Slashdot Mirror
Caller ID Spoofing Firm Gets Death Threats
Frankie70 writes "Three days after the startup company Star38 began offering a service that fools Caller ID systems, the founder, Jason Jepson, has decided to sell the business. Jepson said he had received harassing e-mail and phone messages and even a death threat taped to his front door -- all of which he said came from people opposed to his publicizing a commercial version of technology that until now has been mainly used by software programmers and the computer hackers' underground. Details in the Houston Chronicle. Earlier ZDnet article about the service."
Attempts to trace the harassing calls failed due to their use of spoofed Caller ID information.
I didn't tape it to his door, I taped it to his mailbox.... ...NO WAIT! Ignore that last little bit....
"Music is everybody's possession. It's only publishers who think that people own it." - John Lennon.
Death threats may be going a bit far, but I don't really see a "legitmate" reason for a service like this. Telemarketers and debt collection agencies can NOT use services like this (at least where I am) and I really don't see a legitimate use for a service like this. I just wish it would be cancelled not sold to some other company.
If it's a death threat, police should be involved and trace the originators. Email and phone calls should be easy enough to trace if there's serious crime associated with them.
And if the phone threat's caller ID is spoofed, well, at least the threats are directly supporting the spoofing service.
Uselessful technology (Air-Charged
What a bitch. If this happened more often, we wouldn't have companies like SCO and others going on with their obnoxious, socially reprehensible behavior in the name of shareholder value. Don't get me wrong, I'm a capitalist, but that doesn't mean that a company has the right to shit all over everybody. We're all part of something called society, and we have laws and social norms that you must obey, and unfortunately sometimes the law doesn't completely reflect the reality of socially acceptable behavior. Just because it's legal or technically possible doesn't mean the people should bend over and accept it.
From the houston chronicle:
"The backlash against Star38 is the type of friction that can arise between for-profit software companies and hackers who resent the commercialization of technology they believe should remain free."
I really want to know if the majority of threats were from people who wanted the services to be free or if they were from people who decided that they didn't like the service at all! I fall into the second category and I'll bet everyone else does too!
*beep* *beep* BULLSHIT ALERT *beep* *beep*
...and this is just more free advertising.
The entire premise behind this "service" seems to be: fraud. I can think of no legitimate uses for it.
And now, the creator of the service is looking to sell out? If it's a dangerous life, why not just shut down? Obviously, he's looking for a quick buck, at the expense of the rest of us (and whatever shady organization snaps this up).
[snip]
The backlash against Star38 is the type of friction that can arise between for-profit software companies and hackers who resent the commercialization of technology they believe should remain free.
"In most countercultures, there is an aspect of selling out," said Caleb Sima, co-founder of Spi Dynamics, an online security company. "People who make money off technology are deemed to have sold out. Anyone who has a unique idea and is making money is going to get badgered."
[/snip]
No, I think it's that people don't like it when people use technology for slimy things, and want to get paid for the slimy things [pr0n aside]. I have no problems with Asterisk...I use it in my house, and have openly recommended it to some 'phone guy' co workers that like messing around with routing and stuff at home.
I know that caller ID can't be trusted...but that's only the first step in the puzzle. You've already got call ID block Block on your phones...so telemarketers decided to start putting 800 numbers and things like 555-555-5555 in as numbers on their outgoing CallerID.
I'm sure some people were upset. Legally, [IANAL], I think they could be on some shady ground, especially, if they're trying to represent someone else, when they're attempting to collect a debt.
I disable sigs...do you?
The article seems to suggest that hackers angry at the founder "selling out" were threatening him. Really? The guy lives in a gated community and a person managed to stick a note on his door and escaped unnoticed? I don't think so.
The guy might have just created this to get a good reason to sell the business. "Oh, it's so popular that people are trying to kill me. I'm not cashing out because, uh, the business might be illegal, etc."
