Slashdot Mirror

← Back to Stories (view on slashdot.org)

Caller ID Spoofing Firm Gets Death Threats

Posted by michael on from the guess-people-like-their-caller-id dept.

Frankie70 writes "Three days after the startup company Star38 began offering a service that fools Caller ID systems, the founder, Jason Jepson, has decided to sell the business. Jepson said he had received harassing e-mail and phone messages and even a death threat taped to his front door -- all of which he said came from people opposed to his publicizing a commercial version of technology that until now has been mainly used by software programmers and the computer hackers' underground. Details in the Houston Chronicle. Earlier ZDnet article about the service."

15 of 426 comments (clear)

  1. Obligatory Joke by Anonymous Coward · · Score: 5, Funny

    Attempts to trace the harassing calls failed due to their use of spoofed Caller ID information.

  2. Good ridance by Nos. · · Score: 5, Insightful

    Death threats may be going a bit far, but I don't really see a "legitmate" reason for a service like this. Telemarketers and debt collection agencies can NOT use services like this (at least where I am) and I really don't see a legitimate use for a service like this. I just wish it would be cancelled not sold to some other company.

    1. Re:Good ridance by ResidntGeek · · Score: 5, Insightful

      It'll make the phone companies fix the problems with their systems. People shouldn't be able to do this, and nobody will be happy about it, so the phone companies will be pressured to fix it.

      --
      ResidntGeek
    2. Re:Good ridance by double-oh+three · · Score: 5, Funny

      One good use I've heard of is pranking friends/enemies. A joke is a legitimate use. Say you've got a friend in the federal government that's looking to be upwardly-mobile. Spoof the White House's phone number. For the overly, overly religious; (666) 666-6666.

      --
      "For years, I struggled with reality... but I'm happy to say I finally won out over it." -- Elwood P. Dowd
    3. Re:Good ridance by dave420 · · Score: 5, Interesting
      Credit/collection agencies, bail bondsmen, PIs and even Repo men can call from lines that don't announce who they are. I mean, you wouldn't have a line registered under your business if it's a liability to your profession. The use of an alternative name is understandable and legal, it doesn't warrant a technology like this. As for pretention? That's just ridiculous. You're suggesting it's use as a marketing tool is a good reason to allow it? Do those feelings extend to spam? Practical jokes? Now I know you're scraping.

      The only use of it is deception. It can only do harm - there are no legitimate uses for it.

      If you really want to freak people out pretending to be god, just change your name by deed poll ;)

    4. Re:Good ridance by Anonymous Coward · · Score: 5, Interesting

      Hackers are never the problem.
      Easily exploitable vulnerabilities in a system are.

      I don't really agree. It sounds more like a black-hat justification than a real analysis.

      In an "ideal" world, we wouldn't need locks on our doors or passwords on our computers, because people wouldn't be trying to steal from us or cheat us. There are actually still a lot of communities where the crime rate is low enough that locks aren't used most of the time. We never locked our house when I was growing up. It's a nice way to live, not worrying about other people being dishonest to the point that you get hurt. The small percentage of people who just can't be bothered to play by the rules end up hurting everyone else. The hackers are the problem.

      Now, admittedly, we live in the real world. In most areas, including on the Internet, you can't trust your neighbors anymore because there are too many of them. That means we use locks and firewalls. They will never be perfect, anyone qualified can tell you that it's always a compromise between security and usefulness. Everyone, and every new technology, has to pick their compromise and hope it works out. If they're lucky, the attack rate will be low enough that it doesn't cause too much damage. If not, or if they make mistakes and end up with a worse compromise than they thought they had (nobody's perfect), then the technology becomes a liability. In that case, easily exploitable vulnerabilities are also the problem.

      To make up for the fact that no system or technology is perfect, we have laws that try to prevent people from destroying everything that anyone builds simply because they can. If people exploited every weakness of every system, society would fall apart. (Or at the very least it would look like one of the future distopias in sci-fi.) That's why we jail hackers. Not to try to pretend that network security, but to add an extra level to it. Violate my security protocols, and you are going to find yourself on the receiving end of my criminal justice system. It's a lot of work for an unpleasant reward, so maybe less people will do it.

      In this case, I don't see a legitimate reason for the spoofing. They have gone to the trouble of giving you an easy choice to provide your ID or not to. You can default either way, and switch per-call easily. With a few exceptions (giving the main office number instead of your private extension), there's really no reason to give a false ID. If it was just the hackers doing the spoofing, the rate would be low enough that the technology would still be useful. If anyone and everyone can send whatever ID they want, then the technology is likely to be abused to the point where it is useless. Then millions in investments go down the tubes and millions of people lose a useful service, not because it was dangerous or harmful or anything, but because it wasn't perfect and someone decided to destroy it for personal pleasure and profit.

      I don't condone the death threats, but I wouldn't turn in the person if I knew who it was.

    5. Re:Good ridance by xigxag · · Score: 5, Insightful

      This was exactly on my mind when my bank called me the other day. They left a message on my machine to question some unusual charges that had been made, and said to call them back.

