Slashdot Mirror

← Back to Stories (view on slashdot.org)

Caller ID Spoofing Becomes Easy

Posted by ryuzaki0 on from the clue-phone-ringing dept.

objekt writes "According to an article in USA Today, Caller ID spoofing has become much easier in the last few years. Millions of people have Internet telephone equipment that can be set to make any number appear on a Caller ID system. And several websites have sprung up to provide Caller ID spoofing services, eliminating the need for any special hardware. For instance, Spoofcard.com sells a virtual 'calling card' for $10 that provides 60 minutes of talk time. The user dials a toll-free number, then keys in the destination number and the Caller ID number to display. The service also provides optional voice scrambling, to make the caller sound like someone of the opposite sex."

22 of 168 comments (clear)

  1. It's not a dupe by jd · · Score: 4, Funny

    The original article is testing out the spoofing services.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  2. Whatsa matter? by PatTheGreat · · Score: 2, Insightful

    What's the major concern over ID spoofing? That people are going to be calling their friends, pretending to be from the White House (The number, by the way, is 202.456.1414)? I think spoofing is cool, but I don't think it's gonna have major impact on anything. When was the last time someone used caller ID as a end-all form of identification?

    --
    Google: "All your data are belong to us."
    1. Re:Whatsa matter? by Anonymous Coward · · Score: 4, Interesting

      During a pen-test to social engineer a user into changing her proxy setting to a server that we "owned". While caller ID spoofing might not fool you, the "masses" actually do use it as a forum of "authenication". For example, we called as a major telco representive claiming that we had reports of "slow Internet traffic" from there site. The caller ID spoofing was enough to fool the employ to do pretty much anything we asked.

      Many, many people believe spoofing is a valid forum of "making sure".

    2. Re:Whatsa matter? by JRock911 · · Score: 2, Interesting

      Junk faxing, for one thing. I get junk faxes CONSTANTLY and you can never, EVER trace the numbers back to a real number.

      Basically it allows the unscrupulous telemarketers an out.. they can't be traced! The fax doesnt have anyone's name on it, the company who their promoting "claims" to never have heard of them... all the while they're getting paid.

  3. Caller ID for Caller ID blocking for Caller ID by spyrochaete · · Score: 2, Interesting

    What really annoys me is that you can subscribe to caller ID and some numbers still appear as "withheld". It's no surprise that you can pay more to upgrade your caller ID to see those numbers. In Canada anyway. False advertising much?

    BTW there was an issue of 2600 with a great CID\ANI spoofing article. I think it was winter 2004.

    1. Re:Caller ID for Caller ID blocking for Caller ID by Cidtek · · Score: 2, Interesting
      "What really annoys me is that you can subscribe to caller ID and some numbers still appear as "withheld". It's no surprise that you can pay more to upgrade your caller ID to see those numbers. In Canada anyway."

      As a Canadian who write telephony software for a living I can assure you that it is not true.

  4. Not really... by 222 · · Score: 2, Interesting

    Anyone that manages a VoIP setup can fool simple caller ID, I'll be impressed with something that can fool ANI.

    More information about CLI @ http://www.ainslie.org.uk/callerid/cli_faq.htm

    1. Re:Not really... by BlakeOPS · · Score: 2, Informative

      ANI is a generic industry term. To be more specific, the "holy grail" of spoofing is the Charge Number field (in the SS7 IAM), which Greyarea explains how to do here: http://www.dailyphreak.com/2005/12/25/spoofing-cha rge-number/

    2. Re:Not really... by AlterTick · · Score: 2, Informative
      Actually, weren't ISDN customers fooling ANI in the past, because the service essentially jacks your circuit directly in to the telco switch? I seem to recall people spoofing caller ID info by feeding false ANI data through one of the carrier "D" channels on ISDN?

      No, ANI and CID exist totally separate from one another. ANI is keyed directly to your circuit ID and is utterly beyond your reach there at the end of the pipe, be it POTS, ISDN, T1, or whatever. ANI is used for billing, and is basis for what law enforcement gets when they ask for call info. CID, though, is nothing more than a a consumer product. If you have a T1 channel bank, you can essentially define your caller ID name and number at will, as it originates from the channel bank.

      --
      Conclusion: the Empire squashes the Federation like a bug. Accept it.
    3. Re:Not really... by nuckfuts · · Score: 2, Informative

      ... I'll be impressed with something that can fool ANI.

      As is discussed here.

    4. Re:Not really... by karnal · · Score: 2, Funny

      I called a co-worker from our Cisco system - with his home phone number.

      "WHO IS THIS?"

      "Your wife is pretty...."

      lol...

      --
      Karnal
  5. CNBC is running a story on this by cyberguyd · · Score: 2, Interesting

    CNBC's "On the Money" is reporting on this right now. A Colorado congressman will be introducing a bill to make this illegal. Hopefull it do so. I canned my landline a year ago and I get no BS calls on my cell phone. My life has become more peaceful and this does not affect me right now. This may change, I am sure as more people do this. Hwever, for the time being I am ok.

