Slashdot Mirror
Caller ID Falsification Service
Dan writes "
A US website will offer Caller ID falsification service...Slated for launch this week, Star38.com would offer subscribers a simple Web interface to a Caller ID spoofing system that lets them appear to be calling from any number they choose. [...]
SecurityFocus took the site for a test drive, and found it worked as advertised. The user fills out a simple Web form with his phone number, the number he wants to call, and the number he wants to appear to be calling from. Within two seconds, the system rings back, and patches the user through to the destination. The recipient sees only the spoofed number displayed on Caller ID. Any number works, from nonsense phone numbers like "123 4567" to the number for the White House switchboard."
Its a copy and paste from theregister.co.uk.
i d_ falsify/
http://www.theregister.co.uk/2004/08/30/caller_
A feeling of having made the same mistake before: Deja Foobar
Anybody can spoof their own Caller-ID info with the right equipment. Use a multi-thousand-dollar system from Panasonic, or go cheap and use Asterisk with a $125 PCI card from Digium.
tasks(723) drafts(105) languages(484) examples(29106)
Phone customers with 800 and other toll free numbers get the caller's number delivered via ANI (automatic number identification), which is not CallerID. I suspect that this service will not change the ANI, as ANI is much harder to block than CallerID.
A PBX. Seriously, any PBX that allows ANI generation will let you do this. The phone companies switches just forward an ANI if there is one present. When you pick up your phone and make a call the CO generates an ANI for you with your name and phone number now when it calls where ever it keeps fowarding it. You can also spoof an ANI with some calling card services. Basically, you can think of an ANI as being as secure as the proposed DDOS flag on TCP packets.
All my calls go to the answering machine...
I don't have the article on me at the moment, but IIRC the caller ID info is sent on something like a 300 baud modem signal mux'd with the ring (ring_caller-ID_ring). That's why you have to wait sometimes 2 or three rings to get the info. All they have to do is
1) Tell the telco they want Caller ID blocking (disables telco caller ID info)
2) Send the *spoofed* info between rings with the appropriate format
3) Profit! (i know there should have been ???)
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
T1 protocols let you send caller ID when you place a call. Most telcos either ignore it and put in your "default" number or only let you use specific numbers that you "own".
I have programmed an IVR system that went through a telco who didn't check the caller ID and I was able to send any number I wanted. I used this feature to test our system since I was able to call as any of our customers (and verify that I got the correct callerID-based greeting & info)
I've also used a telco who always puts in 9999999999.
This is true. A radio station in Florida got in trouble because they made a phone call to Fidel Castro without informing him that he was being broadcast live on the radio.
Yes. You can find the FTC notice here. Basically telemarketers must provide a real number (and name if technically able). This name/number must be either theirs or the company they're calling on behalf of and it must be a number that is answered during normal business hours.
No, it doesn't. This has been possible for YEARS. Normally it would require the use of a very expensive piece of equipment known as a PBX. It's able to display caller-id however they want it to. Notice how when you receive calls from very large companies, the number always comes back as the main line, instead of the individuals desk number? That's the PBX working. This is nothing new, and it's not illegal.
They should do their research. There are very strict laws about debt collectors calling. They cannot contact you outside 8AM-9PM, for example. If they call you, they are legally required to provide a mailing address if you ask, and if you send them a letter requesting no further contact, it is illegal for them to continue to contact you (except one call saying they received the letter). They can still sue your ass in court, and you can get served with papers, etc, but the debt collector themselves cannot contact you. Additionally, if you have an attorney, they must call the attorney, not you.
Most importantly, they are also prohibited from misrepresenting themselves. I'd say falsified caller id falls pretty clearly under misrepresenting. (They can block caller-id, that's fine, but they can't say they're Joe's Pizza, for example). I sincerely hope these guys get sued into oblivion for encouraging slimy debt collection processes. It's not clear the service itself is illegal, but debt collectors using it to identify themselves as someone else very clearly is. I predict some attorney general is going to have a field day with this. I plan to write to mine about it.
More info: http://www.ftc.gov/bcp/conline/pubs/credit/fdc.htm
There is no sig, there is only Zuul.
Actually, they'd go one step further. They'd send the new password directly to his voicemailbox, or deliver it in person.
Otherwise if you can walk into somebody's office you can access their computer.
"do you have any idea how many college kids get 4 or 5 credit cards, thrown their way"
Simply having credit cards doesn't put you in debt (and shouldn't cost you anything, either). The problem isn't the availability of credit cards, it's the complete lack of understanding what a credit card is that students get into trouble with. For some reason, many people think of a credit card as free money - that if it's not draining their account right now, it's not real money. Parents are to blame, not heartless corporations (this time).