A NYC lawyer blogs. http://www.chuangblog.com/
Anybody can generate fictitious Caller ID information. Instead of attributing the blame to Jepson, who merely developed a convenient method by which to do so, perhaps we should blame the telephone companies. They developed the insecure technology, after all, and appear unwilling to mitigate the problem(s).
Do you like German cars?
ok this got baried on the last post so here it is again ---- to fake the id on any cell phone what you need is the code to programe the phone (not the unlock code) 1) how to get the code: Call your cell phone provider and tell theam your phone is acting up and it gives you some message saying it cant authenticate on the network. The before they start in trouble shooting it aske theam if you can reprogram the phone. Now watch out some companies like verizon use over the air *228 to program the phone and cingular send updates through the air as well. So how do you get the code easy tell theam you'r not getting a good signel and that you want to manualy program the phone. The will walk you through manually programing the phone. Here it comes write down the code they give you and irnore the rest. Your phone already works so all you need is the code. Now thet you have it all you need to do is use it and the first thing any phone asks you after entering the code is what phone number you want. So change it to what ever you want I like (555)555-5555 then save the rest -Dont change anything else or your phone wont work on the network -- now why does this work well cell phones use E.S.N. and authentication keys when billing not the phone number but there caller id only uses the number that is programed into the phone so enjoy this and yes i'm a coward i didnt want to log in as my self to post this so dont aks me anymore ? about this --- and I dont believe this workes for nextel. tata
I've never been the target of one myself, but I used to always wonder why bankruptcy lawyer commercials always said stuff like "Stop creditor harassment."
I always thought, "Well honestly, if you're not going to pay your bills, then you should expect people to ask you for the money."
Nope. Its harassment. Its actually frightening stuff. I first started learning about this when I received an odd message on my answering machine. It was from someone from "Kansas City" who said that she was despirately trying to get in contact with my neighbor, and that she had called the police and they had said I was a neighbor, and could I PLEASE tape a note to their door giving them her number."
Well, it sounded fishy, so I called the number myself late at night after hours. The answering message didn't say where I had called, but I waited and found it was a collection agency.
Basically, they lied to ME, a 3rd party, to try and get me to do their fucking job for them, and probably ruin my relationship with my neighbors in the process. They clearly didn't call the police about an emergency like they implied. I'm glad I checked up with them, i'm sure my other neighbors got similar messages.
These people do everything short of theatening to break your fingers. They'll say "We're going to call your boss and tell them you're not paying your bills. I'm going to try and get you fired." They threaten to tell your neighbors, to tell your children's school, etc. They'll call you 5-7 times a night demanding that you immediately send them the money.
There have been many stories of people who sent them a part of their bill, and then the collection agencies illegally used their checking account number to withdraw the whole amount, causing a chain reaction of them now being late on ALL of their bills, instead of the one they just couldn't pay.
So its no surprise that collection agencies would use something like this to fool people.
Yes, some people are deadbeats, but there are a lot of people who have lost their jobs and need to choose between food and their gas bill.
No matter what the Caller ID says, people aren't going to automatically pay their bills just because they hear "give us our money!" on the phone.
ResidntGeek
no morals = acceptable
corruption = good
greed = good
sharing = bad
war = peace
can spam = more spam
safer world = more terrorism
anti american = opposing views
safer = less liberty
Obviously, no one is going to buy that business knowing that they'll receive imminent death threats! He needs to go back to Marketing 101. On the other hand, he probably could sell the business for a nice profit because of the publicity that it has generated.
gShares.net
-------
artlu.net
Um, there are laws forbidding collection agencies to hide their identity.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
I remember from the whole debate a few years ago about phone company services that would reject blocked numbers that there were some professions such as social worker and public defender that made a case for hiding their home and personal cell phone numbers. A legitimate use in this case would have the spoofed number appear as their government office number, rather than their home phone.
Caller's should be allowed to block or reveal their ID, but not spoof it. Receivers should be able to accept or reject calls with a blocked ID.
