People at the limit of their patience with spam calls have been emailing the chairwoman of the Federal Communications Commission, Jessica Rosenworcel, in a desperate attempt to make the unwanted calls from scammers and robocallers stop. Emails obtained by the transparency site Government Attic under the Freedom of Information Act paint a picture of desperate people who just want the phone to stop ringing.

Robocalls are automated phone calls, usually from telemarketers or scammers, sometimes used to target people for fraud. Spam calls are similar, but there’s a human on the other end. Both types of calls have plagued most people with a phone line in the U.S. for years; recently, the government has passed regulations to try to stop unwanted calls. 

The FCC encourages people to report unwanted calls or spoofed phone numbers—“Your complaint provides valuable information that we use to inform policy decisions,” its website says—but that process involves filling out a specific form online, not sending emails directly to the FCC chairwoman’s inbox. 

For some people, however, the frustration they’re feeling seems to be sending angry rants and begging into the void.

One elderly person’s plea directly to Rosenworcel frames the problem as a matter of life and death: “I have been continuously harassed with such calls for years and it's only getting worse. I am now 70 years old and live alone. I have a landline and try to answer all incoming calls as one never knows when an emergency or request for assistance is at hand,” they said. “Though I try to hang up when I identify an unwanted call, these calls increase my chance of having a serious ( or fatal) fall with no one present in my home to assist. [...] HOW LONG MUST I FEAR BEING SERIOUSLY OR FATALLY INJURED AS A VICTIM OF SPAM/SPOOF PHONE CALLS INTO MY HOME? If I do fall to these criminals, it may never be known that the event was precipitated from an unwanted call.” 

Someone wrote to FCC Commissioner Geoffrey Starks with the subject line “Time to go to work,” asking if he needed “help” accomplishing the goal of ending robocalls. “This doesn't seem difficult. Why are you and your agency failing?” 

Some people wrote just to offer their own ideas for how to fix robocalls. “I think we need to create an anatomy of the most common scam setups. Scammers prey on the most vulnerable people in our society. lf we work together, we can stop these time-wasting scammers,” wrote one person, who originally emailed cloud communications company Voyant and then CC’d Rosenworcel, former commissioner Mike O’Rielly, former chairman Ajit Pai, and a slew of other telecom companies. 

“Congratulations on your attainment of the Chair, even if it is cunently[sic] acting,” one wrote. “Perhaps your people will be more responsive than they were under Mr. Pai. I never received a response to the filing I made in 2017 which outlined the only way to stop spoofing by robocallers.”

“Good Morning, Ms. Rosenworcel, I have invented a solution that stops Robocalls 100% but since I am not an insider in the communications industry, I am not having an easy time getting to the potential buyers of my product, i.e. Google, Apple, Verizon, T Mobile, AT&T, etc,” another wrote. “Any chance you could help get me in front of the industry leaders?”

Others got straight to the point: “M. Rosenworcel: Why am I still getting robocalls? I thought June 30 was the big day,” someone wrote in September 2021. June 30 was the day when the FCC’s STIR/SHAKEN anti-spoofing standards for authenticating Caller ID information went into effect, which would enable carriers to block spoofed numbers used by spam callers to get around client’s blocks.

“I’m writing out of desperation about the excessive robocalls and unsolicited text messages that I receive on a daily basis,” someone wrote to New Jersey Rep. Tom Malinowski and CC’d Rosenworcel. “Recently, I even started getting these calls and text messages late into the night and on the weekends (a first).” 

Others detailed every robocall they had gotten on a day, the purpose of the call, and the time of the call.

“I have had 13 robocalls before noon today,” someone wrote to Rosenworcel. “AT&T says they don't have the technology to do this. If that's the case, they are too incompetent to be in the business. Thank you.” 

“What are you doing to end robocalls to Americans?” wrote another. “Do you need to be replaced? Is there a problem that prevents you from doing your job?” 

Russian government hackers tried to trick Ukrainian and international volunteers into using a malicious Android app disguised as an app to launch Distributed Denial of Service (DDoS) attacks against Russian sites, according to new research published by Google on Tuesday. 

Since the beginning of the Russian invasion, Ukraine has resisted not only on the ground, but also online. A loose collective of technologists and hackers has organized under an umbrella quasi-hacktivist organization called the IT Army, and they have launched constant and persistent cyberattacks against Russian websites. 

The Russian government tried to turn this volunteer effort around to unmask Ukrainian hackers, in a smart, but ultimately failed attempt. 

“This is interesting and new, and [Russian government hackers] sort of testing the boundaries again, and trying to explore different things. The Russian groups definitely keep us on our toes,” Shane Huntley, the head of the Google research team Threat Analysis Group, told Motherboard in a phone call. 

Huntley said that in recent years, Russian hackers have done hack and leaks, supply chain hacks, and now fake apps. “There's this constant evolving of them not sitting on one particular attack path, but actually trying different things and evolving their techniques and seeing what works. Not all of their attempts work and not all their approaches do, but there's considerable innovation in the ways and things they're trying and it looks almost like an experimental mindset to me.”

