Slashdot Mirror
Caller ID Falsification Service
Dan writes "
A US website will offer Caller ID falsification service...Slated for launch this week, Star38.com would offer subscribers a simple Web interface to a Caller ID spoofing system that lets them appear to be calling from any number they choose. [...]
SecurityFocus took the site for a test drive, and found it worked as advertised. The user fills out a simple Web form with his phone number, the number he wants to call, and the number he wants to appear to be calling from. Within two seconds, the system rings back, and patches the user through to the destination. The recipient sees only the spoofed number displayed on Caller ID. Any number works, from nonsense phone numbers like "123 4567" to the number for the White House switchboard."
As Kevin Mitnick pointed out in his book The Art of Deception, anyone with a PBX system can program their outgoing Caller-ID information to show anything they want.
As far as star38.com goes, I wonder what purpose they hope to serve by doing this. After all, it's a free service, and as we all know, nothing in this world is free. Could it be that star38.com will sit in the middle and record these conversations, either to sell prank calls a la The Jerky Boys? Or, maybe they'll gleam little bits of information about people and sell that marketing information to companies?
Overrated / Underrated : Moderation
I need a service like this, to make my CallerID more accurate. I have a VoIP landline and a mobile phone, with two different numbers. The landline rings my mobile simultaneously, at no charge, so I distribute only that phone#, and answer whichever phone is nearest - I'd prefer the mobile# remain undisclosed, to funnel all calls through the landline#. But when I initiate calls from my mobile, the recipient gets only the mobile#, which they might call back directly, insert into their contacts list, etc. But incoming calls on that mobile# won't ring my landline (although a less robust service for the mobile has a charge, while the landline multiringing doesn't). So I'd like to spoof the landline# when making mobile calls.
One way to do it would be to call a service at my VoIP landline, authenticate my mobile# CallerID, and replace the call to the actual recipient, from the landline with the landline# sent in CallerID. A better way would be to learn from email, and include both a "From:" and a "Reply-To:" field in the sent CallerID metadata. This service is a step in the right direction.
--
make install -not war
My daughter and her friends figured out a way to do this years ago. Here's the scenario:
Amy is supposed to be having a sleepover at Beth's house, but instead is spending the night with her boyfriend Carl.
Dad calls Beth's house to speak to Amy. Beth says, "Oh, Amy's in the bathroom. I'll have her call you back when she gets out." A minute later, Dad's phone rings, Beth's number displays on the Caller ID, and Amy's voice is on the line. Dad is satisfied that Amy is at Beth's house. Wrong!
What happened is that after speaking to Dad, Beth calls Amy at Carl's house, initiates 3-Way Calling back to Dad's number, then hangs up as soon as Das picks up the phone. Amy (at Carl's house) is on the line, but it's Beth's number on the Caller-ID because that's where the call originated from.
I have gray hair.
So, sometimes, we changed the number enroute so that it would launch a new ticket window instead of a ticket with 20,000 IDs all indexed to the same phone number. We just marked it with a random number that let the techs know this was not their real home phone, and thus, had to ask for a callback number if needed.
We also had hackers that did this as well, like one guy in Vancouver who hacked the ANI so he could make illegal and harrassing long distance calls in the US using a US 800 number that would, in theory, make the call unbillable.
Then there's the mysterious 604 number that people get from time to time...
>Now the neighbor's kid can activate my credit cards he stole from my mailbox without breaking into my place to use my phone line.
I would hope the credit card company is using the ANI (Automatic Number Identification) on their 800- line instead of caller ID. It's not subject to the same spoofs.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
if you actually had bill's number to begin with, you probably deserve his passwords as well... have you ever called Microsoft? if you don't know the exact name of the person you want to talk to, they won't even talk to you. if you ask for a "department" they will tell you to bugger off!
Debt collection agencies cant (in the US) hide who they are. They can't hide the purposes for which they call you. Ie; every call you get starts with "any information collected is for the purpose of collecting a debt..."