      Caller ID identified them as my actual bank.

      When I called, the rep asked me for my card number and my mom's maiden name to verify. I gave them the information, but how do I know for sure that I wasn't just pwned?

      More generally, how is one ever supposed to tell in the future that one is not the victim of a phish? The Star38 guy said he was likely scammed himself, and you'd think he'd know better.

      In my particular case, the way I handled it was to initially give the "wrong" maiden name...then the rep said, "that's not what we have on record." At that point I knew she was legit, but one can potentially see this escalating to Frank Herbert-like levels of feints within feints, with the pro more likely to be one step ahead of the mark.

      --
      There are two kinds of people: 1) those who start arrays with one and 1) those who start them with zero.
    6. Re:Good ridance by rich_r · · Score: 5, Funny

      The call was probably along the lines of "get off our lawn and take your damned pants with you" ;)

  3. Easy to trace by usefool · · Score: 5, Insightful

    If it's a death threat, police should be involved and trace the originators. Email and phone calls should be easy enough to trace if there's serious crime associated with them.

    And if the phone threat's caller ID is spoofed, well, at least the threats are directly supporting the spoofing service.

    --
    Uselessful technology (Air-Charged
  4. Kill it! by CptnSbaitso · · Score: 5, Interesting

    From the houston chronicle:

    "The backlash against Star38 is the type of friction that can arise between for-profit software companies and hackers who resent the commercialization of technology they believe should remain free."

    I really want to know if the majority of threats were from people who wanted the services to be free or if they were from people who decided that they didn't like the service at all! I fall into the second category and I'll bet everyone else does too!

  5. Bullshit Detector by Anonymous Coward · · Score: 5, Insightful

    *beep* *beep* BULLSHIT ALERT *beep* *beep*

    The entire premise behind this "service" seems to be: fraud. I can think of no legitimate uses for it.

    And now, the creator of the service is looking to sell out? If it's a dangerous life, why not just shut down? Obviously, he's looking for a quick buck, at the expense of the rest of us (and whatever shady organization snaps this up). ...and this is just more free advertising.

    1. Re:Bullshit Detector by gad_zuki! · · Score: 5, Interesting

      > I can think of no legitimate uses for it.

      I'll play devil's advocate. People say the same thing about anonymous remailers, proxies, etc. I understand there's a difference between spoof and anonymous but lets see:

      Civil Disobedience.

      Bond/Repo Men/Private investigators.

      Complaing to people in power without revealing identity or giving off the "CALLER ID BLOCKED" message.

      Getting around hairy social or legal situations in an ethical manner. Remember, legal does not equal correct. Illegal does not equal incorrect.

      Road warriors "spoofing" their work phone numbers and not their cell numbers.

      and of course the #1 reason:

      Teenage girls calling boys they like, giggling, and hanging up.

  6. It should be all or none by egburr · · Score: 5, Insightful
    Either anyone should be allowed to spoof their ID, in which case caller ID becomes worthless, or nobody should be allowed to do it. Some types of companies are prohibited by law from spoofing their ID, and for good reason. The phone companies should implement a technological means of prevention for this, and not allow anyone at all to do it.

    Caller's should be allowed to block or reveal their ID, but not spoof it. Receivers should be able to accept or reject calls with a blocked ID.

    I've had more than enough calls from "0" which were not from the operator. I've had plenty of calls from other numbers that are obviously false (not 7 or 10 digits). I've had plenty of calls from numbers that were "out of service" when I called them.

    If the phone companies are unable to prevent spoofing, the government should implement laws either to make spoofing illegal or to mandate an upgrade to the phone system to make it impossible.

    --

    Edward Burr
    Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
  7. Re:Who would do this? by chimpo13 · · Score: 5, Interesting

    The guy lives in a gated community and a person managed to stick a note on his door and escaped unnoticed? I don't think so.

    Ho, ho, ho. People who believe they're safe because they're in a gated community just aren't thinking. When I'd help my friend repo cars, gated communities didn't even get a 2nd thought. Not even the fancy-pants ones like when we went to MC Hammer's house.

    And when we'd drive into a gated community in an obvious repo truck past the guard, well, that's the risk at hiring guards for 8 bucks an hour. You don't get the brightest guards out there and you don't lie to them to get in.

    But I think this guy is just trying to make a quick buck and sell his business. If you're doing something shady, you have to deal with shady people.

    --
    riding round the world on an old motorcycle
  8. I'd like one. by geekoid · · Score: 5, Interesting

    Ever since I misdialed a number, relized it was the wrong number and hung up.
    Couple minutes later I got a call with some ass screaming at me, so I hung up. And then again, and again. That jackass kept calling me. Finally, I changed my number.

    Then there was the time I called someone on a business matter. Sometime later her husband came home, saw my unmber on there caller ID, called me up and kept trying to get me to admit I was sleeping with his wife.

    Gah, I hate caller ID.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect