Slashdot Mirror

← Back to Stories (view on slashdot.org)

Caller ID Spoofing for the Masses

Posted by michael on from the e.t.-phone-home dept.

lolly72 writes "SecurityFocus has a story on a new U.S. website offering a caller I.D. falsification service. It's called Camophone. It's being advertised in Google ads that appear with search results for Star38.com, which was the the last service to try and make money off caller I.D. hacking. But unlike Star38.com, Camophone isn't limited to collection agencies and private investigators, and it doesn't cost $125 to sign up. Anyone with a PayPal account can use it, and at five cents a minute, probably will. Who do you want to fake out today?"

19 of 286 comments (clear)

  1. Somebody will figure it out by erick99 · · Score: 5, Insightful
    I am assuming that someone will figure out who the owner(s) of this company is/are. PayPal would have some information but even that could be mostly false accept for an actual checking account number. Would a law enforecement agency be able to track down the owners?

    I am not a proponent of bigger government but I think that this is something that should be made illegal. Communication is too important to our society. It's one thing to block your I.D., it's a whole 'nother thing to falsify it.

    It is most likely a mistake for them to boast of their annonymity. Someone will figure out who they are and I am betting that more than intrepid hacker will take down Camophone's website repeatedly.

    We should keep track of this one for a while, it should get real interesting.

    --
    http://www.busyweather.com/
    1. Re:Somebody will figure it out by jessecurry · · Score: 2, Insightful

      We really shouldn't be relying on a service that is so easily spoofable anyways.
      It has always been pretty easy to do this from a PBX, now it's just open to the masses.

      --
      Those who know, do not speak. Those who speak, do not know. ~Lao Tzu
    2. Re:Somebody will figure it out by jellomizer · · Score: 2, Insightful

      Good point. Saying I dont want to be track with caller ID is one thing. But giving a false record is open to a lot more abuse. Call some one up threaton then with someone elses number. So that other person will get in trouble. Telemarketers hiding altering their IDs so the call you and not be tracked via their telephone #. This is not a good thing. Being anonymous is different. The person who sees anonymous can make an informed decision to pick up the phone or not. But if the number is altered say their bests friends number but it is a telemarketer then they will pick up the form thinking it is their fried calling.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    3. Re:Somebody will figure it out by erick99 · · Score: 3, Insightful

      Your right to annonymity does not require that you provide a false identity. Then your rights would trample on the rights of the person or entity of whose ID you have stolen.

      --
      http://www.busyweather.com/
    4. Re:Somebody will figure it out by Anonymous Coward · · Score: 3, Insightful

      You do NOT have a right to anonymity when you call me on the phone that I pay for.

      Otherwise, I agree with your statement. Providing false information does trample on my rights.

    5. Re:Somebody will figure it out by Anonymous Coward · · Score: 1, Insightful

      Your right to annonymity does not require that you provide a false identity.

      But your right to free speech does require that you have the right to lie.

      If you happen to use that right to lie to commit fraud in the course of business, then you'll go to jail. But that's far from the only potential use of this service.

    6. Re:Somebody will figure it out by R.Caley · · Score: 2, Insightful
      It has always been pretty easy to do this from a PBX, now it's just open to the masses.

      What amazes, and pleases, me is that so many of the people I don't want to answer the phone for withhold their number. If they gave the real number I might answer, but if they withhold it I don't (at least not outside office hours).

      --
      _O_
      .|<       The named which can be named is not the true named
    7. Re:Somebody will figure it out by abulafia · · Score: 4, Insightful
      Furthermore, for my part I'm sick of everything anyone does, anymore, being classified as "speech."

      A lot of people seem to feel that way, which is why the constitution is in tatters.

      One of the prices of freedom is that other people get to have it, too.

      --
      I forget what 8 was for.
    8. Re:Somebody will figure it out by EvilAlien · · Score: 2, Insightful
      PayPal would have some information but even that could be mostly false accept for an actual checking account number. Would a law enforecement agency be able to track down the owners?
      Sure... a bank account number is a grrreat piece of evidence. They have to access the funds somehow, either electronically so it can be transfered or applied as a bill payment to something, or physically get access. Those provide all sorts of great opportunities to track down the bastards ;)

      That evil DMCA thing might be all that is needed to get the investigation and disclosure of information happening, too... good times, good times.

      --
      perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
    9. Re:Somebody will figure it out by bleifuss · · Score: 2, Insightful

      ...the constitution, be it implicitly, grants me the right to annonymity. You're up in the night! Show me where in the Bill of Rights or in an Amendment there is anything about a right to anonynimity. I've never even heard of that concept. This problem with this service is not that it provides anonynimty. Individuals can still ask to not have their number and name transmitted when they make a call. My mother does that. There is your "right to anonynimty". This service provides a means of fasification. Just think of the Phising potential with such a service. I think it would most definitely be overthrown by the courts. They supported the do not call list. I imagine they will support any litigation against this as well.

  2. Oh no! by mconeone · · Score: 5, Insightful

    Now we will have scammers blackmailing businesses with the threat of sending falsified phone calls to the general public.

