Caller ID Spoofing Firm Gets Death Threats
Frankie70 writes "Three days after the startup company Star38 began offering a service that fools Caller ID systems, the founder, Jason Jepson, has decided to sell the business. Jepson said he had received harassing e-mail and phone messages and even a death threat taped to his front door -- all of which he said came from people opposed to his publicizing a commercial version of technology that until now has been mainly used by software programmers and the computer hackers' underground. Details in the Houston Chronicle. Earlier ZDnet article about the service."
What a bitch. If this happened more often, we wouldn't have companies like SCO and others going on with their obnoxious, socially reprehensible behavior in the name of shareholder value. Don't get me wrong, I'm a capitalist, but that doesn't mean that a company has the right to shit all over everybody. We're all part of something called society, and we have laws and social norms that you must obey, and unfortunately sometimes the law doesn't completely reflect the reality of socially acceptable behavior. Just because it's legal or technically possible doesn't mean the people should bend over and accept it.
From the houston chronicle:
"The backlash against Star38 is the type of friction that can arise between for-profit software companies and hackers who resent the commercialization of technology they believe should remain free."
I really want to know if the majority of threats were from people who wanted the services to be free or if they were from people who decided that they didn't like the service at all! I fall into the second category and I'll bet everyone else does too!
[snip]
The backlash against Star38 is the type of friction that can arise between for-profit software companies and hackers who resent the commercialization of technology they believe should remain free.
"In most countercultures, there is an aspect of selling out," said Caleb Sima, co-founder of Spi Dynamics, an online security company. "People who make money off technology are deemed to have sold out. Anyone who has a unique idea and is making money is going to get badgered."
[/snip]
No, I think it's that people don't like it when people use technology for slimy things, and want to get paid for the slimy things [pr0n aside]. I have no problems with Asterisk...I use it in my house, and have openly recommended it to some 'phone guy' co workers that like messing around with routing and stuff at home.
I know that caller ID can't be trusted...but that's only the first step in the puzzle. You've already got call ID block Block on your phones...so telemarketers decided to start putting 800 numbers and things like 555-555-5555 in as numbers on their outgoing CallerID.
I'm sure some people were upset. Legally, [IANAL], I think they could be on some shady ground, especially, if they're trying to represent someone else, when they're attempting to collect a debt.
I disable sigs...do you?
The article seems to suggest that hackers angry at the founder "selling out" were threatening him. Really? The guy lives in a gated community and a person managed to stick a note on his door and escaped unnoticed? I don't think so.
The guy might have just created this to get a good reason to sell the business. "Oh, it's so popular that people are trying to kill me. I'm not cashing out because, uh, the business might be illegal, etc."
A NYC lawyer blogs. http://www.chuangblog.com/
ok this got baried on the last post so here it is again ---- to fake the id on any cell phone what you need is the code to programe the phone (not the unlock code) 1) how to get the code: Call your cell phone provider and tell theam your phone is acting up and it gives you some message saying it cant authenticate on the network. The before they start in trouble shooting it aske theam if you can reprogram the phone. Now watch out some companies like verizon use over the air *228 to program the phone and cingular send updates through the air as well. So how do you get the code easy tell theam you'r not getting a good signel and that you want to manualy program the phone. The will walk you through manually programing the phone. Here it comes write down the code they give you and irnore the rest. Your phone already works so all you need is the code. Now thet you have it all you need to do is use it and the first thing any phone asks you after entering the code is what phone number you want. So change it to what ever you want I like (555)555-5555 then save the rest -Dont change anything else or your phone wont work on the network -- now why does this work well cell phones use E.S.N. and authentication keys when billing not the phone number but there caller id only uses the number that is programed into the phone so enjoy this and yes i'm a coward i didnt want to log in as my self to post this so dont aks me anymore ? about this --- and I dont believe this workes for nextel. tata
The telecos here don't let you "spoof" caller-id even if you have a legitimate reason(for example, the number you are "spoofing" is actually the number of the person really calling, over IP), let alone if you wanted to sell a service to allow customers to deceive people.
X-Has-Sig: yes
Anyone know how this is done? I can understand how to fake your cid number, but how can you fake CNAM? If I faked my number to a real friends number the terminationg switch would do a CNAM dip and display his number. How could I change the text of the name?
> Nathan Stratton nathan at robotics.net http://www.robotics.net
The only use of it is deception. It can only do harm - there are no legitimate uses for it.
If you really want to freak people out pretending to be god, just change your name by deed poll ;)
Jason Jepson seems a little paranoid. Sometimes you have to take the heat to make some $$$. Controversial topics are usually pretty lucrative. It definately stirs up the interest in a product. While I personally wouldn't want to be caller-id spoofed, I think he should give the idea a chance. Like another poster pointed out, the companies will soon wise up and prevent the caller-id spoofing. Until then, try to make a few bucks.
--
Live deals all the time. Check out the latest in deal processing.
Hackers are never the problem.
Easily exploitable vulnerabilities in a system are.
I don't really agree. It sounds more like a black-hat justification than a real analysis.
In an "ideal" world, we wouldn't need locks on our doors or passwords on our computers, because people wouldn't be trying to steal from us or cheat us. There are actually still a lot of communities where the crime rate is low enough that locks aren't used most of the time. We never locked our house when I was growing up. It's a nice way to live, not worrying about other people being dishonest to the point that you get hurt. The small percentage of people who just can't be bothered to play by the rules end up hurting everyone else. The hackers are the problem.