G
All phone companies offer a way to turn on and off this (and all other) features. With my local telco we dial *82 then the number to allow the caller id information through. I still don't see a legitimate use for this service. Cool hack, maybe. Useful, not from what I've seen.
Its not a free service, its 25 cents to initiate the call and 7-14 cents per minute.
Then your friend is violating the law and is one of those scumbag debt collectors who fancies himself sort of of skip tracer or PI.
The Fair Debt Collection Practices Act, Section 805, part B:
They can call your acquaintances to find you, but they cannot communicate why they're looking for you and they cannot keep doing so once they have made contact with you. Section 805, Part C says that debt collectors must cease contact with you if you tell them to, at the point they must do so and from then on can only contact you to tell you they're taking some sort of legal remedy (like suing you).
Oh yeah, and if by "Allied Group" you mean "Allied Interstate" I see why your 'friend' is such a scumbag. Look them up on Google and you'll find story after story of innocent people hounded by these pricks because they're too fucking incompetent and aggressive to do their job properly. Minnesota, for one, has taken legal action against them for their unlawful operations.
The telemarketing scumbags have been masking their identities for quite some time without this 'service' so I am just finishing yawning over the article, which has a few inaccuracies that I correct below.
The ICLID (Individual Caller ID) field is separate from the ANI field in the SS7 message. Depending on your tariffs you might or might not be able to stuff the ANI field; you almost always can stuff the ICLID field with whatever nummer you want.
What the other end displays is not always consistent across the various operating companies and carriers, so don't go strutting around like you've pulled the wool over everyone's eyes just yet.
Further, the name lookup that you see on your display is performed by the terminating switch (serving you), so you can't spoof that. Of course, if you spoof John Q. Smith's nummer it will usually show his name, unless he is not a subscriber of your local tephone cumpny; in that case you get nuttin and like it. Even that is subject to variations due to interexchange agreements.
All in all, this service does not meet the technical neatness test, can't overcome the stupidity and ineptness of the various carriers, and is just a jolly good way for somebody to make some extra bucks. It's probably easier just to go down to 7-11 and use their coin box and get it over with.
Have fun!
slashdot: A failed experiment.
First: That the person knowingly and willfully devised a scheme to defraud, or for obtaining money or property by means of false pretenses, representations or promises; and Second: That the person knowingly transmitted or caused to be transmitted by wire in interstate commerce some sound for the purpose of executing the scheme to defraud.
but... it goes on to state
It is not necessary that the Government prove all of the details concerning the precise nature and purpose of the scheme; or that the material transmitted by wire was itself false or fraudulent; or that the alleged scheme actually succeeded in defrauding anyone; or that the use of interstate wire communications facilities was intended as the specific or exclusive means of accomplishing the alleged fraud. What must be proved is that the person knowingly and willfully devised or intended to devise a scheme to defraud; and that the use of the interstate wire communications facilities was closely related to the scheme because the person either wired something or caused it to be wired in interstate commerce in an attempt to execute or carry out the scheme.
Smells like wire fraud to me...
"Telling them not to call YOU doesn't mean that they stop. They call your friends, your family, your boss, your co-workers, your babysitters, anyone..."
Yup...I had credit problems about 10 years back as a young 20 something with too many credit cards and not enough selfwill and no friends willing to kick me in the ass. I've since taken personal finance classes and had a stint dealing with credit councling and kept my record clean since then...
BUT in my quest to get out of the debt that was actually impossible to do on my own (when the vampires move you to 26% interest, and then move your bill to a irregular schedule where you have 7 days from the time its mailed to pay or you will be considered late with a $30 late fee, and BTW we just lowered your credit, so you are now over the limit and thats another $30 over the limit fee and a few months later, your original $1000 in credit card fees is now $3500 without charging anything -- I'd consider that impossible to get out of).
But during my time in debt, I had asked these guys to never contact me again -- in writting -- and asked them to take up the debt with my credit councellors or my attorney (who is a friend and I trade work for services with).
So what happens, they legally have to stop contacting me -- but they threatened to sue both my parents living in seperate states, even though they weren't connected to me financially -- but it was noted one of my bank accounts from when I was under 18 had their sigs on it ($15 in there that I didn't know about), and then they started calling the neighbors. My two neighbors on both sides of me claimed that a credit agency was calling to see if they had any information on me they could share, but 'legally' they couldn't give them any information about what they were contacting them for other than they were with "You Skipped Town And Owe Us Credit Recovery Corporation" (it was actually something sleezy like that). They did this with my employeers as well, but the human resources department didn't give a fuck (they actually called to let me know and said they had forms I could fill out if they wanted the company not to call at work). I don't think they broke any laws, but they were in plenty of grey areas.