  3. Re:do this for free by exhilaration · · Score: 4, Insightful

    You can do this with just about any PBX. And they'll never remove this feature because call centers make heavy use of it.

  4. Glad by alatesystems · · Score: 5, Insightful

    I'm glad this happened. I am so sick of people using Caller ID as an authentication mechanism. It has been so easy to spoof if you had connections before and is even moreso now.

    My cell phone doesn't even require a password to get to my voicemail because it uses caller id. Every credit card I've activated required me to call from my home number, verifying it with caller id. When I order pizzas, they verify I am who I say I am with caller id.

    It is ridiculous and is worthless as an authentication mechanism. Its only use is a convienience, to decide if you want to answer the phone. Lesson: don't rack up bills you can't pay :)

    Anyway, it's always nice to have another way to screw with your friends' minds.

  5. OpenVoIP by Doc+Ruby · · Score: 2, Insightful

    These services are the harbinger of a dazzling array of VoIP services just over the horizon. Today's telcos need millions of customers to want any given feature before it's worth their while to roll it out, because of their monolithic architecture. While a VoIP service can be plugged into the VoIP pipeline by a startup, putting their feature server on the Neb, and accepting connections through open, standard protocols. Anonymizing or spoofing are just the kind of TCP/IP services we'll see. And since the infrastructure is much cheaper, and more competition can get started globally, the prices for niche features will be much lower than the rates for voice provisioning itself.

    --

    --
    make install -not war

  6. Lack of traceability is the problem. by gtrubetskoy · · Score: 2, Insightful

    The ISP community has long had Acceptable Use Policies which forbid certain things (such as sending out spam). This is because when I get spam, I can fairly easily identify where it came from with the help of traceroute and whois, and its in the interest of the ISP not to have problem customers.

    Unfortunately there is no way for me to trace the provider behind that sales call with the caller-id of my mother's phone, short of obtaining a court order. Thus, there is no incentive whatsoever for the phone companies to enforce caller-id. If phone providers provided the ability to trace the call (hopefully voluntarily, or even by law), this would not be an issue.

    Traceability is what we need, that's all. Caller-id faking should be legal. But more likely what will happen is the lawmakers will make caller-id spoofing punishable by death and declare this a non-issue.

  7. The ultimate Joe-Job by davidwr · · Score: 3, Insightful

    "Hi, this is the Big Name Legitimate Charity, we're raising money to promote the glorious teachings of Adolf Hitler. Would you care to make a donation [click] hello? hello?"

    Word spreads, and Big Name Legitmate Charity's contributions dry up.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  8. Re:A horrible idea, real experience... by Lumpy · · Score: 5, Insightful

    I'll add some tips for guys looking down the double barrel gun of divorce.

    #1 - never EVER meet her without a witness. period. No excuses, nada...

    #2 - get a telephone recording device and install it. RECORD EVERY phone call. get in the habit of saying first thing. I am recording this.... if your state requires it, in michigan only one person in the conversation has to know it... you.

    #3 - at the first sign of things going wrong, get a GOOD lawyer, one that is specific to helping men in divorce, or the best lawyer in town. This is the best thing to do. Do not give her any money, have it go through the lawyers only and only if ordered to by a judge or advise to by the lawyers.. why do you want to finance her fight against you? you need an audit trail. I went the expensive route hiring the best lawyer in town... I ran and controlled the divorce. Secondly, if you file for it first, you are in the drivers seat.... beat her to the punch.

    #4 - document everything... absolutely everything. keep a logbook and write down everything that happen's and everything you notice.

    Finally, if you are going to hide assets, dont. if you did not liquidate things the second you thought things were getting a little wierd and before she/you left then you are breaking the law... The judge will fry your ass hard if you try to hide assets.

    Lastly you need to keep your nose clean. be perfect for the next year as things progress. act like you are being watched, (you might be) followed, (you might be) or recorded (you probably are). DO NOT be vengeful. this is the time to be the mature adult... if friends offer to do things tell them loudly "NO! are you crazy!" having them replace her taillights with burned out bulbs when she goes to the bar, let's air out of tires, puts a I hate F**king cops bumpersticker on her car and other things is a very bad idea. do not be a part of it and do NOT be connected to it.

    Finally prank calls using this spoofing service is also stupid. it is not worth it to lose over something stupid.

    I'll probably get modded offtopic, but if I can help a fellow guy from getting screwed hard by his soon-to-be ex.... then the points are certianly worth it.

    --
    Do not look at laser with remaining good eye.
  9. Re:do this for free by Your_Mom · · Score: 2, Insightful

    I would HOPE that creditcard activation systems use ANI, not CID.

    No, they usually don't. They usually use the CPN (Calling Party Number), which is not /supposed/ to be able set by the end user, but can be in certain circumstances with certain VoIP providers.

    Like you said, ANI is the Telco's billing number, it is just usually the same number at yours.

    --
    Objects in the blog are closer then they ap
  10. Re:PayPal by multipartmixed · · Score: 2, Insightful

    I don't know about you, but I'd *way* rather give a potentially crooked company five bucks via PayPal, instead of my credit card number.

    --

    Do daemons dream of electric sleep()?