Now, admittedly, we live in the real world. In most areas, including on the Internet, you can't trust your neighbors anymore because there are too many of them. That means we use locks and firewalls. They will never be perfect, anyone qualified can tell you that it's always a compromise between security and usefulness. Everyone, and every new technology, has to pick their compromise and hope it works out. If they're lucky, the attack rate will be low enough that it doesn't cause too much damage. If not, or if they make mistakes and end up with a worse compromise than they thought they had (nobody's perfect), then the technology becomes a liability. In that case, easily exploitable vulnerabilities are also the problem.
To make up for the fact that no system or technology is perfect, we have laws that try to prevent people from destroying everything that anyone builds simply because they can. If people exploited every weakness of every system, society would fall apart. (Or at the very least it would look like one of the future distopias in sci-fi.) That's why we jail hackers. Not to try to pretend that network security, but to add an extra level to it. Violate my security protocols, and you are going to find yourself on the receiving end of my criminal justice system. It's a lot of work for an unpleasant reward, so maybe less people will do it.
In this case, I don't see a legitimate reason for the spoofing. They have gone to the trouble of giving you an easy choice to provide your ID or not to. You can default either way, and switch per-call easily. With a few exceptions (giving the main office number instead of your private extension), there's really no reason to give a false ID. If it was just the hackers doing the spoofing, the rate would be low enough that the technology would still be useful. If anyone and everyone can send whatever ID they want, then the technology is likely to be abused to the point where it is useless. Then millions in investments go down the tubes and millions of people lose a useful service, not because it was dangerous or harmful or anything, but because it wasn't perfect and someone decided to destroy it for personal pleasure and profit.
I don't condone the death threats, but I wouldn't turn in the person if I knew who it was.
> I can think of no legitimate uses for it.
I'll play devil's advocate. People say the same thing about anonymous remailers, proxies, etc. I understand there's a difference between spoof and anonymous but lets see:
Civil Disobedience.
Bond/Repo Men/Private investigators.
Complaing to people in power without revealing identity or giving off the "CALLER ID BLOCKED" message.
Getting around hairy social or legal situations in an ethical manner. Remember, legal does not equal correct. Illegal does not equal incorrect.
Road warriors "spoofing" their work phone numbers and not their cell numbers.
and of course the #1 reason:
Teenage girls calling boys they like, giggling, and hanging up.
I'm more sympathetic to the people involved than I am to the collection agencies. Almost all bills are well-documented transactions. Contracts get signed, services/products delivered, etc. Collection agencies can use the legal process if they want their money back. However, it's cheaper to hire someone to make threatening phone calls. Basically, these threats are a form of least-cost production. They want the money as soon and as fast as possible.
"God is a comedian playing to an audience too afraid to laugh." -Voltaire
yeah, one of the things they "can't" do is claim to be anything other than a collection agency. In fact they are generally required by law to announce that they are a collection agency - which they frequently don't do.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I thought the philosophy about grey-area technology around here was that you don't blame the technology - you blame the user. I guess that's only the case when it doesn't inconvienence us. A large amount of P2P transfers are illegal (or at the very least grey-area), but nobody blames P2P. So a large amount of Caller ID spoofing will be illegal or grey-area, and everyone blames the technology? Whatever.
Frankly, I think bill collectors already do MUCH more calling than is necessary to "get the money that is owed to them". The problem is not that they can't make initial communications, or remind people they still have an outstanding balance.
That's already accomplished much more effectively with the "past due" notices and "collection activity is being taken" notices they mail out on a regular basis.
Bill collectors really just use phone calls as a means of harassment, to wear down someone - hopefully to the point where they'll just pay the bill rather than being interrupted constantly by the ringing phone.
As just one example, my ex-wife ran up a bunch of bills on my Discover card right before she moved out. Even though I had the card itself in my possession the whole time )and her name was never on it as a co-signer), she used some old "cash advance checks" to get thousands of dollars for herself.
I alerted them as soon as I realized what happened, but they still claim I'm responsible for the charges. I tore up my card and refuse to pay (largely because there's no way I CAN pay!). They called both my home and my workplace about 6 times per day, on average - and on weekends, call several times, starting at about 8AM, again around 10AM and again around lunchtime. I finally just changed my home number to an unpublished number, but they still call my work as regularly as ever.
Lucky for me, my boss is pretty understanding about the situation... but any fool should know that if you're trying to collect money, you don't take steps that could get the person fired from their job as part of your efforts!
I'd love to pay them
I completely agree. If the corporate world really wanted us to pay our debts back, they'd offer jobs and raise our wages.
Funny... the IRS reports that the average American wage _DECREASED_ 10% from '00-'02. That's making it pretty darn difficult to pay back those debts.
Oh, and it's not a conspiracy, because we all know that politicians and CEOs have taken similar pay cuts and have decided to forego their yearly million dollar bonuses. HAR HAR.
+++ATHZ 99:5:80
Ever since I misdialed a number, relized it was the wrong number and hung up.
Couple minutes later I got a call with some ass screaming at me, so I hung up. And then again, and again. That jackass kept calling me. Finally, I changed my number.
Then there was the time I called someone on a business matter. Sometime later her husband came home, saw my unmber on there caller ID, called me up and kept trying to get me to admit I was sleeping with his wife.
Gah, I hate caller ID.
The Kruger Dunning explains most post on