Slashdot Mirror
Caller ID Spoofing Firm Gets Death Threats
Frankie70 writes "Three days after the startup company Star38 began offering a service that fools Caller ID systems, the founder, Jason Jepson, has decided to sell the business. Jepson said he had received harassing e-mail and phone messages and even a death threat taped to his front door -- all of which he said came from people opposed to his publicizing a commercial version of technology that until now has been mainly used by software programmers and the computer hackers' underground. Details in the Houston Chronicle. Earlier ZDnet article about the service."
Death threats may be going a bit far, but I don't really see a "legitmate" reason for a service like this. Telemarketers and debt collection agencies can NOT use services like this (at least where I am) and I really don't see a legitimate use for a service like this. I just wish it would be cancelled not sold to some other company.
If it's a death threat, police should be involved and trace the originators. Email and phone calls should be easy enough to trace if there's serious crime associated with them.
And if the phone threat's caller ID is spoofed, well, at least the threats are directly supporting the spoofing service.
Uselessful technology (Air-Charged
*beep* *beep* BULLSHIT ALERT *beep* *beep*
...and this is just more free advertising.
The entire premise behind this "service" seems to be: fraud. I can think of no legitimate uses for it.
And now, the creator of the service is looking to sell out? If it's a dangerous life, why not just shut down? Obviously, he's looking for a quick buck, at the expense of the rest of us (and whatever shady organization snaps this up).
Perhaps it is dishonest for a bill collector to use someone else's phone number on a caller ID, but how else can the collectors get the money that is owed to them. In a sense, though, it is more dishonest for the people avoiding the bills to ignore any notice given to them. Can anyone come up with a less contraversial method of formally notifying debtors of their responsibilities?
Anybody can generate fictitious Caller ID information. Instead of attributing the blame to Jepson, who merely developed a convenient method by which to do so, perhaps we should blame the telephone companies. They developed the insecure technology, after all, and appear unwilling to mitigate the problem(s).
Do you like German cars?
If you feel that way, then feel free to ignore the service, calmly argue against it or *gasp* find a way to make it not work. Sending death threats just makes you look like a little kid who thinks hes tough (e-thug).
There are plenty of adult ways to handle a situation like this. Those choosing to voice their concerns through death threats just make the rest of you look worse to the point where nobody takes you serious. (Its similar to the whole immature linux fan-boy or any fan-boy in general thing. You make people not want to associate with your side even if you are right.)
no morals = acceptable
corruption = good
greed = good
sharing = bad
war = peace
can spam = more spam
safer world = more terrorism
anti american = opposing views
safer = less liberty
I remember from the whole debate a few years ago about phone company services that would reject blocked numbers that there were some professions such as social worker and public defender that made a case for hiding their home and personal cell phone numbers. A legitimate use in this case would have the spoofed number appear as their government office number, rather than their home phone.
Caller's should be allowed to block or reveal their ID, but not spoof it. Receivers should be able to accept or reject calls with a blocked ID.
I've had more than enough calls from "0" which were not from the operator. I've had plenty of calls from other numbers that are obviously false (not 7 or 10 digits). I've had plenty of calls from numbers that were "out of service" when I called them.
If the phone companies are unable to prevent spoofing, the government should implement laws either to make spoofing illegal or to mandate an upgrade to the phone system to make it impossible.
Edward Burr
Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
On the one hand, that sounds pretty awful. But on the other hand, they're up against people who are probably often quite willing to go to even greater lengths, probably into outright criminal behavior, to avoid paying their debts. The previous story about Star38 had a lot of informative posts about the legal limits on the actions of collection agencies; they are limits to what they can do and they're lower than you seem to think.
After working at an answering service, I would page anywhere between 2-10 doctors a night with emergencys from hospitals or patients with sick babies, women worried about their pregnancys, adults having athsma problems, chipped/painful teeth, or other problems. Some that should go to the ER, some that could of waited till the next day, and others that just really just needed a call back. Doctors cannot give their home telephone number out. Most anyone who thinks they have a medical emergency thinks they should call direct instead of going through "channels." This means doctors use caller ID blockers.
There would periodically be problems with doctors using caller ID blocks being unable to call people back who block those calls, leading to sometimes unimaginable frustration in the middle of a medical emergency. The first time I saw this service, I saw immediatly that it could and probally would be abused, but for doctors who got stuck in that situation, it would be invaluable.
I can't help but wonder is maybe somebody explained to him that his service is inherently illegal for collectio agencies to use, since lying is specifically illegal under the Fair Debt Collection Practices Act:
15 USC 1692e:
A debt collector may not use any false, deceptive, or misleading representation or means in connection with the collection of any debt.
I thought that caller ID was done through the phone company and people couldn't alter it. And I always thought it would be a great method for dial-up authentication and private networking. With caller ID, a computer recieving a data call could identify that the calling computer was physically located at a land line. This would be extremely useful for businesses to business transactions and banking. Having to rely on encryption while connecting through the internet just isn't as secure as a direct physically secured phone call.
