Slashdot Mirror
Caller ID Falsification Service
Dan writes "
A US website will offer Caller ID falsification service...Slated for launch this week, Star38.com would offer subscribers a simple Web interface to a Caller ID spoofing system that lets them appear to be calling from any number they choose. [...]
SecurityFocus took the site for a test drive, and found it worked as advertised. The user fills out a simple Web form with his phone number, the number he wants to call, and the number he wants to appear to be calling from. Within two seconds, the system rings back, and patches the user through to the destination. The recipient sees only the spoofed number displayed on Caller ID. Any number works, from nonsense phone numbers like "123 4567" to the number for the White House switchboard."
Star38.com claims it will screen subscribers, and initially make the service available only to licensed private investigators and collection agencies. Jepson and his partners believe that collection agencies in particular will find the service invaluable for getting recalcitrant debtors to answer the phone.
Debt collection agencies already mask their online and phone identities pretty well. Using common telephone setups (before the big Asterik "save the children" bullshit) they just appeared as whatever they wanted. In fact their web-presence is generally unknown and they even mask their hostnames to the rest of the world with benign addresses like mta-mailserver.alliedfinancial.com (this is a recreation of an actual NAT host used by a collection agency).
Private Investigators should opt for paying the phone company to offer them a similar service (or better yet don't call from your business phone).
If they are really allowing ANY number it isn't going to make it very far out of the "hype-stages". Think of what this could do to our children and what could happen in the hands of the terrorists!
CallerID: "J. KERRY CAMP. OFF. HQ"
Caller: "Hi, I'm calling you to vote for John Kerry via absentee ballot."
John_Overseas: "Ok. Count me in. Down with Bush!"
Caller: "Done. Thanks for helping Bu...I mean...Kerry win!"
Caller: "Another close one Dubya."
The methods behind this are still hidden. They claim that it's not VoIP as most people currently do...
Any speculation what it could be?
Jepson claims the service will charge a twenty-five cent connection fee for each call, and seven to fourteen cents per minute.
Hopefully this will deter the telemarketers. That's my biggest fear.
Howard doesn't call anyone - thats some guy named Captain Janks, and certaintly doesn't need this, he does just fine already.
Although the calls are funny - he actually provides a useful service to all of us - he shows how easy it is for a complete phoney to get through on the news. The media gets into such a major rush to be first on everything that they put him right on the air and give him the chance to say "Howard Stern's balls" or something like that. The scary part is, who's doing this and doesn't let in on the joke? We can never know for sure. Don't trust those people who call in during news broadcasts!
As Kevin Mitnick pointed out in his book The Art of Deception, anyone with a PBX system can program their outgoing Caller-ID information to show anything they want.
As far as star38.com goes, I wonder what purpose they hope to serve by doing this. After all, it's a free service, and as we all know, nothing in this world is free. Could it be that star38.com will sit in the middle and record these conversations, either to sell prank calls a la The Jerky Boys? Or, maybe they'll gleam little bits of information about people and sell that marketing information to companies?
Overrated / Underrated : Moderation
I need a service like this, to make my CallerID more accurate. I have a VoIP landline and a mobile phone, with two different numbers. The landline rings my mobile simultaneously, at no charge, so I distribute only that phone#, and answer whichever phone is nearest - I'd prefer the mobile# remain undisclosed, to funnel all calls through the landline#. But when I initiate calls from my mobile, the recipient gets only the mobile#, which they might call back directly, insert into their contacts list, etc. But incoming calls on that mobile# won't ring my landline (although a less robust service for the mobile has a charge, while the landline multiringing doesn't). So I'd like to spoof the landline# when making mobile calls.
One way to do it would be to call a service at my VoIP landline, authenticate my mobile# CallerID, and replace the call to the actual recipient, from the landline with the landline# sent in CallerID. A better way would be to learn from email, and include both a "From:" and a "Reply-To:" field in the sent CallerID metadata. This service is a step in the right direction.
--
make install -not war
It seems like what this service does is calls the two numbers and conference them together. So even if they get the ANI, it's going to be the ANI for the central server.
_______________________________
"I'm not Conceited...I'm just a realist..."
Why would a website want to offer this kind of service and put themselves in legal jeopardy?
And could traditional phone companies block them the way spam is blocked, to say anything originating from their service is blocked? I hope the telemarketers don't start using this kind of system. I am on the do not call list, and suddenly the number from which telemarketers call has switched from USA numbers to numbers located in Canada.
Reminds me of the day when I receaved a bill for $100 for a mag subscription to a sports mag I never wanted.
(Not a sports fan)
They identified themselfs and I contacted a laywer who was apparently handling a class action lawsute against thies people (not the dept colection agentcy but the people they were colecting for) for fraud.
Dept colection agentcys should not be alowed to hide who they are (or who they work for) for this reason.
I don't actually exist.
My state has laws saying if you tell a creditor to stop calling and only communicate with mail, they have to honor that. Yet I know people with bad credit, and the phone rings with "Unidentified" in the caller ID. He is pretty sure it is the collection agencies because it happens all day long, at least once every other hour. About every 10th one of these unidentified calls is a recorded message saying "call 1-913-xxx-xxxx" or some number like that.
How can collection agencies circumvent the law? How can someone prove it is them?
My daughter and her friends figured out a way to do this years ago. Here's the scenario:
Amy is supposed to be having a sleepover at Beth's house, but instead is spending the night with her boyfriend Carl.
