FCC Unmasks "Royal Tiger": A New Era of Naming and Shaming Cyber Threats
The telecom industry is facing an unprecedented wave of sophisticated cyber threats, making the protection of communication networks more critical than ever. As these networks are integral to our daily lives, the need to defend against malicious actors grows. In response, the Federal Communications Commission (FCC) has implemented groundbreaking measures to enhance transparency and accountability.
In a first of its kind action, the FCC issued a Public Notice that amounts to publicly naming a group of bad actors. The FCC has classified companies related to an entity called “Royal Tiger” as a Consumer Communications Information Services Threat (C-CIST). The FCC stated that it modeled the program after the “Advanced Persistent Threat (APT) labeling approach used to identify and track sophisticated cybercriminals and foreign adversary state actors for notice, tradecraft and attribution purposes.”
The FCC listed Royal Tiger and numerous individuals and affiliates operating in the US, UK, India and elsewhere. The Public Notice (available here: https://docs.fcc.gov/public/attachments/DA-24-388A1.pdf) requires all telecom carriers and industry stakeholders to use the information to enhance their Know Your Customer (KYC) and Know Your Upstream Provider (KYUP) processes. This includes any entity that supplies telephone numbers to these individuals or affiliates either directly or indirectly. Responsible Organizations (Resp Orgs) that supply Toll-Free Numbers directly to end users, as well as resellers or wholesalers, must always perform their own due diligence on end users.
Providing telephone numbers or telecommunications services, directly or indirectly, to anyone on the FCC’s C-CIST list puts your company at risk of FCC enforcement actions. Moreover, if these end users engage in impersonation fraud, your company could also be found liable under the Federal Trade Commission’s rules against impersonation fraud, which prohibit providing the tools for such fraud. Being on the FCC’s C-CIST list is a clear warning to all telecom providers: these entities are potential bad actors.
We recognize that combating fraud and restoring trust in communication requires a united front from industry stakeholders. It's imperative that we continue to collaborate, innovate and implement robust measures to thwart the efforts of bad actors who seek to exploit our ecosystem for nefarious activities. By working together, we can not only mitigate fraud but also reaffirm the integrity of our communication networks, ensuring a safer and more trustworthy environment for all.