Sure, there could be legitimate uses; say for example that you have a call forwarding feature provided by the phone company and you are having calls to your number forwarded to a phone at your location. It would be useful to be able to have calls from that location display your caller ID if you need to return a call. However, that shouldn't be up to a company like this. It should be a feature connected with calling card billing; if you use your calling card from a remote location and it is being billed to your phone number, it should also display your caller ID. Connecting caller ID to billing would also work well for tax accounting. If you were making a phone call for business, you would want your business number caller ID to appear. And you would want the call to be billed to your business phone number as well, for tax purposes.
The options for using this service legitimately don't compare to the possible illigitimate uses for it. This would be the next "spamming" type of business, making money out of putting others through misery. The fact that caller ID is called "caller ID" is so that it can work just like proper identification. Using a service like this to pretend you are someone else calling would be the equivalent of using a fake driver's license, even though it isn't percieved that way by the legal system yet.
I can think of *one* good use for spoofing- calling cards. Why not have the company performing the calling card service to take the number you call them from and then spoof that when they make the call through their system?
what they did was a criminal offense and you should report them to the feds. they can get fined under the FDPCA.
I will be remembering how funny /.'ers found this the next time somebody offers a software or hardware product which offends someone somewhere but has many legitimate uses. I don't have much sympathy for bill collectors as a whole but as someone who has on occasion had people not pay me (even though they have the money to pay) and simply ignore my attempts to get the money I understand how frustrating it is especially to small businesses. We don't want to get nasty about it but the system of annoying bill collectors calling you is far better than the one it replaced. Namely, bill collectors breaking your legs and stealing your stuff or getting you sent to debtor's prison.
I have been on both ends of the collections game and after just a month of this I can see why companies try to distance themselves from the nasty side of it and hire professional assholes to do the job
Can you think of any existing laws that would apply to enable prosecution of caller ID spoofing that would be criminal, rather than civil suits?
Fraud.
If there is no fraud, there is no crime.
It's odd that you mention file sharing because current criminal copyright law applies to people who are trafficing in illegal music and software, no new laws are needed in that arena either.
It's the same principle, the technology has the potential to be used for nefarious purposes, and those things are ALREADY illegal. It's idiotic to make one thing illegal because it could be used to do something else that is illegal.
Alcohol can be used to drive drunk. Guns can be used to commit murder. Rat poison could be used to commit murder. They all have the capability to be used for an illegal purpose and only an idiot would advocate making them illegal because of those possible uses.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
The article says they don't know who the threats come from, then they say it's from hackers. Without
evidence.
More likely, from somebody with more to lose: the phone companies. If people realise the caller id is spoofable, they wont buy the service. A hugh loss for the phone companies of easy money.
I for one didn't know it is so easily spoofed. I'll never buy it.
This guy is doing nothing different than what wallstreet does every day. Take advantage of stupid people. This is just another social engineer attempt to create FUD and exploit the unknowing. IT is called BUsiness. Just because it it some what technical everyone that thinks they are such experients in everything have 2cents to through in. There is nothing exciting here move along.
IPO tactics at work here
Huge difference between what shows up on your Caller id box and what actual ani switch records show.
Altering CID info only affects someone that actually uses a CID display box or service. Comparable to email spoofing it may make the unknowing look and say wow i got a call from the President but the rest would realize it was a joke.
If you simply were to change the cid display information a *69 call return would not route a call to the fake cid number that was displayed.
This does not pertain to such situations for example, holes in IXC's access lines that allow you to access switch tone and enter in valid customer numbers of their's that are loaded in the switch. This would in turn display the cid information for the customer number as the switch would think you are the true customer and dip the records for that customer.
You are still not invisible as a switch record shows your true ani that dialed into the Loop and then out.
You can only fool the fools, so do not depend on always being successful
Just disable it. You can do this with a single call to the phone company. Sending false information is lame.
By knowing my bank's phone number. If they leave me a message, I just call them back at their main 800 number. Not because I'm paranoid, simply because I have it memorized. It also, however, prevents any of this from happening.
Same thing with e-mail scams for eBay and the like. If I see something that looks like it's actually from a site I use, I'll go log in to my acocunt as normal. It will then get my attention, if they want it. Again more due to laziness since I use pine over SSH and thus cannot click links.
Not only is ignoring debt collectors stupid, it's also a superb way to fuck up your credit. Once a bank goes into collections mode, they've already reported your delinquancy to the credit angencies. If she was not a co-signer or an authorized user you are not responsible for the charges, so long as you file a fraud claim within a reasonable amount of time. This would require you to sign an affadavit and your wife would be investigated and probably brought up on charges for fraud. If you weren't willing to do that, then yeah, you are legally responsible for the charges. Otherwise, you could take her to small claims court or something, and well....I don't know you're the schmuck that married her..good luck
I didn't say I'd support declaring them illegal. I said I expect them to be declared illegal...much like redboxes, firecrackers, and radar detectors (in many states).
Joke disguises are most often used as just that- joke disguises-which is a legitimate reason to own one. The worst you can do with most of the things you find in joke shops is stink up a room or soak someone. Basically, you can embarrass someone.
With a caller ID-spoofer, you can get someone arrested. "They make for great practical jokes" isn't likely to hold up in a lawmaker's eyes.
Of course, law enforcement will probably be given free rein to use them at their discretion.