Slashdot Mirror
Caller ID Spoofing for the Masses
lolly72 writes "SecurityFocus has a story on a new U.S. website offering a caller I.D. falsification service. It's called Camophone. It's being advertised in Google ads that appear with search results for Star38.com, which was the the last service to try and make money off caller I.D. hacking. But unlike Star38.com, Camophone isn't limited to collection agencies and private investigators, and it doesn't cost $125 to sign up. Anyone with a PayPal account can use it, and at five cents a minute, probably will. Who do you want to fake out today?"
I am not a proponent of bigger government but I think that this is something that should be made illegal. Communication is too important to our society. It's one thing to block your I.D., it's a whole 'nother thing to falsify it.
It is most likely a mistake for them to boast of their annonymity. Someone will figure out who they are and I am betting that more than intrepid hacker will take down Camophone's website repeatedly.
We should keep track of this one for a while, it should get real interesting.
http://www.busyweather.com/
you can already do this using an asterisk pbx and a VoIP provider. Although once this starts being abused I doubt it will remain a feature.
time is a perception of a being's consciousness
time is your 6th sense, the wierd ones are 7+
I signed up for the service while this article was still in the mysterious future. Tried it out, didn't work.
I got to file my first Paypal dispute claim!
Seriously though, the website is just text and there's no contact info for anything.
Scam.
Now we will have scammers blackmailing businesses with the threat of sending falsified phone calls to the general public.
...since caller ID doesn't work half the time anyway.
Or /. it!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Of the /. story, that is? Their website is currently up (this posting will probably be the 10th or so), but is surprisingly minimal. No images at all. Plain, unadorned HTML. Not even a CSS file.
I have a feeling they'll withstand the slashdotting.
This could make telemarketing nearly untraceable, a company just uses a call center that utilizes this technology, and people will never know where the phone call is coming from. Imagine getting a phone call from a telemarketer, and it says 911 on the caller ID.
I'm glad this happened. I am so sick of people using Caller ID as an authentication mechanism. It has been so easy to spoof if you had connections before and is even moreso now.
:)
My cell phone doesn't even require a password to get to my voicemail because it uses caller id. Every credit card I've activated required me to call from my home number, verifying it with caller id. When I order pizzas, they verify I am who I say I am with caller id.
It is ridiculous and is worthless as an authentication mechanism. Its only use is a convienience, to decide if you want to answer the phone. Lesson: don't rack up bills you can't pay
Anyway, it's always nice to have another way to screw with your friends' minds.
With such a professional-looking website I can't see how this can possibly go wrong.
Hey the caller ID says Oliver Klozoff...
Let's get one thing perfectly clear, I did not vote for George W Bush, and I do not endorse what he does or says.
"
So which one of you smartasses is messing with me?
as old as the Hot Grits in Natalie Portmans' pants.
and Natalie, baby... I wanna heat up your GRITS!
...911 calls you!
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
The call shows up to be from 425-789-4268 - it doesn't show the Caller ID info that I put in. I guess I'll have to file a Paypal claim too.
These services are the harbinger of a dazzling array of VoIP services just over the horizon. Today's telcos need millions of customers to want any given feature before it's worth their while to roll it out, because of their monolithic architecture. While a VoIP service can be plugged into the VoIP pipeline by a startup, putting their feature server on the Neb, and accepting connections through open, standard protocols. Anonymizing or spoofing are just the kind of TCP/IP services we'll see. And since the infrastructure is much cheaper, and more competition can get started globally, the prices for niche features will be much lower than the rates for voice provisioning itself.
--
make install -not war
to get a call from Jack Mehoff.
This company is probably nothing more than someone running Asterisk, using Nufone for the PSTN service.
/var/spool/asterisk/outgoing and bridge the two calls together.
A simple php script will dump a callfile into
Then all you need to do is write something to manage user accounts, and accept paypal payments and bam. You've got camophone.com.
This whole configuration could probably be whipped up in a day.
Figured $5 through PayPal (and yes, it really was PayPal, not some spoofed tab or scam site) was worthwhile.
However, even though their FAQ said it would be ready in 30 seconds, my account still shows zero minutes. Don't know if that's because PayPal takes a while to do the transfer, but I wasn't about to use a credit card with them.