Do you have information about the activities of Ukrainian or Russian hacking groups? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email [email protected]

Google researchers wrote in the report that the app was created by the hacking group known as Turla, which several cybersecurity companies believe works for the Kremlin. Huntley said that they were able to attribute this operation to Turla because they have tracked the group for a long time and have good visibility into their infrastructure and link it to this app. 

The Russian embassy in Washington D.C. did not respond to a request for comment. 

The hackers pretended to be a “community of free people around the world who are fighting russia’s aggression”—much like the IT Army. But the app they developed was actually malware. The hackers called it CyberAzov, in reference to the Azov Regiment or Battalion, a far-right group that has become part of Ukraine’s national guard. To add more credibility to the ruse they hosted the app on a domain “spoofing” the Azov Regiment: cyberazov[.]com. 

Motherboard reached out to the email address that was displayed on the malicious website, but received no response.

A screenshot of the malicious site Russian hackers allegedly used to try to hack Ukrainians.

The app actually didn't DDoS anything, but was designed to map out and figure out who would want to use such an app to attack Russian websites, according to Huntely.

“Now that they have an app that they control, and they see where it came from, they can actually work out what the infrastructure looks like, and work out where the people that are potentially doing these sorts of attacks are,” Huntley said. 

Google said the fake app wasn’t hosted on the Play Store, and that the number of installs “was miniscule.” 

Still, it was a smart attempt to trick unknowing Ukrainians or people interested in working with Ukrainians to fall into the trap.

“🤮 but smart. I sensed it could not be genuine,” Marina Krotofil, a cybersecurity professional of Ukrainian origin, told Motherboard. “Creating it makes perfect sense, it would be stupid not to do it. Everybody knows the IT Cyber Army does DDoS on predestined IPs, so many would believe. But it smells fake from miles away.”

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.

Following the recent doxing and swatting of Twitch streamer Keffals, people are demanding that Cloudflare, which provides security services to websites, stop offering its services to Kiwi Farms, the forum that she alleges organized the swatting. Swatting refers to the dangerous and sometimes fatal internet harassment tactic in which someone pretends there’s an emergency at their target’s home, prompting police to send a SWAT team. 

Streamer Clara Sorrenti, also known as Keffals, was raided at home and arrested on August 5. She claimed that users on Kiwi Farms, a notorious message board with a history of targeting and doxing vulnerable people, organized the raid and continued to harass her and numerous others. 

Cloudflare has not responded to Motherboard’s multiple requests for comment.

Sorrenti told me that a thread about her is one of the fastest-growing on Kiwi Farms. 

“Since March, they've doxed me three times. The information that they posted was used to swat me as well as an elderly man in Toronto where they thought I lived,” she said. “They've doxed members of my family. They've tried to terrorize me and do everything they can to ruin my life, and I'm one of countless people who have been affected by this. There's three people who've been documented that have taken their own lives as a result of this website. And I want to do everything I can to get this website off the internet.” 

Kiwi Farms has a reputation for being one of the worst trolling websites on the internet. It’s a place where users specifically misgender trans people, and regularly single out people to dox and harass them. As part of the campaign for Cloudflare to drop Kiwi Farms, more people have come forward on Twitter to share the abuse they’ve experienced when they become the forums’ targets. 

Do you work at Cloudflare and have opinions about its handling of Kiwi Farms? We’d love to talk to you. Contact Samantha Cole from a non-work device on Signal at (646) 926-1726.

#DropKiwifarms and #CloudflareProtectsTerrorists were both trending on Twitter this week, after Sorrenti and supporters started demanding that Cloudflare stop allowing Kiwi Farms to benefit from its protections. Sorrenti wrote on Twitter that Kiwi Farms users have targeted her for this campaign, too: 

Internet infrastructure company Cloudflare provides DDoS protection services to numerous websites, including Kiwi Farms, effectively keeping them online. Cloudflare’s terms of use forbid “content that discloses sensitive personal information, incites or exploits violence, or is intended to defraud the public.” What Keffals alleges falls clearly under this prohibited use of Cloudflare’s services.

Cloudflare has drawn hard lines in the past and revoked its services from some of the vilest websites online, including the Neo-nazi website the Daily Stormer in 2017, and, following increased public criticism and initial refusal to do so, booted 8chan, a popular website for terrorist manifestos. 

It’s also pulled services from websites that provided a public good: in 2018, Cloudflare kicked Switter, a social platform for sex workers to help keep each other safe, off of its services, citing  the FOSTA/SESTA bill as the reason.

People have also started replying to Cloudflare employees’ tweets with demands that the company stop serving Kiwi Farms. 

People on Twitter, as well as Sorrenti, claimed that the official Cloudflare account hid replies on its tweets related to dropping Kiwi Farms, and then deleted tweets that were ratioed by people talking about the campaign. Cloudflare’s Twitter account normally posted at least daily before this week, but hasn’t tweeted in four days, as of writing.