Slashdot Mirror
Caller ID Falsification Service
Dan writes "
A US website will offer Caller ID falsification service...Slated for launch this week, Star38.com would offer subscribers a simple Web interface to a Caller ID spoofing system that lets them appear to be calling from any number they choose. [...]
SecurityFocus took the site for a test drive, and found it worked as advertised. The user fills out a simple Web form with his phone number, the number he wants to call, and the number he wants to appear to be calling from. Within two seconds, the system rings back, and patches the user through to the destination. The recipient sees only the spoofed number displayed on Caller ID. Any number works, from nonsense phone numbers like "123 4567" to the number for the White House switchboard."
"Mr. President, you have a call from the Pope."
Right is wrong when left is right.
"The recipient sees only the spoofed number displayed on Caller ID. Any number works, from nonsense phone numbers like "123 4567" to the number for the White House switchboard."
I think that the people who are going to profit from this the most will be guys like Howard Stern (if he's still on the air). He'll ring up anyone he wants and pretend to be working for some fake government agency while the nimrods on the line will be in fear if they have caller id. Oh the laughs... until the FCC has their way with Stern and shut him down.
How many kids are going to get into serious trouble with this service?
Let's not even start talking about all the wonderful social engineering that can now be performed with this great service. "This is Bill Gates. I forgot my password. Give it to me."
So all ye lawyers, would the owners of Star38.com be in the doghouse for this service when the masses start using it as a launchpad for social engineering? I'm thinking, hell yes (but IANAL).
The dangers of knowledge trigger emotional distress in human beings.
Have you ever wanted to post a comment as someone else, for humor or other more mischievous purposes? Now you can thanks to Slashdot's new comment author falsification service! You can be CmdrTaco, Hemos, CowboyNeal, or one of literally hundreds of thousands of other people, some of them actually famous!
Author falsification starts at a mere 10,000 subscription points!
Chalk one up for the stalkers!
Anybody can spoof their own Caller-ID info with the right equipment. Use a multi-thousand-dollar system from Panasonic, or go cheap and use Asterisk with a $125 PCI card from Digium.
tasks(723) drafts(105) languages(484) examples(29106)
Now the neighbor's kid can activate my credit cards he stole from my mailbox without breaking into my place to use my phone line.
Phone customers with 800 and other toll free numbers get the caller's number delivered via ANI (automatic number identification), which is not CallerID. I suspect that this service will not change the ANI, as ANI is much harder to block than CallerID.
As Kevin Mitnick pointed out in his book The Art of Deception, anyone with a PBX system can program their outgoing Caller-ID information to show anything they want.
As far as star38.com goes, I wonder what purpose they hope to serve by doing this. After all, it's a free service, and as we all know, nothing in this world is free. Could it be that star38.com will sit in the middle and record these conversations, either to sell prank calls a la The Jerky Boys? Or, maybe they'll gleam little bits of information about people and sell that marketing information to companies?
Overrated / Underrated : Moderation
I need a service like this, to make my CallerID more accurate. I have a VoIP landline and a mobile phone, with two different numbers. The landline rings my mobile simultaneously, at no charge, so I distribute only that phone#, and answer whichever phone is nearest - I'd prefer the mobile# remain undisclosed, to funnel all calls through the landline#. But when I initiate calls from my mobile, the recipient gets only the mobile#, which they might call back directly, insert into their contacts list, etc. But incoming calls on that mobile# won't ring my landline (although a less robust service for the mobile has a charge, while the landline multiringing doesn't). So I'd like to spoof the landline# when making mobile calls.
One way to do it would be to call a service at my VoIP landline, authenticate my mobile# CallerID, and replace the call to the actual recipient, from the landline with the landline# sent in CallerID. A better way would be to learn from email, and include both a "From:" and a "Reply-To:" field in the sent CallerID metadata. This service is a step in the right direction.
--
make install -not war
Unless they figure out who all my friends and family members are. I don't answer the phone if I don't recognize the number. My current phone number is one digit off from the local KFC, so I get a half-dozen calls every day that I don't answer.
The more advanced and complex our communication systems get the more confusing and time-consuming and frustrating it becomes to communicate. It's odd how many people I know that will send emails to people, or chat online, but barely talk to people in person -- or at least with any real depth. The more "advanced" our communication, the more time we spend dealing with all the problems of communication that crop up (spam, caller id spoofing, junk mail, etc.)
I know this whole group of people who are barely seen by other people and do nothing but communicate with random people from all over the world on a website.
Oh wait... damn ... nevermind
I would simply go back to an answering machine that screens my calls and pick up the line when I recognize the voice, as I did before CallerID.