For what it's worth, their "Privacy Guard" service page looks like this:
Camophone.com Home | Login to Privacy Guard | Frequently Asked Questions | Signup for Service
Logged in: das
Time Remaining in Seconds: 0
Time Remaining in Minutes: 0
Recharge Account
Enter all phone numbers without a leading "1" and with no dashes or spaces. Example: 9095551212
Caller ID must be ten digits to be passed properly through the telephone network. When the system calls you, the caller ID you set will be sent to you as well.
number to call [recipient]: (format: NPANXXXXXX)
your number [caller]: (format: NPANXXXXXX)
caller ID to send:
This is actually really easy to do on any switch with a PRI line. The originating switch is responsible for sending out the calling line. This is why sometimes you see just extensions, or 0 or nothing when you get a call from a compaany's PBX. The funny thing is that some phone companies are still using the number sent out for billing records. This is where it gets into fraud. I know as recently as last year, if you spoofed the caller ID, Qwest (in Utah) would bill the call to that number. Although, there is nothing funnier than making the Whitehouse (202-456-1414) shouw up on a caller ID! I guess I better post this anonymously now that I said that :)
...as a starving college student, managing a pizza hut, I have to say.... SHAME!
Caller id is provided by the originating PBX and has always been unauthenticated - that's why this service works. If you choose to withhold id, the system sends your id anyway along with a flag saying "please don't display this."
The system has been broken for years. Now that's it's easily abused, maybe it will get fixed.
Then again GnomeMetting and calling cards from Linuxjack.com pretty much gives us spoofing anyway. Not that the phone number is spoofed in any way, it's just that it changes once you've used up your calling card and buy another one.. Personally I've assumed this to be a bad thing, but I do see the value with all this talk about caller id spoofing....
9/11: Never forget it was a false-flag operation
Why do we need the government, when our address books can authenticate the caller cryptographically? Unfamiliar callers should all be treated as untrustworthy until proven otherwise. That can be established through an automated web of trust, and callback, or shunted to voicemail or /dev/null. Distributed software is much better protection than the FBI, much cheaper, and doesn't come with dirty stormtrooper boots muddying up your foyer.
--
make install -not war
Out of interest is there a single possible legitimate use for this?
That was Satan, using Camaphone. You've been pwned!
http://www.busyweather.com/
[from RTFA] The Camophone site was reportedly registered using a proxy in order to hide the identity of those who run it. They were afraid of receiving death threats like star38. Now, what would that imply about the legality/desiredness of the service? ...
...in Sweden you only have to enter a certain prefix before you make your call to make it anonymous. This is the way to do it IMHO. Or you can, if you want, tell your phone provider to list your number as secret.
I know for a while there has been a phreaking tool called Orange Box, which supposedly lets you spoof caller ID. But my understanding is it only works *after* the other person has picked up the phone, so it's not really good for much, or at least it's a lot trickier to take advantage of.
Of course, there is a very cool software version of this tool: Software Orange Box, here. You enter in the caller ID details you want to spoof, and it generates the phone tones that transmit that data, which you can then play thru your speakers and to the phone, or connect directly to the phone for better results.
Again, it's not a great spoofer, but it is pretty cool to mess around with.
this is *the* faq on orange boxing.
-------------
Rate free iPod offers: RateTheOffers.com
(Flat screens and Desktop PCs too)
I only pick up calls from people I recognize, sort of a mental "whitelist". The fakers would have to get the names and phone numbers of people I know, otherwise they get my answering machine.
Let 'em try faking Caller ID -- it just raises the bar a little. The appropriate countermeasure is a challenge/response scenario where authorized callers have a PIN number and the rest go to voice mail. I can't wait to see how much the telcos enjoy losing their Caller ID revenue stream when people get annoyed with faked calls.
When someone offers a reliable, professional version of this service that's affordable to everyone, people will stop trusting Caller-ID and stop paying for it.
You'll also see political pressure to regulate such services, mostly from the telcos who see revenue from CID drying up. Eventually, I think a compromise will be reached:
You'll be allowed to spoof your ID, provided it's from a non-existant # or a # you have permission to use. There will also be a legal requirement to keep logs so the police or civil courts can issue subpeonas.
Under such rules, people who want true anonymity will be forced to use international versions of this service which will show up as "out of area" or as an international #, or break the law.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
nuff said for me...
The ISP community has long had Acceptable Use Policies which forbid certain things (such as sending out spam). This is because when I get spam, I can fairly easily identify where it came from with the help of traceroute and whois, and its in the interest of the ISP not to have problem customers.