    Incidently, "On the Money" broke the story about the cell phone records for sale on the net. They did not drop the story until Congress took action. Kudos to them. Hopefully they do this on this topic as well.

  6. This might lower the value of caller ID... by Yellow+Crane · · Score: 2, Insightful

    I don't have caller ID, but I have a friend who does and loves it -- it is even set to display on the TVs, so they know if they want to pause TV/Movie "X" and answer the phone. They also don't answer an unidentified caller very often, which nixes most calls from phone sales comapanies -- and I would be willing to wager a few $$ that these companies would be more than willing to use the technology to get you to answer the phone. Same goes for people attempting to defraud the elderly and disabled.

    However, if you could get the caller ID to display dirty messages and lewd jokes w/ punchlines, that would rock!

    --

    "First they ignore you, then they laugh at you, then they fight you, then you win."

    -Gandhi

  7. Opposite sex by Nybble's+Byte · · Score: 3, Funny

    The service also provides optional voice scrambling, to make the caller sound like someone of the opposite sex.

    And may I ask why this would be of interest to Slashdotters?

    Oops, gotta go, my girlfriend's calling.

  8. Spoof away - I still screen my calls, do you? by inertialmatrix · · Score: 3, Interesting

    Is it just me, or do others also prefer to not answer the phone and opt instead to have the answering machine pick up in order to screen calls? I became so sick of getting multiple telemarketing calls between the hours of 5-10pm that I decided to just turn the ringer on its lowest volume setting, and let the machine answer.

    I know it may seem a bit obnoxious, but I am the one paying the bill and it would seem to me that the phone is for my convience, not someone elses.

    1. Re:Spoof away - I still screen my calls, do you? by deacon · · Score: 2, Interesting
      The new scam now is people calling doing "surveys".

      These are immune from calling list rules. In any case, I am amazed you spent 6 months of agro to solve a problem you could have solved for $100 with this:

      http://www.privacycorps.com/products/?id=20

      What's it worth not to have to go over and look at the caller ID, or getting a call in the middle of the night and having it be a farking fax machine?

      This device lets you program an action for each phone number. Perhaps the coolest thing is that you can program a number to not ring the phone AND also not go to the answering machine.. it just rings (silently) forever.. useful for those people who you don't want to hear from for any reason.

      And yes, there is a 2 digit code a caller can punch in to make the device ring when they call from a non-included phone #.

      Sorry this sounds like an ad, but considering the mac mini people are always writing ads masquerading as content, what the hell.

  9. Just the obvious reasons by TubeSteak · · Score: 2, Informative

    Banks and cell phone companies, in particular, will insist you call from the phone number 'known' to be associated with your address.

    Banks... need I explain?
    Cell phone companies... how much easier could it be to get someone's records?

    While many companies don't use the phone number as an "end-all form of identification," unfortunately, too many of them use it as a first line of ID.

    --
    [Fuck Beta]
    o0t!
  10. its not about friends by nurb432 · · Score: 2, Insightful

    its about people causing trouble for others, to hide their identiy. Such as a exspouse that has a restraining order, or scam artists " we are with the police, see even our caller ID says so".

    People screwing with their friends isnt a reason to even care i agree.

    --
    ---- Booth was a patriot ----
  11. OLD NEWS by cuebei · · Score: 2, Interesting

    Dude, this has been available for years. Any ISDN PRI has this ability built in. In fact, most phone systems on the market include the ability to modify the calling partys number on a per extention basis, if connected to an ISDN PRI. The best part, is that you only have to spoof the number. If the receiver subscribes to callerid with name lookup, it will automatically lookup the name for the number I put in.

  12. Enjoy It While You Can by Anonymous Coward · · Score: 2, Funny

    I just installed a PRI card in a PBX at work. The outbound caller ID was hosed at first and lots of stuff was broke because traditional phone systems ... whatever, you always mod me 0 anyway

  13. This is disappointing by sgent · · Score: 2, Insightful

    I hope the publicity doesn't curtial legitimate uses.

    For instance, more than a few doctor's offices use caller ID spoofing to have call centers call patients to confirm / remind appointments.

    These calls are legitmate, authorized in writing by patients, and spoofing is an integral part of doing the service. Patients tend to answer West Main Clinic (who is responsible for hiring the contractor), rather than ABC Call Services. Also, calling ABC Call Services to reschedule is usless as they can't make/change appointments.

  14. Re:SS7 and Telco sanitising of CIDs? by smellystudent · · Score: 2, Informative

    That's certainly the way it works in the UK - while I can program any CID I like into the PBX, if it doesn't match one of the numbers the line provider has for me, it doesn't get transmitted.

    Businesses who legitimately want to send a different number to the number of the line can request it, but you have to own both numbers.

    --
    Predictive text is shiv!