Slashdot Mirror


Caller ID Spoofing Firm Gets Death Threats

Frankie70 writes "Three days after the startup company Star38 began offering a service that fools Caller ID systems, the founder, Jason Jepson, has decided to sell the business. Jepson said he had received harassing e-mail and phone messages and even a death threat taped to his front door -- all of which he said came from people opposed to his publicizing a commercial version of technology that until now has been mainly used by software programmers and the computer hackers' underground. Details in the Houston Chronicle. Earlier ZDnet article about the service."

12 of 426 comments (clear)

  1. Good ridance by Nos. · · Score: 5, Insightful

    Death threats may be going a bit far, but I don't really see a "legitmate" reason for a service like this. Telemarketers and debt collection agencies can NOT use services like this (at least where I am) and I really don't see a legitimate use for a service like this. I just wish it would be cancelled not sold to some other company.

    1. Re:Good ridance by ResidntGeek · · Score: 5, Insightful

      It'll make the phone companies fix the problems with their systems. People shouldn't be able to do this, and nobody will be happy about it, so the phone companies will be pressured to fix it.

      --
      ResidntGeek
    2. Re:Good ridance by Lord+Kano · · Score: 4, Insightful

      Getting rid of that ability is endangering victims and making life a lot harder for law enforcement agencies. That is a far more substantial argument than that of a marketing tool.

      Life is supposed to be hard for law enforcement. Federal agents complaining that they don't have the tools that they need to do their jobs is BS; pandering at its worst.

      Those agencies who need to hide their numbers already can do that, with no new help.

      No, they can block their Caller ID information, they can't replace it on the fly.

      Introducing this service would give that power to everyone, which (as I've pointed out before) can only harm.

      So in your worldview, power should be kept for the select few and you get to select those few.

      I am not buying it.

      LK

      --
      "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
    3. Re:Good ridance by xigxag · · Score: 5, Insightful

      This was exactly on my mind when my bank called me the other day. They left a message on my machine to question some unusual charges that had been made, and said to call them back.

      Caller ID identified them as my actual bank.

      When I called, the rep asked me for my card number and my mom's maiden name to verify. I gave them the information, but how do I know for sure that I wasn't just pwned?

      More generally, how is one ever supposed to tell in the future that one is not the victim of a phish? The Star38 guy said he was likely scammed himself, and you'd think he'd know better.

      In my particular case, the way I handled it was to initially give the "wrong" maiden name...then the rep said, "that's not what we have on record." At that point I knew she was legit, but one can potentially see this escalating to Frank Herbert-like levels of feints within feints, with the pro more likely to be one step ahead of the mark.

      --
      There are two kinds of people: 1) those who start arrays with one and 1) those who start them with zero.
    4. Re:Good ridance by treke · · Score: 4, Insightful

      Fine here's a use. Take for example a small company that operates out of the employees homes. Calls are made from from personal phones, cell phones, wherever. There is one phone number that is designated as the incoming number for the company. You fake caller ID on all calls to display the main number of the caller so that you only receive a call at the main location and your customers do not end up getting someones personal answering machine when they try to return a missed call.

      Using caller id to identify callers is a losing proposition, there are other technologies in place that do not involve trusting the information the caller gives you. Try calling 911, they already happily disregard the information caller id distributes.

  2. Easy to trace by usefool · · Score: 5, Insightful

    If it's a death threat, police should be involved and trace the originators. Email and phone calls should be easy enough to trace if there's serious crime associated with them.

    And if the phone threat's caller ID is spoofed, well, at least the threats are directly supporting the spoofing service.

    --
    Uselessful technology (Air-Charged
  3. Bullshit Detector by Anonymous Coward · · Score: 5, Insightful

    *beep* *beep* BULLSHIT ALERT *beep* *beep*

    The entire premise behind this "service" seems to be: fraud. I can think of no legitimate uses for it.

    And now, the creator of the service is looking to sell out? If it's a dangerous life, why not just shut down? Obviously, he's looking for a quick buck, at the expense of the rest of us (and whatever shady organization snaps this up). ...and this is just more free advertising.

  4. It isn't as though he developed the technique. by Scoria · · Score: 4, Insightful

    Anybody can generate fictitious Caller ID information. Instead of attributing the blame to Jepson, who merely developed a convenient method by which to do so, perhaps we should blame the telephone companies. They developed the insecure technology, after all, and appear unwilling to mitigate the problem(s).

    --
    Do you like German cars?
  5. It should be all or none by egburr · · Score: 5, Insightful
    Either anyone should be allowed to spoof their ID, in which case caller ID becomes worthless, or nobody should be allowed to do it. Some types of companies are prohibited by law from spoofing their ID, and for good reason. The phone companies should implement a technological means of prevention for this, and not allow anyone at all to do it.

    Caller's should be allowed to block or reveal their ID, but not spoof it. Receivers should be able to accept or reject calls with a blocked ID.

    I've had more than enough calls from "0" which were not from the operator. I've had plenty of calls from other numbers that are obviously false (not 7 or 10 digits). I've had plenty of calls from numbers that were "out of service" when I called them.

    If the phone companies are unable to prevent spoofing, the government should implement laws either to make spoofing illegal or to mandate an upgrade to the phone system to make it impossible.

    --

    Edward Burr
    Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
  6. Doctors responding to patients from home by PerpetualMotion · · Score: 4, Insightful

    After working at an answering service, I would page anywhere between 2-10 doctors a night with emergencys from hospitals or patients with sick babies, women worried about their pregnancys, adults having athsma problems, chipped/painful teeth, or other problems. Some that should go to the ER, some that could of waited till the next day, and others that just really just needed a call back. Doctors cannot give their home telephone number out. Most anyone who thinks they have a medical emergency thinks they should call direct instead of going through "channels." This means doctors use caller ID blockers.

    There would periodically be problems with doctors using caller ID blocks being unable to call people back who block those calls, leading to sometimes unimaginable frustration in the middle of a medical emergency. The first time I saw this service, I saw immediatly that it could and probally would be abused, but for doctors who got stuck in that situation, it would be invaluable.

  7. Caller ID should be secure by Anonymous+Writer · · Score: 4, Insightful

    I thought that caller ID was done through the phone company and people couldn't alter it. And I always thought it would be a great method for dial-up authentication and private networking. With caller ID, a computer recieving a data call could identify that the calling computer was physically located at a land line. This would be extremely useful for businesses to business transactions and banking. Having to rely on encryption while connecting through the internet just isn't as secure as a direct physically secured phone call.

    Sure, there could be legitimate uses; say for example that you have a call forwarding feature provided by the phone company and you are having calls to your number forwarded to a phone at your location. It would be useful to be able to have calls from that location display your caller ID if you need to return a call. However, that shouldn't be up to a company like this. It should be a feature connected with calling card billing; if you use your calling card from a remote location and it is being billed to your phone number, it should also display your caller ID. Connecting caller ID to billing would also work well for tax accounting. If you were making a phone call for business, you would want your business number caller ID to appear. And you would want the call to be billed to your business phone number as well, for tax purposes.

    The options for using this service legitimately don't compare to the possible illigitimate uses for it. This would be the next "spamming" type of business, making money out of putting others through misery. The fact that caller ID is called "caller ID" is so that it can work just like proper identification. Using a service like this to pretend you are someone else calling would be the equivalent of using a fake driver's license, even though it isn't percieved that way by the legal system yet.

  8. One good use... by NotAnotherReboot · · Score: 4, Insightful

    I can think of *one* good use for spoofing- calling cards. Why not have the company performing the calling card service to take the number you call them from and then spoof that when they make the call through their system?