(CN) – AT&T claims two Utah men defrauded it by breaking into its caller-ID system with auto-dialers to steal valuable customer data through “hundreds of millions of ‘spoofed’ telephone calls.” They probably used the stolen information for telemarketing, AT&T says.
In a federal complaint in Dallas, AT&T and its subsidiaries claim that Phil Iverson and Chris J. Gose masterminded the scam, acting, or claiming to act, on behalf of co-defendants CCI Communications, Feature Films for Families, and Blue Skye, among others.
AT&T claims the men used an auto-dialing program to repeatedly and deliberately place “spoofed” calls to landline and wireless customers.
“The purpose of these spoofed calls is to trick AT&T’s electronic telephone switches (which are specialized types of computers) and related network facilities into searching for and delivering to the defendants, caller ID name and number information for hundreds of millions of telephone numbers stored in AT&T’s electronic customer name database and other electronic customer name (CNAM) databases,” according to the complaint. (Parentheses in complaint.)
It adds: “This information has considerable commercial value, particularly given the increasing number of wireless service subscribers and hence wireless telephone numbers, for which matching name and number information is generally not available through published directories, directory assistance, or other public information services.”
AT&T says the men did this to harvest commercially valuable subscriber names and numbers and use them illegitimately for their own business interests, probably including but not limited to telemarketing.
“Defendants likely have used the misappropriated CNAM data for telemarketing and/or other commercially valuable purposes,” the complaint states. “Since 2006, AT&T’s internal network fraud detection organization has uncovered numerous instances of defendants’ data mining schemes. In some cases, AT&T has terminated or disabled the services that defendants have used to accomplish their unlawful data mining; in other cases, defendants themselves have stopped using their AT&T services once the fraud has been detected.
“But even when they abandon one service, defendants’ data mining continues – in new locations, using different telephone lines, different services, and even different carriers. By constantly adjusting and refining their data mining techniques, Defendants have been able to launch a series of cyber-attacks on and gain unauthorized access to AT&T’s electronic CNAM database during the past 5 years.”
To run the scam, AT&T says, the men purchased some of its services, including caller ID, then made spoofed calls to cause AT&T’s computerized switching system to generate an electronic caller ID inquiry to send information to the called party.
“Because the defendants are on both sides of these calls – initiating and receiving them – they are able, on the calling side, to use computerized auto-dialing functions to spoof millions of calling numbers for which the defendants seek CNAM data and then, on the receiving end, to capture the customer name information displayed on their caller ID devices,” AT&T says.
AT&T says this is illegal, and has cost it a lot of money: “Defendants’ unlawful data mining has imposed significant costs on AT&T – including not only the network-related costs of processing hundreds of millions of spoofed telephone calls, but also the costs and fees associated with the CNAM data searches themselves (which are charged for on a ‘per-dip’ basis by the CNAM database providers) and the costs of detecting, uncovering, and taking steps to reduce the recurrence of, the fraud.”
AT&T seeks an injunction and actual and punitive damages for fraud, misrepresentation, trespass to chattel, conversion, unjust enrichment, tampering with computer data and computer trespass.
It is represented by house counsel Lawrence Fogel of Dallas.