Unfortunately there is no way for me to trace the provider behind that sales call with the caller-id of my mother's phone, short of obtaining a court order. Thus, there is no incentive whatsoever for the phone companies to enforce caller-id. If phone providers provided the ability to trace the call (hopefully voluntarily, or even by law), this would not be an issue.
Traceability is what we need, that's all. Caller-id faking should be legal. But more likely what will happen is the lawmakers will make caller-id spoofing punishable by death and declare this a non-issue.
"Hi, this is the Big Name Legitimate Charity, we're raising money to promote the glorious teachings of Adolf Hitler. Would you care to make a donation [click] hello? hello?"
Word spreads, and Big Name Legitmate Charity's contributions dry up.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
You have 1 new message...
.....
This message was left today...
by....
George W.
guess what. the old fashioned method still works. just hang up on them. regardless of what CID says. duh.
or. ever try screening with an answering machine..? that works well too!
abcdefghijklmnopqrstuvwxyz
I know that many calling plans (Nextel cellular for example) have free incoming calls. Would using this service effectively give you .05/min calling on your cell phone?
Honestly, it's much simpler and cheaper than constantly trying to "one up" the next technological doohickey.
Just my Luddite $.02
blue
Folks, I'm all for cool technology, and I realize one can spoof caller id information. But caller ID can be a very good thing. I know...
Three years ago I had the very unpleasant surprise of finding out my (ex) wife was having an affair. Unfortunately, she had also decided on using tactics designed to ensure her utter victory in the divorce. She'd actually purchased books (I saw them), giving her advice on dirty divorce tactics - "Divorce War! 50 Strategies Every Woman Needs to Know to Win." Apparently, one of the recommended strategies was to call your ex and try to drive him nuts - hopefully he'll say something nasty and you'll be able to bring it up in court, etc.
Well, I realized what she was doing once I started getting anonymous calls at 2:00 - 3:00 AM. Strange, nasty stuff, weird messages. Technology was actually useful - the caller ID information allowed me to get a pretty damn good idea of who was calling. (Hint would-be-nasty-callers: remember to hit *69 before you call!). The police thought it was fun, too. Caller ID and outright stupidity saved the day.
Look, in my case I wasn't directly threatened. it was cruel, it was viscous, it was nasty. But I was never in any danger. However, what if it had been something dangerous? When one's depressed, your willing to listen to anything - and when you see the ID comes out as "Police" or "Crisis Center" - you could be lured into a bad situation. This is real folks - stalkers are out there, I've seen and heard it.
All technology can be abused, I know that. But in this case, let's try to prevent a service which provides fundamental identification information from being turned into something potentially dangerous.
Incidentally, she pretty much wiped me out. Bummer. But all in all, it was for the best...
/* Dang, I can't type that well. */
Until a few years ago, you had to spend some real money to spoof caller-ID to an arbitrary number. Sure, you might find a PBX w/ weak security and use it as your fake #, but you couldn't just pick any random #.
In that sense, it was good enough for "low-loss" authentication like pizza deliveries, and a good-but-imperfect idea for things like "call from your home phone to activate your credit card."
Not any more.
I expect within a couple years that credit card companies will be doing call-back verification - you call them, then they call you back AND send you a confirmation in the mail.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Watch the telcos find a counter-counter measure that they can bill you for.
Remember.... it was first caller id.
Then it was caller id blocking.
Then it was a service to block blocked caller id's.
Not it is a service to spoof caller id.
And like lemmings, we pay for this crap. Or, I should say a lot of people pay for it.
You have just finished explaining that your Credit Card company uses caller id to verify who you are when you call. Then you say you are glad this happened. Listen to yourself.
He's glad because the more wide-spread CallerID spoofing is the less people will rely on it for authentication. Since it's not reliable authentication, if you desire reliable authentication this is a good thing.
It's like a social security # - we really ought to just give this out to every body freely at this point as a national ID # - it's not a secret.
But the cat still has his tail in the bag, so people still pretend like the SSN is secret and knowledge of it is a reliable authenticator. Of course it isn't secret at all, yet people pretend like it is, because it's easy to do so. If it was offically our national ID# people would have to come up with something better, yet that would take some effort so they're perfectly willing to continue with their silly charade.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
CallerID is spoofable, but ANI info is not.
So I want the ANI info in my CallerID line. Why is this hard, or why are the Baby Bells unwilling to do it? They could sell "CallerID+" for an extra $2 per month.
