Caller ID Spoofing Firm Gets Death Threats
Frankie70 writes "Three days after the startup company Star38 began offering a service that fools Caller ID systems, the founder, Jason Jepson, has decided to sell the business. Jepson said he had received harassing e-mail and phone messages and even a death threat taped to his front door -- all of which he said came from people opposed to his publicizing a commercial version of technology that until now has been mainly used by software programmers and the computer hackers' underground. Details in the Houston Chronicle. Earlier ZDnet article about the service."
From the houston chronicle:
"The backlash against Star38 is the type of friction that can arise between for-profit software companies and hackers who resent the commercialization of technology they believe should remain free."
I really want to know if the majority of threats were from people who wanted the services to be free or if they were from people who decided that they didn't like the service at all! I fall into the second category and I'll bet everyone else does too!
[snip]
The backlash against Star38 is the type of friction that can arise between for-profit software companies and hackers who resent the commercialization of technology they believe should remain free.
"In most countercultures, there is an aspect of selling out," said Caleb Sima, co-founder of Spi Dynamics, an online security company. "People who make money off technology are deemed to have sold out. Anyone who has a unique idea and is making money is going to get badgered."
[/snip]
No, I think it's that people don't like it when people use technology for slimy things, and want to get paid for the slimy things [pr0n aside]. I have no problems with Asterisk...I use it in my house, and have openly recommended it to some 'phone guy' co workers that like messing around with routing and stuff at home.
I know that caller ID can't be trusted...but that's only the first step in the puzzle. You've already got call ID block Block on your phones...so telemarketers decided to start putting 800 numbers and things like 555-555-5555 in as numbers on their outgoing CallerID.
I'm sure some people were upset. Legally, [IANAL], I think they could be on some shady ground, especially, if they're trying to represent someone else, when they're attempting to collect a debt.
I disable sigs...do you?
The article seems to suggest that hackers angry at the founder "selling out" were threatening him. Really? The guy lives in a gated community and a person managed to stick a note on his door and escaped unnoticed? I don't think so.
The guy might have just created this to get a good reason to sell the business. "Oh, it's so popular that people are trying to kill me. I'm not cashing out because, uh, the business might be illegal, etc."
A NYC lawyer blogs. http://www.chuangblog.com/
I was going to do some modding here today but I'll forego that for some good advice:
don't do this.
Years ago I got a cel phone at the same time as a friend of mine. Back in those days, the codes came with the phones if you read all the literature. I found my way into the programming area and, among other things, managed to permanently screw up my low battery shutdown point. I was able to change my number to a friend's number, and answer his phone calls.
When I mentioned this to my service provider, they said "you must not have done it very many times..." The reason was, when they get five (5) incorrect ESN/Phone Number match-ups, they deactivate your phone by it's ESN, and then you have to take it back to them to get it turned back on. So just don't. (and no, you can't change your ESN... at least not unless you own a specific model of Motorola phone for which Motorola got fined heavily by the FCC for producing it in that modifyable way)
I work for the Department of Redundancy Department.
The only use of it is deception. It can only do harm - there are no legitimate uses for it.
If you really want to freak people out pretending to be god, just change your name by deed poll ;)
Jason Jepson seems a little paranoid. Sometimes you have to take the heat to make some $$$. Controversial topics are usually pretty lucrative. It definately stirs up the interest in a product. While I personally wouldn't want to be caller-id spoofed, I think he should give the idea a chance. Like another poster pointed out, the companies will soon wise up and prevent the caller-id spoofing. Until then, try to make a few bucks.
--
Live deals all the time. Check out the latest in deal processing.
Hackers are never the problem.
Easily exploitable vulnerabilities in a system are.
I don't really agree. It sounds more like a black-hat justification than a real analysis.
In an "ideal" world, we wouldn't need locks on our doors or passwords on our computers, because people wouldn't be trying to steal from us or cheat us. There are actually still a lot of communities where the crime rate is low enough that locks aren't used most of the time. We never locked our house when I was growing up. It's a nice way to live, not worrying about other people being dishonest to the point that you get hurt. The small percentage of people who just can't be bothered to play by the rules end up hurting everyone else. The hackers are the problem.
Now, admittedly, we live in the real world. In most areas, including on the Internet, you can't trust your neighbors anymore because there are too many of them. That means we use locks and firewalls. They will never be perfect, anyone qualified can tell you that it's always a compromise between security and usefulness. Everyone, and every new technology, has to pick their compromise and hope it works out. If they're lucky, the attack rate will be low enough that it doesn't cause too much damage. If not, or if they make mistakes and end up with a worse compromise than they thought they had (nobody's perfect), then the technology becomes a liability. In that case, easily exploitable vulnerabilities are also the problem.
To make up for the fact that no system or technology is perfect, we have laws that try to prevent people from destroying everything that anyone builds simply because they can. If people exploited every weakness of every system, society would fall apart. (Or at the very least it would look like one of the future distopias in sci-fi.) That's why we jail hackers. Not to try to pretend that network security, but to add an extra level to it. Violate my security protocols, and you are going to find yourself on the receiving end of my criminal justice system. It's a lot of work for an unpleasant reward, so maybe less people will do it.
In this case, I don't see a legitimate reason for the spoofing. They have gone to the trouble of giving you an easy choice to provide your ID or not to. You can default either way, and switch per-call easily. With a few exceptions (giving the main office number instead of your private extension), there's really no reason to give a false ID. If it was just the hackers doing the spoofing, the rate would be low enough that the technology would still be useful. If anyone and everyone can send whatever ID they want, then the technology is likely to be abused to the point where it is useless. Then millions in investments go down the tubes and millions of people lose a useful service, not because it was dangerous or harmful or anything, but because it wasn't perfect and someone decided to destroy it for personal pleasure and profit.
I don't condone the death threats, but I wouldn't turn in the person if I knew who it was.
> I can think of no legitimate uses for it.
I'll play devil's advocate. People say the same thing about anonymous remailers, proxies, etc. I understand there's a difference between spoof and anonymous but lets see:
Civil Disobedience.
Bond/Repo Men/Private investigators.
Complaing to people in power without revealing identity or giving off the "CALLER ID BLOCKED" message.
Getting around hairy social or legal situations in an ethical manner. Remember, legal does not equal correct. Illegal does not equal incorrect.
Road warriors "spoofing" their work phone numbers and not their cell numbers.
and of course the #1 reason:
Teenage girls calling boys they like, giggling, and hanging up.
Ever since I misdialed a number, relized it was the wrong number and hung up.
Couple minutes later I got a call with some ass screaming at me, so I hung up. And then again, and again. That jackass kept calling me. Finally, I changed my number.
Then there was the time I called someone on a business matter. Sometime later her husband came home, saw my unmber on there caller ID, called me up and kept trying to get me to admit I was sleeping with his wife.
Gah, I hate caller ID.
The Kruger Dunning explains most post on