They can't call you on Sunday, they can't call you at work or after 6PM (IIRC), without your explicit permission.
There's very little a debt agency can do. They have no power, and they can't make you pay. They can only remind you that you owe. They like to sound official and intimidating, because they want to scare you into paying up, and paying all the ridiculous late fees and stuff they assess.
The only way they can make you do anything is through the courts. Once things get that far, you can cut a deal, like paying off the debt but dropping the late fees etc. Because then they compare the late fees to legal fees. Note that by this point your credit report is already boned so you aren't hurting yourself by not bending over for the thugs.
I don't need no instructions to know how to rock!!!!
Amy was spending waaaaaay too much time in Beth's bathroom. ;-)
Actually, Beth's mother got pissed at the number of 3-Way Calls on her bill, and demamded that I pay for some, since they involved my number -- as well as Carl's.
From that point, it didn't take long to figure it out.
I guess you've never been in the situation where some faceless company decided you owed them money for no reason.
.. but I can't tell everyone in the office to switch to webmail. I also had no interest in going around and reconfiguring everyone's mail client to use a non-standard port (my router at the time didn't have the capability to do that itself).
Bell Canada decided our office owed them money. We had a DSL account with them for about two years. One day, all of a sudden, I could no longer connect to port 25. Called them up, and asked. First guy said "No, we haven't made any changes at all. must be your end". Looked around some more, found I was definately being blocked. Called back, and this guy told me that they had noticed one of their connection racks hadn't been blocking port 25, so they "fixed it". Fine, whatever, created a dns alias for the network to send our smtp mail to their smtp server.
This was fine for a month or so, but then it would randomly die.. their SMTP server just stopped working intermittently, for an hour or so. About the third time it happened (and this time it lasted a few hours, beyond the point of being a major annoyance, where it was hindering the business), and I was actually in the office this time, I called them to see what was going on. The tech told me that they were getting hammered by viruses sending spam, and that it would go away eventually. "Eventually" does not work for business.
So I asked them to unblock port 25 for me (since it's virus free), even if to only my own properly configured mail server, so I could send email. He told me they can't. So I asked how I was supposed to be able to send email, to which he replied that their webmail was working. Yeah, that's great, I have webmail too
So I called up another ISP, and asked them when they could have DSL in.. they said 5 days, which just happened to correspond with my billing period with Bell. So I called bell back, and told them to cancel the account.
Here's where it got real fun. They said ok, we can cancel, but you will still owe us $300 or something for terminating the contract early. Contract? I looked at our bills.. initially, we had signed on with a one-year contract, but all of our bills after that just said "monthly recurring charge" with absolutely no mention of a yearly contract. The month where it would have renewed was no different from any of the rest of them.
So we pointed this out, and they said that regardless of what the bills said, we were on a year contract still. So we asked them to fax the contract to us. "Uh.. we don't have it". Well, we didn't have this supposed contract either.. most people at this point would assume with no contract anywhere, that there was no contract. Well, next they told us it was a "verbal contract" to renew, but couldn't tell us who exactly made this contract (only me and the owner would be authorized to do that, and being the IT person, I'm the only one who actually would have done it), nor produce a recording of it or anything. So at this point we said, well, no contract, come get your modem, we're done.
A few months later, we got a notice in the mail from bell saying we owed them $500 or something now, for an outstanding balance plus interest plus late fees etc. Called them up to clairify this, and again went through the same stupid banter, with the same conclusion. That was about a year ago, and we haven't heard anything else from them since. Maybe they'll decide to sue us or something, I don't know. But taking us to court over a "verbal contract" without knowing who exactly made it or anyone at our company who's authorized having any recollection of it seems a bit flakey to me.
Since that happened, I've learned a few other people have been burnt by them as well. The trick is, they'll never take you to a collection agency. They have their own internal collections, and they'll get it through their subsidary companies. Ie, If you owe money (or they think you do) on a Sympatico internet
Speak before you think