Terry Nelms

Posted September 7, 2017

Terry Nelms, director of research at Pindrop, discussed his work in telephony fraud detection during the Cybersecurity Lecture Series on Friday, September 1st. Organized by the Institute of Information Security & Privacy (IISP) at Georgia Tech, the free and open-to-the-public Cybersecurity Lecture Series invites thought leaders who are advancing the field of information security and privacy to give one-hour lectures about their research.

“The phone channel is currently a security weak link and is being exploited by criminals for profit,” said Nelms, who started his lecture by explaining the motivation behind his research and Pindrop’s mission to protect call centers and the public from scams.

Unlike email spam, which has led to a multi-billion-dollar anti-spam industry, telephony spam and scams have not received significant attention by the security community. The low level of security in the telephony channel as well as the increasing availability of IP telephony enable cybercriminals to craft large-scale attacks at low cost using techniques like spoofing and robocalling. These spammers and scammers not only trick victims into sharing their credit card information, but also impersonate their victims at financial institutions using the information they gathered.

Nelms’ research team at Pindrop is able to better detect telephony fraud by using a Phoneypot, a telephony honeypot that redirects all the calls it receives to a software PBX (Private Branch Exchange), which then records the call data and audio for further analysis.

The recorded audio files are first transcribed into text files and processed using natural language processing techniques. The transcripts’ topics are clustered to indicate if a number of calls from different source numbers talked about the same or highly similar topics. When a cluster appears, it is highly likely that those callers either played the same recording or read from the same script. Nelms showed some recurring topics in those transcripts, which included offering a front-page location on Google for advertising, and promoting a free cruise to the Bahamas.

Nelms’ team then uses Pindrop’s patented technology called Phoneprinting™ to identify the infrastructures used to make such fraudulent calls. Phoneprinting takes an audio call and breaks it down to 150 unique call features to create an audio fingerprint of a telephony infrastructure. The rationale behind using such technology, according to Nelms, is that it is easy for fraudsters to change phone numbers, but it is much harder for them to change audio characteristics like spectrum, noise, and loss, which are used by Phoneprinting to identify telephony infrastructures.

An analysis of the unsolicited calls received by the Phoneypot reveals a surprising yet somewhat reassuring finding.

“More than half of all robocalls we observed were from 38 telecom infrastructures, implying that a small number of bad actors are responsible for the majority of fraud,” he said.

This finding reveals a clearer picture of the actors behind telephony fraud and points to a potential solution to the problem—what if we focus our attention on blocking the infrastructures used to make those fraudulent calls rather than blocking the phone numbers which can be easily spoofed?

That is exactly what Nelms intends to do.

“A next step in this research would be to identify the geolocations of the telecom infrastructures that are being used for robocalls,” Nelms continued. “Instead of blocking phone numbers, we should target the robocall telecom infrastructure because it’s harder and more costly to change.”

Nelms received his B.S. and M.S. in Information Systems and a Ph.D. in Computer Science from the Georgia Institute of Technology. He was introduced by Mustaque Ahamad, professor of computer science and his Ph.D. advisor at Georgia Tech, who also is a co-founder of Pindrop.

“Terry did outstanding work for his Ph.D.,” said Ahamad. “He has made many contributions in the cybersecurity area and I am confident that his team at Pindrop will play a major role in securing voice interactions.”

Georgia Tech licensed to Pindrop the intellectual property developed by Vijay Balasubramaniyan for use in the marketplace. Balasubramaniyan, co-founder, CEO & CTO of Pindrop, received his Ph.D. in Computer Science from Georgia Tech in 2010, also under the guidance of Ahamad.

Reflecting on his education at Georgia Tech, Nelms said, “Georgia Tech is a great place to learn what research is and how to do it.”

“My advice [for current Georgia Tech students] would be to prefer hard impactful problems over easier ones even though the risk of not finding a solution is greater,” he added. “It’s better to fail at solving an important problem than to solve an easy one that has little value.”


— Yanfeng Jin