I've had more than enough calls from "0" which were not from the operator. I've had plenty of calls from other numbers that are obviously false (not 7 or 10 digits). I've had plenty of calls from numbers that were "out of service" when I called them.
If the phone companies are unable to prevent spoofing, the government should implement laws either to make spoofing illegal or to mandate an upgrade to the phone system to make it impossible.
Edward Burr
Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
Anyone know how this is done? I can understand how to fake your cid number, but how can you fake CNAM? If I faked my number to a real friends number the terminationg switch would do a CNAM dip and display his number. How could I change the text of the name?
> Nathan Stratton nathan at robotics.net http://www.robotics.net
Since when is a person "formally notified" by phone? I always thought they had to be notified in writing, perhaps served by a process server.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
ehmmm, I believe that would be what bill collectors in their own very special jargon call a "letter"
People replying to my sig annoy me. That's why I change it all the time.
Spoofing caller ID is trivial, no great hack at all, and fairly commonly done. I'm amazed anyone cares (and have a sneaky suspicion that the news coverage and the "death threats" might well have been a way to sell a company for considerably more than the $5,000 or so it would have taken to set it up).
If you have anything bigger than an analogue copper phone line you can configure your PBX to send any number you like as your outgoing CallerID. It's no cleverer a trick than configuring your fax machine to send the wrong originating number.
Companies of all sorts have done this for years. Not just debt collectors and PIs, either. If you get a 'phone call from anyone at the New York Times you'll likely see a CallerID of 000-000-0000. Other companies will often send the main switchboard number at their HQ, rather than the direct dial number to the actual caller.
Spoofing it on a straight analogue line is a little trickier, but sometimes possible.
Those are excellent questions to ask.
X T, but otherwise resources for this kind of information are non-obvious.
Some information can be found by reading http://artofhacking.com/files/callerid/CLID-CID.T
That includes not threatening to kill someone beacuse you disagree with their products..
Dont lose sight of what is actually going on here...
---- Booth was a patriot ----
Caller id has never been foolproof. It depends on the originating switch to be truthful. As soon as companies got their own digital switches, spoofing was possible. Now that capability is now moving down to the level of individuals.
One line blog. I hear that they're called Twitters now.
After working at an answering service, I would page anywhere between 2-10 doctors a night with emergencys from hospitals or patients with sick babies, women worried about their pregnancys, adults having athsma problems, chipped/painful teeth, or other problems. Some that should go to the ER, some that could of waited till the next day, and others that just really just needed a call back. Doctors cannot give their home telephone number out. Most anyone who thinks they have a medical emergency thinks they should call direct instead of going through "channels." This means doctors use caller ID blockers.
There would periodically be problems with doctors using caller ID blocks being unable to call people back who block those calls, leading to sometimes unimaginable frustration in the middle of a medical emergency. The first time I saw this service, I saw immediatly that it could and probally would be abused, but for doctors who got stuck in that situation, it would be invaluable.
I thought the philosophy about grey-area technology around here was that you don't blame the technology - you blame the user. I guess that's only the case when it doesn't inconvienence us. A large amount of P2P transfers are illegal (or at the very least grey-area), but nobody blames P2P. So a large amount of Caller ID spoofing will be illegal or grey-area, and everyone blames the technology? Whatever.
Use your primary number for everything else, and also be sure to have voice mail in case a call from the primary is one you wish to return. This system works because:
-
When you call a business, caller ID and even ANI will only return the primary number. The ringmaster number remains your little secret.
-
Because you only give out the primary number, information trading services will be useless in trying to reach you against your will.
I have found this very effective in thwarting telemarketers. I have not spoken to one in years. This system even works against numbers that do not allow "blocked" caller ID. A demon dialer or trusted party that turns out to be not so trustworthy are the only weaknesses of this system.It's not like the man is running a web based puppy killing service, folks.
