that IMO tells on itself as having some ulterior motive simply by being so nonsensical. It smell like a(nother) manipulation to me. Its manufacturing consent, that’s all.
It’s just like the new porn identity requirements. It’s not about porn. It’s about control. It’s about knowing who is behind the keyboard- not because they want to “come for you” but because they want to quietly mute any dissenting voices.