Interestingly enough, VOIP may be the only way to authenticate callers reliably (in some future iteration with something like Domain Keys in SIP, perhaps). I bet a VOIP provider would be more willing to provide ANI information. Heck, maybe it'll spur adoption.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
In theory, ANI is spoofable, although I don't know enough about it to say how to do it with any number.
An limited mechanism is to use a callback system, but it requires the cooperation of the person whose # you want to fake.
You call a spoofing service, they call you back, then 3-way-call you to the 800#. The spoofing service's # shows up instead of yours.
Same thing works for 911 or any other service by the way.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Maybe that explains why the fire department showed up here the other night. "We" apparently called and reported a fire. Dispatch then said it came from an "invalid" phone number.
Bastards wasted the time of more than a dozen firefighters and several trucks on a prank. And it wasn't even a good prank. I hope their houses weren't on fire that evening...
Just use a calling card...
I have a calling card that I got through WalMart. The caller ID comes up as Denver, CO. I live in PA. This is via my cell or my land-line...
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
In the 80s, new features required completely new software on a telephone switch, which meant several YEARS of testing for something as simple as 3-way calling.
In the mid-late 90s, switches started using adjunct processors that could add new features without upgrading the switch's core software. This dramatically reduced implimentation time for new ideas, and made it possible for third-parties to "plug into" the switch and offer their own serivces.
It didn't happen where I live, but in theory, 100 different "startups" could colocate at a telco's switch, each with their own adjunct processor, and each offer their own custom services. For example, one might offer call-forward-no-answer, another might offer conference calling, and another might offer voice-dialing services where you spoke, rather than dialed, the number. A company geared toward the tinfoil-hat crowd might offer to record all your calls for you and hand-deliver a tape by courier within the hour. Nobody in my region offered that last one.
With VoIP, this just got a lot more flexible and a lot cheaper to impliment, at least on the technical side. The "business" side, that is, marketing, customer service, etc., is relatively unchanged.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Man, I gotta get cracking on a way to soak some cash out of you paranoia wonks.
NOW FOR SALE! High tech voice masking system. Scrambles the tone of your voice so not even your own grandmother will know it's you! And you can't trust her! Oh, no! You know she's watching you with nanocameras in your colon and reporting your every move to the Library Of Congress!
The Voice Scrambler 7000 is constructed of genuine Corintian leather. Just wrap around the part of the phone you, like, talk into, and your voice will be changed like magic! All this for only six payments of $79.95. And if you order now, we'll throw in a bottle of HyperBlue Stain remover to keep your Voice Scrambler 7000 clean and free of spittle.
Quantities are limited! Act now! The first 20 caller get a freah roll of tinfoil for their fat heads!
--- Ban humanity.
So, I decided to see if a credit card paypal transaction would be any "faster".
:-)
It did indeed show my account credited with 100 minutes.
But the service did not work.
I *really* *don't care* about the $10 I've now wasted; just wanted to see if it worked or not.
Anyway, there ya go.
We get several calls a day here from telemarketers and it seems most of them send the Bellsouth phone number. I called Bellsouth about it, the operator didn't even seem to realize it was possible to spoof your callerID signal. I never answer the damn thing anyway. -Tyler D.
Imagina all the fun you could with this on hallowe'en? :)
I only need it for a few seconds at a time!
If you just want to hide your number, not necessarily spoof your enemies, any calling card will do, like another posted mentioned.
I use OneSuite as my long distance service because their rates are excellent. Caller ID from OneSuite shows up as either Unknown or some random out of state number.
I'd have a real hard time giving these guys any financial info on myself (including PayPal info) based on their website. They come off as a site that does a blind url redirect to their aol account, gathers as much financial data as they can, then runs off to Jamaica to spend the rest of their life in the sun.
My KID can make better websites than that!
You can login to check out the interface with their unguarded testing account:
user: test
pass: test
No cash on the account, but fyi.
No one's mentioned that Caller ID isn't really used for that much authentication. Let me give you a little bit of background on caller ID.
There is actually two types of calling number identification one being the popular Caller ID which as we know can be manipulated and blocked and the other being ANI or Automatic Number Identification which the user has no (or minimal) control over. Caller ID is used for the little displays on your phone and can have a flag set to block it, as well as define what number displays usually on outbound or two way trunks for use with DID (Direct Inward Dialing).