I was going to find some online puppy killing service, just to fuck around with you, but after several minutes of googling I couldn't find one.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
I can't help but wonder is maybe somebody explained to him that his service is inherently illegal for collectio agencies to use, since lying is specifically illegal under the Fair Debt Collection Practices Act:
15 USC 1692e:
A debt collector may not use any false, deceptive, or misleading representation or means in connection with the collection of any debt.
I thought that caller ID was done through the phone company and people couldn't alter it. And I always thought it would be a great method for dial-up authentication and private networking. With caller ID, a computer recieving a data call could identify that the calling computer was physically located at a land line. This would be extremely useful for businesses to business transactions and banking. Having to rely on encryption while connecting through the internet just isn't as secure as a direct physically secured phone call.
Sure, there could be legitimate uses; say for example that you have a call forwarding feature provided by the phone company and you are having calls to your number forwarded to a phone at your location. It would be useful to be able to have calls from that location display your caller ID if you need to return a call. However, that shouldn't be up to a company like this. It should be a feature connected with calling card billing; if you use your calling card from a remote location and it is being billed to your phone number, it should also display your caller ID. Connecting caller ID to billing would also work well for tax accounting. If you were making a phone call for business, you would want your business number caller ID to appear. And you would want the call to be billed to your business phone number as well, for tax purposes.
The options for using this service legitimately don't compare to the possible illigitimate uses for it. This would be the next "spamming" type of business, making money out of putting others through misery. The fact that caller ID is called "caller ID" is so that it can work just like proper identification. Using a service like this to pretend you are someone else calling would be the equivalent of using a fake driver's license, even though it isn't percieved that way by the legal system yet.
I can think of *one* good use for spoofing- calling cards. Why not have the company performing the calling card service to take the number you call them from and then spoof that when they make the call through their system?
Frankly, I think bill collectors already do MUCH more calling than is necessary to "get the money that is owed to them". The problem is not that they can't make initial communications, or remind people they still have an outstanding balance.
That's already accomplished much more effectively with the "past due" notices and "collection activity is being taken" notices they mail out on a regular basis.
Bill collectors really just use phone calls as a means of harassment, to wear down someone - hopefully to the point where they'll just pay the bill rather than being interrupted constantly by the ringing phone.
As just one example, my ex-wife ran up a bunch of bills on my Discover card right before she moved out. Even though I had the card itself in my possession the whole time )and her name was never on it as a co-signer), she used some old "cash advance checks" to get thousands of dollars for herself.
I alerted them as soon as I realized what happened, but they still claim I'm responsible for the charges. I tore up my card and refuse to pay (largely because there's no way I CAN pay!). They called both my home and my workplace about 6 times per day, on average - and on weekends, call several times, starting at about 8AM, again around 10AM and again around lunchtime. I finally just changed my home number to an unpublished number, but they still call my work as regularly as ever.
Lucky for me, my boss is pretty understanding about the situation... but any fool should know that if you're trying to collect money, you don't take steps that could get the person fired from their job as part of your efforts!
Send a certified letter.
Take them to court.
Often these bill collectors get a number and ring it continuously. Sometimes the person at the other end has little or nothing to do with the debt (parents, room mates, etc). After you've informed them of the debt, any more "reminders" are basically harrassment.
Has it ever occured to you that there may be valid reasons to have collection agencies coming after you?
:) /cheapplug.
I'm 20 years old and over $3000 in debt because of schooling expenses and a couple of periods of unemployment. Do you think I DON'T WANT TO PAY THEM? No, I'd love to pay them, I even moved back in with my parents to enable myself to have more money to pay back my debt. But that does NOT give them the right to call me everyday, refuse to say who they are until I give my name, and make me dread answering my phone. In NC, if you tell a collection agency to stop calling you, they're supposed to -- well guess what, law != practice in a lot of cases. Do NOT defend these bastards, unless you're willing to give me and all of the other people in my situation money to pay back bills.
Now, I will give it to you, there are people who go nuts and buy TVs, cars, other crazy things which they have no way to afford, but that's not the case quite a bit of the time. Perhaps you need to get your nose outta your checkbook and pay attention to the less fortunate of the world.