Dad calls Beth's house to speak to Amy. Beth says, "Oh, Amy's in the bathroom. I'll have her call you back when she gets out." A minute later, Dad's phone rings, Beth's number displays on the Caller ID, and Amy's voice is on the line. Dad is satisfied that Amy is at Beth's house. Wrong!
What happened is that after speaking to Dad, Beth calls Amy at Carl's house, initiates 3-Way Calling back to Dad's number, then hangs up as soon as Das picks up the phone. Amy (at Carl's house) is on the line, but it's Beth's number on the Caller-ID because that's where the call originated from.
I have gray hair.
So, sometimes, we changed the number enroute so that it would launch a new ticket window instead of a ticket with 20,000 IDs all indexed to the same phone number. We just marked it with a random number that let the techs know this was not their real home phone, and thus, had to ask for a callback number if needed.
We also had hackers that did this as well, like one guy in Vancouver who hacked the ANI so he could make illegal and harrassing long distance calls in the US using a US 800 number that would, in theory, make the call unbillable.
Then there's the mysterious 604 number that people get from time to time...
I don't like the thought of goofballs mucking around with the service either but I can see legitimate uses for it.
Take a look at some of these nifty caller-id features such as "Prevent Your Number from Displaying on Caller ID" or "Caller ID with Anonymous Call Block"
Suppose your phone number is unlisted and typically shows up as "Anonymous" or "Unavailable" to caller ID. Now suppose the recipient of your call has Caller ID with Anonymous blocking. You can't get through or, with some services, you have to leave your name at the tone and hope they pick-up and decide to take your call.
It would serve as a way to make your own number show up when you want it to but otherwise remain anonymous and not defeat the purpose of having an unlisted telephone number.
If you do what you always did, you get what you always got.
Standards for honesty for any method of a collection company presenting itself are very strict. Wording of exactly what can be said is drilled into collectors. You can't claim to be an old college buddy, a cop, lawyer, or anything else to try to get someone on the phone. If you can't tell someone a lie like that, I don't see how telling a lie by caller ID would be any more allowed.
>Now the neighbor's kid can activate my credit cards he stole from my mailbox without breaking into my place to use my phone line.
I would hope the credit card company is using the ANI (Automatic Number Identification) on their 800- line instead of caller ID. It's not subject to the same spoofs.
Every time a killer taughted his victim over the phone you'd know right away who John Q. Killer was but, leave it to the MPAA and their crafty ways to secretly fund this anti-Caller ID technology....
if you actually had bill's number to begin with, you probably deserve his passwords as well... have you ever called Microsoft? if you don't know the exact name of the person you want to talk to, they won't even talk to you. if you ask for a "department" they will tell you to bugger off!
I think there's another risk here though, which is less stated. This service is to go live Sept 1st, from the web site. Unless it's on a minimal page after getting /.ed, I couldn't find any link to terms and conditions. What exactly are you submitting to when you use this? Is your information safe? Keep in mind, the call is routed through their system. Right now, until I see T and C which specifically states that my information is priviledged and cannot be listened in on or used against me, I can only assume it will be. They must have some concept of how they intend to make money.
Also, who's liable for the damages WHEN (not if) someone uses it to commit a crime? This company, I can forsee turning anyone over at the drop of a hat. They're going to have a hard time pleading the internet provider's argument that they are merely the conduit (and therefore not liable for the actions of individuals on their networks), since there is little or no use for the system for legal ethical purposes.
This "service" won't last long. This was brought up on a Telehpreak.org conference (shameless plug). There's better ways to do this _with_ VoIP. It's much easier to go down to my local store (with cash), by a pre-paid Visa card with any name I want. Then, use that card to signup with a VoIP server (Voicepulse, Vonage, etc). Then, using the fun of Asterisk, set my caller ID to anything I want. No ANI [it's VoIP], spoofed caller ID, and anonymous.
We actually thought about setting up a similar type of service (more of a concept service, really) to allow CID spoofing. After much discussion, between ourselves and the EFF, we decided that it wasn't a very smart thing to do.
http://www.telephreak.org
Amy was spending waaaaaay too much time in Beth's bathroom. ;-)
Actually, Beth's mother got pissed at the number of 3-Way Calls on her bill, and demamded that I pay for some, since they involved my number -- as well as Carl's.
From that point, it didn't take long to figure it out.
> Let's not even start talking about all the wonderful social engineering that can now be performed with this great service. "This is Bill Gates. I forgot my password. Give it to me."
It's probably a front for an FBI sting operation, an invitation for stupid criminals to use them as a middle-man in their crimes.
Sheesh, evil *and* a jerk. -- Jade
Feel free to tell Darl to take a chill pill. A number of people have supposedly sent him death threats (just as other wierdos have sent threats to PJ of Groklaw). While I seriously doubt any of those people were serious, Darl is pretty stressed out about them. He has even started carrying a gun and should be considered armed and dangerous. I don't doubt that he'd shoot someone who tried to approach him if he even so much as suspected they might attack him.
c k/index. html
Anyhow, so long as you're not stupid enough to get yourself killed by him, here's all the contact info you could want:
The SCO Group
355 South 520 West
Suite 100
Lindon, Utah 84042 USA
(801) 765-4999 phone
(801) 765-1313 fax
Contact SCO online
http://www.thescogroup.com/company/feedba
Darl C McBride
1799 Vintage Oak Ln
Salt Lake City, UT 84121-6539
Darl's home phone #: (801) 424-2006
Darl's office phone #: (801) 932-5820
Email Darl: darl@sco.com