The reason the phone companies allow you to set your outbound caller ID is so when you are using DID, you can have people reach you back directly instead of thru the companies generic number. Now a little bit of background on DID: Mid and large sized companies use DID for everything, it's how everyone has a seperate phone number or fax number on their desk. It would be uneconomical for the businesses to bring in a seperate phone line for everone in the office, so they share them. So say for example a company with 100 employees would have a block of 100 phone numbers, but only 23 incoming phone lines, any number can come in on any one of those phone lines and the company's PBX determines which desk to route the call to. Pretty simple. So when an employee wants to make a call, again he can use any phone line, and the PBX sets the outbound caller ID to his real number so it's easy for people to call him back. Some phone companies limit you to what Caller ID data you can send them, (which makes sense that you can only have outbound Caller ID on numbers that are in your block.)
ANI always knows the calling trunk, and location. It's what's used for credit card verification, 911, etc. You can't block it and usually can't set it. ANI is transmitted (amongst other things) over SS7, which is basically an out of band protcol (which actually does carry caller ID too) that is used between switches. Few companies have phone systems that speak SS7, or a link into the SS7 network for that matter, it's just not useful. Phone companies would crack down pretty hard on fake SS7 info, because they could loose money on billing.
So in summary, Caller ID - not secure, ANI - A little more secure.
Nobody needs telco services to implement PIN authentication; you can do it yourself. Some of the high-end answering machines are like a miniature PBX; it won't take long before they screen all incoming calls for you. I believe there are some that already do.
The ultimate telco nightmare is when commodity hardware replaces network-based services. If the telcos don't defend the integrity of Caller ID, the problem will be solved without their participation.
Telco equipment is still "vertical": NorTel switches require NorTel plugins. The most important vertical "silo" is the telco itself, which might outsource feature supply, but users get all their services from the telco, in whatever bundles they integrate and sell. No third party service provision direct to the customer, integrated with telco equipment or services, has ever survived. Even something as simple as DSL was blown away by the telcos' extreme competitive (including legislative) advantages.
:). This callerID spoof is an example of the blurred lines. Those blurred lines will make transition to VoIP smoother, bringing the benefits of open interop to every user and provider.
VoIP is different. It's inherently distributed. Since it's entirely executable on commodity hardware with open source software and published standards, distributed interop comes first. So a component architecture is available for any integrator, even an agressive end user. Of course all that changes the marketing, customer service, technical support. Even the "customer care", integrated billing and customer service, becomes a necessity rather than a luxury, and gets pushed closer to the customer than in the proprietary telco model. Customer care itself can be an addon from a third party with aggregated niches around the Net.
Sure telcos have slowly moved towards their versions of some of the features and architectures of VoIP. The ATM long lines network between COs is VoIP (for lowercase "i" and some value of "P"
--
make install -not war
Remember the old movies where the police had to stay on the phone long enough with the bad guy to trace the call? At this rate, it looks like we may have to go back to that all over again.
How It Works
Making Calls with Privacy Guard -- To make a telephone call, you fill out our simple web form with 1) Phone number of party you are calling, 2) A phone number to reach you, and 3) The Caller ID you wish to send. At the click of a button, the system will call you first, then call the party you are attempting to reach. The called party will receive the caller ID that you specified. The system will then bridge the two calls together. This method is private and untraceable.
Given that the method they use to operate requires them to do the calling to both parties, does that mean you can get away with getting free long distance calls?
Live forever, or die trying.
Comment removed based on user account deletion
Call the local operator and ask them to place your call to the toll-free number. Obviously this doesn't work with toll calls, but they'll do it for you on toll free calls. It's been a while since I tried it, since I have little reason to hide when placing calls, but it's surprising how often they have no trouble doing it for you. I was never even asked why I wanted them to place the call.
[insert sig file here]
Hello, this is Alec Baldwin from the Film Actor's Guild. If you don't believe it's me, look at the Caller ID. You'll see our acronym!
Imagine having the Caller-ID "John Kerry Election Committee" and then completely fulfill the undecided voter's notion that John is a liberal weiner flip-flopper.
Or, calling up as a "Gallop" pool, and then ask the question: "Would your opinion of Howard Dean change if you knew about his history of spoucal abuse?" (an actual push-poll question designed to lead the callee to assume that Dean had a history of abuse, which he doesn't).
What great political fodder!
I would have thought CAMEOCaller would be a cooler name.. I mean, look at it.. cameo?