(Aside: No offense to any people who are homeless/destitute by the less fortunate remark -- I'm quite thankful to have a roof over my head and food in my belly on a regular basis).
Anyone wanna help me get outta debt? Paypal jasonlf@gmail.com
Jay | http://oldos.org
you really think 'the law' is a deterrent?
: //www.ftc.gov/opa/1995/08/grlakes.htm. ftc.gov/opa/2002/07/dccredserv.htmn sumeraffairs.com/news04/nco.htmlg ov/opa/2000/08/performance.htmg ov/usao/az/azpress/2004/2004-058 .pdfs t/lamb /0009.htm
http://www.ftc.gov/opa/1996/02/allied.htm
http
http://www
http://www.co
http://www.ftc.
http://www.usdoj.
http://www.usatoday.com/money/perfi/columni
debt collection is a highly corrupt business and its very nature demands employees who have low ethical and moral standards.
what they did was a criminal offense and you should report them to the feds. they can get fined under the FDPCA.
I will be remembering how funny /.'ers found this the next time somebody offers a software or hardware product which offends someone somewhere but has many legitimate uses. I don't have much sympathy for bill collectors as a whole but as someone who has on occasion had people not pay me (even though they have the money to pay) and simply ignore my attempts to get the money I understand how frustrating it is especially to small businesses. We don't want to get nasty about it but the system of annoying bill collectors calling you is far better than the one it replaced. Namely, bill collectors breaking your legs and stealing your stuff or getting you sent to debtor's prison.
I have been on both ends of the collections game and after just a month of this I can see why companies try to distance themselves from the nasty side of it and hire professional assholes to do the job
i mean come on...
businesses have just about every law on their side and now they are going to be allowed to mask who they are to trick you.
i just don't know what to think anymore.
the whole situation is discouraging and seems to be getting worse.
i'd propose calling my reps and senators but they are all pro-businessso i can't get anywhere.
although i'm open to ideas on how to persuade them to pass legislation banning the use of this product.
Is it 5:30 yet?
Can you think of any existing laws that would apply to enable prosecution of caller ID spoofing that would be criminal, rather than civil suits?
Fraud.
If there is no fraud, there is no crime.
It's odd that you mention file sharing because current criminal copyright law applies to people who are trafficing in illegal music and software, no new laws are needed in that arena either.
It's the same principle, the technology has the potential to be used for nefarious purposes, and those things are ALREADY illegal. It's idiotic to make one thing illegal because it could be used to do something else that is illegal.
Alcohol can be used to drive drunk. Guns can be used to commit murder. Rat poison could be used to commit murder. They all have the capability to be used for an illegal purpose and only an idiot would advocate making them illegal because of those possible uses.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Ever since I misdialed a number, relized it was the wrong number and hung up.
Couple minutes later I got a call with some ass screaming at me, so I hung up. And then again, and again. That jackass kept calling me. Finally, I changed my number.
Then there was the time I called someone on a business matter. Sometime later her husband came home, saw my unmber on there caller ID, called me up and kept trying to get me to admit I was sleeping with his wife.
Gah, I hate caller ID.
The Kruger Dunning explains most post on
Just disable it. You can do this with a single call to the phone company. Sending false information is lame.
By knowing my bank's phone number. If they leave me a message, I just call them back at their main 800 number. Not because I'm paranoid, simply because I have it memorized. It also, however, prevents any of this from happening.
Same thing with e-mail scams for eBay and the like. If I see something that looks like it's actually from a site I use, I'll go log in to my acocunt as normal. It will then get my attention, if they want it. Again more due to laziness since I use pine over SSH and thus cannot click links.
Note to self: always say "that's not what we have on record" for the first time, if the victim says something different then note that, otherwise if she complains say "oh, I'm sorry, that was the right [password/maiden name/swiss bank account/credit card number] indeed."
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."