So, and noting this is off topic with the article but very on topic to the parent post, if you feel like telling them to stop contacting you, do so. But do it at your own risk. Its better just to get into a program to pay the stuff off and do it as soon as you can...just don't get into one owned by the same corps (like CCC).
try wildgate.com -
sign up for an account and you have the choice in your prefs on what outgoing ID you want...
cost $5.00 or so.
been around for years now.
Yes, the laws being referred to are federal. Some states add even more restrictions to them, but those are basic rights. I no longer do, but I have worked in collection recently as an extra job. I also have helped a friend find the appropriate information to stop a big cell phone company from illegally harassing him. I won't say which one, but they sold the "debt" to an outside agency that was causing the problems.
There is the Fair Debt Collection Act which covers most of these rules, such as you can only contact a debtor once every 7 days. You can call several times a day talking to others in the household/place of employment every day until you do reach the debtor, but once you do, no more calls for 7 days.
If requested IN WRITING not to call any more, you have to honor it. Some agencies honor requests over the phone, but they are not required to. You can also ask not to be contacted by them AT ALL. Like another person already said, this does not stop court summonses or legal proceeding.
A debt collection company must act honestly. They must identify themselves when asked, and up front in some states. They can not give false information in attempt to recover the debt. I assume CallerID falls under this rule here.
A debt collector is required to give you a payment option that does not cost you to use. They can't require you to use Western Union if you have to pay the associated fee. The only "fee" they can legally ask you to pay in order to make a payment is a first class stamp in order to mail a payment in. Now, this doesn't mean if the payment is due tomorrow and you mail it in that you will be protected from the $40 late fee. It is still your responsibility to make your payment by whatever day it is required. They simply have to accept the payment when it gets there. If you CHOOSE to use Western Union to make sure the payment is recieved by the due date, that is your choice to pay the fee.
Another misconception people have is with attorneys. If I call you, and you tell me your attorney is handling the matter, I can no longer call you. However, if I call the attorney and they are not handling the matter (no retainer paid is one reson) then calls are back on your shoulders. If you honestly have an attorney handling your debt, then say so. But if not, it will not help you as you will get a call back the next day attempting to collect again.
Debt reduction services are another major gotchya. Many of them say to referr all debt collection to them. Problem is they are not attorneys, and creditors are not required, and in many cases are not allowed to by law, discuss the debt with them. Many advise not to pay until the reduction plan goes into effect. This is about the worst thing you can do, because it only damages your credit further. If you can, make even partial payments. If you are 4 months behind, at least make 1 month's payment to keep it from going to 5 months. Your credit will thank you. Another problem with debt reduction is some of them are not true Consumer Credit Counseling Services, they are simply settlement agencies. They collect your "monthly payment" until it reaches a certain sum, then offer to pay Credit Card X 50% of the debt in one lump sum. Sure it generally stops the collection, but it also marks your credit "Paid in full for less than the amount owed." Down goes your credit score even further.
And the best advice I can give is just be honest. If you can't pay the bill that week, just tell them. For example, telling them you are going to take a payment down to the department store tomorrow when you have no intention of it will only cause you to get a call back the next day when that payment doesn't show. And yes, that does allow them to call back sooner than the 7 day limit. Keep in mind once they talk to you, especially if you don't offer a payment in the meantime, they can't call you again for 7 days. Plenty of time to get a letter mailed to them to request no more calls at all.
Feel free to contac
...they'd go one step further. They'd send the new password directly to his voice mailbox...
Actually there are lots of voicemail systems out there in "idiot mode" that ID the user from their caller ID and wil dump them straight into their voicemail without any authentication.
Feeding that number into this service and spoofing the callers number would theoretically allow anyone access to someone's voicemail should they know the numbers involved.
Montreal Canada based radio station also caught the queen Elizabeth 2, the Pope, and recently, the president of formula1 !
Future Wiki -- If you don't think about the future, you cannot have one.
I didn't believe the story at first.
Working for a small telecom company having the same technologies available to us to do what this guy is doing (there's no magic involved) I decided to ask my boss what he thought about the news article. He said it was interesting and so illegal....
-----
Stand by, receiving SIG... ERROR 6502: connection timed out!