Maybe I'm just getting old, but doesn't this seem lame as hell? Sure it's fun calling up your buddies T-Mobile cell phone # and getting into his VM, changing his greeting to something ubscene..but..
Doesn't this just seem rather weak? It's only fun for about 5 minutes and has been around forever. For me, it's like the equivilent of spoofing smtp headers. MAN, THAT WAS FUN IN 1994...
I guess I'm just getting old and bitter.
If I'm hijacking a PBX with outgoing trunk lines 212-555-1000 through 212-555-1999, I don't know how to make my "outgoing" call to 911 or 1-800-hot-sexx look like it's from 303-987-6543 or any other arbirtrary number. If I knew what I was doing, I probably could make it look like it's from any of the #s the PBX typically shows on its outgoing calls.
Your point about internal calls is well taken. Hope someone mods it up.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
As soon as some terrorist or financial scammer does major damange due in part to an unprotected switch, you'll see telcos start paying more attention.
Can you say "lawsuit?" I knew you could.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Well in the UK at least there is presentation caller id and true caller id. For withholding the number a null value is specified for presentation id, but the true caller id is the same. Similar for companies/PBX's - departmental lines can be configured to present the switchboard number for the presentation id to prevent customers from calling back on the internal line - instead they are forced to return the call to the switchboard. However true caller id can still be detected by the telco as it is used for billing purposes. Also this is necessary for law enforcement etc.
Anyway even if the number is withheld (presentation clid=nul) the true caller id is visible by the telco and by law enforcement (with specialist equipment and/or links to telco exchanges - unclear on that)
Anyway this is Uk stuff but the USA AFAIK have similar implementations. Anyway it wont be too difficult to find the true CLID in cases of serious abuses etc.
I dont see any merits of this service.
Question (as IANAL): is there any federal (or state) fraud / deception laws in the USA which could prohibit such activity.
***Irrelevant parentetical statement follows***
Or is fake CLID protected free speech like kiddy pr0n, spam, etc
***end of irrelevant parenthetical statement***
Please do not mod as troll due to the irrelevant and sarcasrtic parenthetical statement above.
I don't understand this whole PayPal thing. PayPal has repeatedly and maliciously (from what I remember) messed around with their customers' funds, they're expensive as hell, and it's very amateurish. 1. Why would ANYBODY use PayPal and more importantly 2. Why would ANYBODY give money to a company that only had PayPal as an acceptable payment method? It's very simple: if you want to buy a service from a company that only accepts PayPal: don't. It's gonna be either a scam or a tiny, fly-by-night company. Any legitimate business can accept credit cards. It's very easy to do (and much much smarter from a business perspective). And to all of those people who are convinced that PayPal is perfectly acceptable, just PayPal me $20 and I'll send you a great penis extender...
I don't respond to AC's.
Its *76 to block calls here.
Some calling cards have a feature generally called 'pinless dialing', where you can set up a list of numbers. If you call from one of these numbers, you do not have to enter your PIN.
:-)
So, if you know someone who uses that, you might pay more per minute than they are paying for the calling card.
Either way, pretty serious risk for people who use cards to call other countries.
I started doing this a week ago using Asterisk+NuFone.. hopefully NuFone doesn't have to change their rules any time soon. I thought about setting up a service, but was afraid of the legal consequences. Here's the easiest way to do this: Download and install this CD Xorcom Debian/Asterisk CD ( Linux+Asterisk Debian Distro ) Purchase a DID from Voicepulse Purchase $5.00 worth of minutes from NuFone.net Download the cidspoof.agi script Configure your extensions.conf in Asterisk.. fire it up, call the DID, enter the spoof number and outgoing.. voila. It will end up cost you like $15.00 for a month or 250 minutes worth of spoofing time. =)
For some reason, someone thinks my land line is a fax machine. 2 or 3 times a month, I get a phone call in the middle of the night, which sounds like "Beep Beep Beep"
So, I hooked up a computer to receive faxes.. and got something trying to get me to invest in gold.
It was really bad one day, where my wife got 10 calls over the afternoon. She called Verizon using her cell right after the call had happened.. and they told her that they couldn't tell where the call was coming from. There is a * code to put a trace on a phone call, but of course.. it didn't work.
So, my question is this: How can the phone company not know who is calling me? Verizon's only offer was to change my phone number -- a move that they would charge me for.. and one that would make me wait 3 months to get back on the do not call registry.
Any telco experts out there?