Cheers,
Erick
http://www.busyweather.com/
My daughter and her friends figured out a way to do this years ago. Here's the scenario:
Amy is supposed to be having a sleepover at Beth's house, but instead is spending the night with her boyfriend Carl.
Dad calls Beth's house to speak to Amy. Beth says, "Oh, Amy's in the bathroom. I'll have her call you back when she gets out." A minute later, Dad's phone rings, Beth's number displays on the Caller ID, and Amy's voice is on the line. Dad is satisfied that Amy is at Beth's house. Wrong!
What happened is that after speaking to Dad, Beth calls Amy at Carl's house, initiates 3-Way Calling back to Dad's number, then hangs up as soon as Das picks up the phone. Amy (at Carl's house) is on the line, but it's Beth's number on the Caller-ID because that's where the call originated from.
I have gray hair.
So, sometimes, we changed the number enroute so that it would launch a new ticket window instead of a ticket with 20,000 IDs all indexed to the same phone number. We just marked it with a random number that let the techs know this was not their real home phone, and thus, had to ask for a callback number if needed.
We also had hackers that did this as well, like one guy in Vancouver who hacked the ANI so he could make illegal and harrassing long distance calls in the US using a US 800 number that would, in theory, make the call unbillable.
Then there's the mysterious 604 number that people get from time to time...
Dear god, BUY A DICTIONARY!!!
You must be lucky to never have had a major sickness in the family. Something like that can drain all bank account funds.
And while I am not defending those who owe money, do you have any idea how many college kids get 4 or 5 credit cards, thrown their way. Heck, they hand out t-shirts and phones and cd's for students who sign up. Students should be a little smarter, but it can be hard to resist the free give away.
Even if the debt is valid, do you think it resonable for collection agencies to call every day. It stinks of harrasment. Perhaps the credit card companies should be a little more picky with who they grant credit to. But for them, a $500 credit line which is not paid, and has interest of 19% or more, and a $30 a month over the limit fee, and another $39 a month late fee, can easily become over $2000 before the credit card sells the debt to some collection agency for a profit. Then the collection agency adds on a collection fee. You could easily see that small debt go up ten fold. They make money getting people into debt.
And I know this person who needed a car for work. Their credit was so-so, not perfect but everything was paid. The dealership sold a low end used chevy for $8000 even though the blue book value was $7000. It was the only dealership willing to finance a car for her, and at a high interest rate for 4 years. She did the math and found out at the end of 5 years she would have paid over $14,000 for that car. And 2 1/2 years into paying the debt, the car's blue book is now worth $3000 but she owes $7000 left. If that car breaks and she can't get to work, how can she pay that debt. She will not have a car but will have a monthly payment due. That is how people get in trouble.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
"do you have any idea how many college kids get 4 or 5 credit cards, thrown their way"
Simply having credit cards doesn't put you in debt (and shouldn't cost you anything, either). The problem isn't the availability of credit cards, it's the complete lack of understanding what a credit card is that students get into trouble with. For some reason, many people think of a credit card as free money - that if it's not draining their account right now, it's not real money. Parents are to blame, not heartless corporations (this time).
G
Debt collection agencies cant (in the US) hide who they are. They can't hide the purposes for which they call you. Ie; every call you get starts with "any information collected is for the purpose of collecting a debt..."
They can't call you on Sunday, they can't call you at work or after 6PM (IIRC), without your explicit permission.
There's very little a debt agency can do. They have no power, and they can't make you pay. They can only remind you that you owe. They like to sound official and intimidating, because they want to scare you into paying up, and paying all the ridiculous late fees and stuff they assess.
The only way they can make you do anything is through the courts. Once things get that far, you can cut a deal, like paying off the debt but dropping the late fees etc. Because then they compare the late fees to legal fees. Note that by this point your credit report is already boned so you aren't hurting yourself by not bending over for the thugs.
I don't need no instructions to know how to rock!!!!
Its not a free service, its 25 cents to initiate the call and 7-14 cents per minute.
Amy was spending waaaaaay too much time in Beth's bathroom. ;-)
Actually, Beth's mother got pissed at the number of 3-Way Calls on her bill, and demamded that I pay for some, since they involved my number -- as well as Carl's.
From that point, it didn't take long to figure it out.
Then your friend is violating the law and is one of those scumbag debt collectors who fancies himself sort of of skip tracer or PI.
The Fair Debt Collection Practices Act, Section 805, part B:
They can call your acquaintances to find you, but they cannot communicate why they're looking for you and they cannot keep doing so once they have made contact with you. Section 805, Part C says that debt collectors must cease contact with you if you tell them to, at the point they must do so and from then on can only contact you to tell you they're taking some sort of legal remedy (like suing you).
Oh yeah, and if by "Allied Group" you mean "Allied Interstate" I see why your 'friend' is such a scumbag. Look them up on Google and you'll find story after story of innocent people hounded by these pricks because they're too fucking incompetent and aggressive to do their job properly. Minnesota, for one, has taken legal action against them for their unlawful operations.
The telemarketing scumbags have been masking their identities for quite some time without this 'service' so I am just finishing yawning over the article, which has a few inaccuracies that I correct below.
The ICLID (Individual Caller ID) field is separate from the ANI field in the SS7 message. Depending on your tariffs you might or might not be able to stuff the ANI field; you almost always can stuff the ICLID field with whatever nummer you want.
What the other end displays is not always consistent across the various operating companies and carriers, so don't go strutting around like you've pulled the wool over everyone's eyes just yet.
Further, the name lookup that you see on your display is performed by the terminating switch (serving you), so you can't spoof that. Of course, if you spoof John Q. Smith's nummer it will usually show his name, unless he is not a subscriber of your local tephone cumpny; in that case you get nuttin and like it. Even that is subject to variations due to interexchange agreements.
All in all, this service does not meet the technical neatness test, can't overcome the stupidity and ineptness of the various carriers, and is just a jolly good way for somebody to make some extra bucks. It's probably easier just to go down to 7-11 and use their coin box and get it over with.
Have fun!
slashdot: A failed experiment.
A billing error can be resolved directly with the company. I've had billing errors. I've had the bank cash checks for the incorrect amount. I've never had a firm that wouldn't work to address the issue. It's not like the cable company accidentally charges you for Showtime and then immediately sends your account to a collection agency. It takes months before they even consider selling the debt.
The fact is that most people will simply ignore the bills instead of taking some responsibility. If you can't pay, you need to call up the company and talk to them, not throw the bill away and worry about it next month. Almost every single company will work with you to negotiate something (not because they're nice guys, but because it is cheaper for them than foreclosure, reposession, or selling to collection agencies).
They should just change their names...
It just so happens that I share a first name, last name, and middle initial with a convicted felon. Debt collectors and private investigators can't tell from a phone listing that I'm not the same person.
At one point, my house would get several calls a week from debt collectors and private investigators. They would impersonate police officers, threaten legal action, etc...
It became really annoying. Finally, itcame down to this:
- I have a habit of answering the phone in a jovial manner, i.e., with phrases like, "Mort's morgue, you stab 'em, we slab 'em...." Generally speaking, I only get calls from close family, so everyone's in on the joke.
- But one time, I decided to answer "Dominoes Pizza, how may I help you..."
- And the reply was not whom I expected, but the voice of our least-favorite sheriff impersonator. Yes, it was the collection agency. But to my surprise, he played along:
- "Dominoes pizza, eh... I'd like a large pepperoni pizza.."
- Well, I continued to take his order, address, phone number and all. I thanked him and then hung up.
- Turns out, he was across the state in a major city. Still not a problem, though. I looked up the phone number for the local Dominoes, and relayed his order.
- Forty five minutes later, I got a call, "Very funny, wise guy..."
- To which I replied, "Dominoes pizza, may I take your order?"
That was the last time he called.The society for a thought-free internet welcomes you.
try wildgate.com -
sign up for an account and you have the choice in your prefs on what outgoing ID you want...
cost $5.00 or so.
been around for years now.
I guess you've never been in the situation where some faceless company decided you owed them money for no reason.
.. but I can't tell everyone in the office to switch to webmail. I also had no interest in going around and reconfiguring everyone's mail client to use a non-standard port (my router at the time didn't have the capability to do that itself).
Bell Canada decided our office owed them money. We had a DSL account with them for about two years. One day, all of a sudden, I could no longer connect to port 25. Called them up, and asked. First guy said "No, we haven't made any changes at all. must be your end". Looked around some more, found I was definately being blocked. Called back, and this guy told me that they had noticed one of their connection racks hadn't been blocking port 25, so they "fixed it". Fine, whatever, created a dns alias for the network to send our smtp mail to their smtp server.
This was fine for a month or so, but then it would randomly die.. their SMTP server just stopped working intermittently, for an hour or so. About the third time it happened (and this time it lasted a few hours, beyond the point of being a major annoyance, where it was hindering the business), and I was actually in the office this time, I called them to see what was going on. The tech told me that they were getting hammered by viruses sending spam, and that it would go away eventually. "Eventually" does not work for business.
So I asked them to unblock port 25 for me (since it's virus free), even if to only my own properly configured mail server, so I could send email. He told me they can't. So I asked how I was supposed to be able to send email, to which he replied that their webmail was working. Yeah, that's great, I have webmail too
So I called up another ISP, and asked them when they could have DSL in.. they said 5 days, which just happened to correspond with my billing period with Bell. So I called bell back, and told them to cancel the account.
Here's where it got real fun. They said ok, we can cancel, but you will still owe us $300 or something for terminating the contract early. Contract? I looked at our bills.. initially, we had signed on with a one-year contract, but all of our bills after that just said "monthly recurring charge" with absolutely no mention of a yearly contract. The month where it would have renewed was no different from any of the rest of them.
So we pointed this out, and they said that regardless of what the bills said, we were on a year contract still. So we asked them to fax the contract to us. "Uh.. we don't have it". Well, we didn't have this supposed contract either.. most people at this point would assume with no contract anywhere, that there was no contract. Well, next they told us it was a "verbal contract" to renew, but couldn't tell us who exactly made this contract (only me and the owner would be authorized to do that, and being the IT person, I'm the only one who actually would have done it), nor produce a recording of it or anything. So at this point we said, well, no contract, come get your modem, we're done.
A few months later, we got a notice in the mail from bell saying we owed them $500 or something now, for an outstanding balance plus interest plus late fees etc. Called them up to clairify this, and again went through the same stupid banter, with the same conclusion. That was about a year ago, and we haven't heard anything else from them since. Maybe they'll decide to sue us or something, I don't know. But taking us to court over a "verbal contract" without knowing who exactly made it or anyone at our company who's authorized having any recollection of it seems a bit flakey to me.
Since that happened, I've learned a few other people have been burnt by them as well. The trick is, they'll never take you to a collection agency. They have their own internal collections, and they'll get it through their subsidary companies. Ie, If you owe money (or they think you do) on a Sympatico internet
Speak before you think
Yes, the laws being referred to are federal. Some states add even more restrictions to them, but those are basic rights. I no longer do, but I have worked in collection recently as an extra job. I also have helped a friend find the appropriate information to stop a big cell phone company from illegally harassing him. I won't say which one, but they sold the "debt" to an outside agency that was causing the problems.
There is the Fair Debt Collection Act which covers most of these rules, such as you can only contact a debtor once every 7 days. You can call several times a day talking to others in the household/place of employment every day until you do reach the debtor, but once you do, no more calls for 7 days.
If requested IN WRITING not to call any more, you have to honor it. Some agencies honor requests over the phone, but they are not required to. You can also ask not to be contacted by them AT ALL. Like another person already said, this does not stop court summonses or legal proceeding.
A debt collection company must act honestly. They must identify themselves when asked, and up front in some states. They can not give false information in attempt to recover the debt. I assume CallerID falls under this rule here.
A debt collector is required to give you a payment option that does not cost you to use. They can't require you to use Western Union if you have to pay the associated fee. The only "fee" they can legally ask you to pay in order to make a payment is a first class stamp in order to mail a payment in. Now, this doesn't mean if the payment is due tomorrow and you mail it in that you will be protected from the $40 late fee. It is still your responsibility to make your payment by whatever day it is required. They simply have to accept the payment when it gets there. If you CHOOSE to use Western Union to make sure the payment is recieved by the due date, that is your choice to pay the fee.
Another misconception people have is with attorneys. If I call you, and you tell me your attorney is handling the matter, I can no longer call you. However, if I call the attorney and they are not handling the matter (no retainer paid is one reson) then calls are back on your shoulders. If you honestly have an attorney handling your debt, then say so. But if not, it will not help you as you will get a call back the next day attempting to collect again.
Debt reduction services are another major gotchya. Many of them say to referr all debt collection to them. Problem is they are not attorneys, and creditors are not required, and in many cases are not allowed to by law, discuss the debt with them. Many advise not to pay until the reduction plan goes into effect. This is about the worst thing you can do, because it only damages your credit further. If you can, make even partial payments. If you are 4 months behind, at least make 1 month's payment to keep it from going to 5 months. Your credit will thank you. Another problem with debt reduction is some of them are not true Consumer Credit Counseling Services, they are simply settlement agencies. They collect your "monthly payment" until it reaches a certain sum, then offer to pay Credit Card X 50% of the debt in one lump sum. Sure it generally stops the collection, but it also marks your credit "Paid in full for less than the amount owed." Down goes your credit score even further.
And the best advice I can give is just be honest. If you can't pay the bill that week, just tell them. For example, telling them you are going to take a payment down to the department store tomorrow when you have no intention of it will only cause you to get a call back the next day when that payment doesn't show. And yes, that does allow them to call back sooner than the 7 day limit. Keep in mind once they talk to you, especially if you don't offer a payment in the meantime, they can't call you again for 7 days. Plenty of time to get a letter mailed to them to request no more calls at all.
Feel free to contac