Geesh, where were you? We were doing that back in 1989.
I want to delete my account but Slashdot doesn't allow it.
I'd like to be able to block all incoming calls that spoof numbers. As they're invariably people I don't want to talk to anyway. There's usually two or three new calls a day on my phone's display that point back to bogus numbers. "The number you are calling is not in service. Please hang up and try your call again." With ID spoofing you can't even call them back and request to have your number removed. Not that it helps much. They just resell the info.
Like I posted with *38 came out, there is another company who has been doing this for YEARS now...
www.wildgate.com
Get a pre-paid account, and change your outgoing caller ID to whatever you want via the web - then when you dial out, that's the number.
Limits: not to 8xx numbers (of course, because that's ANI)
not to local to LA area (because of course, the LA Xchange will take over)....
I've had an account there for a while.. even spread the word to Mitnik back in the day b4 * came about.......
No one has mentioned that Caller ID and Star 69 pretty much eliminated the problem of women being harassed by obscene phone calls and threatening phone calls. Lots of pervs got their jollies threatening women. They'll do it again if they can spoof Caller ID and do it cheaply.
...you only have to prepend 141 to the number your dialing to have your number blocked, also you can call BT and have them bar your number (which will also remove it from phone book listings) permantly.
For mobile phones there is and option in the phones menu to disable your ID.
I guess us silly british are just not as good at finding ways to extract money from people since all these services are free.
1) Payment by paypal only (no problem for me)
2) Service then lets you log in, but it's not secure (no encryption, wth!) so choose a temp password that you wouldn't mind someone stealing
3) You enter the "target" number, your number then 10 digit caller ID string
4) As soon as you hit submit, it does call you, calls the other number and bridge them together.
5) But!! The caller ID string does not work. I've tested this with several land line phones, cell phones, etc. I always show up as "unknown".
Conclusion:
Allows bridge calls but does not produce the caller ID string you put in. So this service is a bust in my opinion.
Case closed
I just went through the steps and called my buddy. The conversation went like this:
:)
My Confused Friend: "Hello?"
Me: (in disguised voice) "Do you know who this is?"
My Confused Friend: "Umm... no. Who IS this?"
Me: "Can't you tell from the number in your caller ID?"
My Confused Friend: "987-654-3210? What the..."
Me: "Muahahahahahah..." (I tell him who it really is)
I got a call to from the same number. Please don't DDOS it yet... I want to make use of my $5.00 and have some more fun!
As soon as the FBI can't track down a terrorist due to bad or missing info, or a company can't sue to recover $billions due to bad or missing info, the telco's going to have a black eye.
THAT is what will make the telcos take notice.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I told you so, but did anyone listen? Thanks to yet another spoofing technology, every telemarketer is going to exploit it!!! BOYCOTT DNC NOW!!!
With call screening, you can set it up to ignore the CID and they are asked, every time, for their name. This is recorded and your extension is dialed. You answer and it tells you that someone introducing themselves as: wants to talk to you, and you can either talk to them immediately, send them to voice mail, or give them one of two sendoffs before it hangs up on them. (One slow and tortuous, the other quick and polite).
While they wait, they are serenaded with whatever Music on Hold you want to subject them to. If you want to use CID, you can database your decision, and it will be used in the future to decide how to handle the call. You can even store the recorded introductions they provide, and use them on a PA if you so desire.
CID can be fun to play with, but if its non-reliability goes over some threshold of pain, you can drop it and still avoid picking up the phone for callers whose voice you don't recognize.
These fixes have been submitted to the bugzilla database, and will most likely be included in Asterisk when the voice prompts are done in the same voice as all the others.
SO, I guess you could say that if Asterisk is being used to provide CID spoofing, it can also be used to thwart the anonymous caller!
Dogs look up to men; cats look down on men; But Pigs! Pigs can look men square in the eye. -Churchill
But their page never threw any errors if you didn't put the right stuff in...it turns out you can't set CID name, only the 10-digit number. They've now added some text to their page to that effect, and the service does indeed work.
'nuff said...
http://shit.slashdot.org/article.pl?sid=04/10/28/1 450205
Why isn't the department of homeland security questioning this instead of the stupid rubik's cube thing?
In addition, we used to have a salesperson who wanted his outgoing CID info from inside the office to be his cellphone CID since he was out of the office so much.
If you didn't let me do this, I'd drop you in a heartbeat. There are legitimate reasons to change your CID.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent