Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Security

Caller ID Falsification Service 639

Posted by CmdrTaco
from the oh-this-is-just-scary dept.
Dan writes " A US website will offer Caller ID falsification service...Slated for launch this week, Star38.com would offer subscribers a simple Web interface to a Caller ID spoofing system that lets them appear to be calling from any number they choose. [...] SecurityFocus took the site for a test drive, and found it worked as advertised. The user fills out a simple Web form with his phone number, the number he wants to call, and the number he wants to appear to be calling from. Within two seconds, the system rings back, and patches the user through to the destination. The recipient sees only the spoofed number displayed on Caller ID. Any number works, from nonsense phone numbers like "123 4567" to the number for the White House switchboard."
This discussion has been archived. No new comments can be posted.

Caller ID Falsification Service

Comments Filter:
  • by romper (47937) * on Monday August 30, 2004 @12:00PM (#10109809)
    "Mr. President, you have a call from the Pope."
    • Haha....reminds me of family guy....

      [peter] Free Tibet? I will take it! (at a protest)

      *runs to a pay phone*

      [peter] Hello China? I think I have something you want...but its going to cost you

      [peter] Yes...ALL of the tea.

    • by MikeMacK (788889) on Monday August 30, 2004 @12:25PM (#10110107)
      "Mr. President, you have a call from the Pope."

      "Well tell him I already talked to God..."

    • by mr100percent (57156) * on Monday August 30, 2004 @12:31PM (#10110171) Homepage Journal
      Steve Wozniak, co-creator of Apple and maker of the Blue Box, did prank call the Vatican one time [metromac.org] with his invention.
      "During one demonstration, Wozniak called the Vatican posing as Secretary of State Henry Kissinger and asked to speak to Pope Paul VI. Informed that the pope was sleeping but would be awakened, Wozniak lost his nerve and hung up."

    • by bugnuts (94678) on Monday August 30, 2004 @12:46PM (#10110302) Journal
      "Oh, uh... do we have someone that can translate Vatican?"
    • by FrankHaynes (467244) on Monday August 30, 2004 @12:47PM (#10110313)
      The telemarketing scumbags have been masking their identities for quite some time without this 'service' so I am just finishing yawning over the article, which has a few inaccuracies that I correct below.

      The ICLID (Individual Caller ID) field is separate from the ANI field in the SS7 message. Depending on your tariffs you might or might not be able to stuff the ANI field; you almost always can stuff the ICLID field with whatever nummer you want.

      What the other end displays is not always consistent across the various operating companies and carriers, so don't go strutting around like you've pulled the wool over everyone's eyes just yet.

      Further, the name lookup that you see on your display is performed by the terminating switch (serving you), so you can't spoof that. Of course, if you spoof John Q. Smith's nummer it will usually show his name, unless he is not a subscriber of your local tephone cumpny; in that case you get nuttin and like it. Even that is subject to variations due to interexchange agreements.

      All in all, this service does not meet the technical neatness test, can't overcome the stupidity and ineptness of the various carriers, and is just a jolly good way for somebody to make some extra bucks. It's probably easier just to go down to 7-11 and use their coin box and get it over with.

      Have fun!

      • > The telemarketing scumbags have been masking their identities for quite some time without this 'service' so I am just finishing yawning over the article, which has a few inaccuracies that I correct below.

        There is a HUGE difference between hiding your number and displaying a number of choice. In many cases I will not answer calls when the number is hidden, I will usually take calls from 'known' numbers no matter what.

        > The ICLID (Individual Caller ID) field is separate from the ANI field in the SS7 message. Depending on your tariffs you might or might not be able to stuff the ANI field; you almost always can stuff the ICLID field with whatever nummer you want.

        So you get a decent contract and stuff both.

        > What the other end displays is not always consistent across the various operating companies and carriers, so don't go strutting around like you've pulled the wool over everyone's eyes just yet.

        Given that you do use both ICLID and ANI, you can change what the remote side will display, and as a result can fake the caller id as displayed by that side.

        > Further, the name lookup that you see on your display is performed by the terminating switch (serving you), so you can't spoof that.

        In most cases (maybe not in the USA, but that is really only like 5% of the world) this service is performed by your local TELEPHONE using its internal addressbook, not by the local exchange.

        > Of course, if you spoof John Q. Smith's nummer it will usually show his name, unless he is not a subscriber of your local tephone cumpny; in that case you get nuttin and like it. Even that is subject to variations due to interexchange agreements.

        It can do a couple of things:
        - display nothing (or unknown, unpublished, withheld)
        - display the number with country/state/area numbers stripped off
        - display the number including area code but without state and country code
        - any variation on the above.

        It indeed won't display a name if it has no directory for looking it up (DUH)
  • Social Engineering (Score:5, Insightful)

    by mfh (56) on Monday August 30, 2004 @12:00PM (#10109810) Homepage Journal
    "The recipient sees only the spoofed number displayed on Caller ID. Any number works, from nonsense phone numbers like "123 4567" to the number for the White House switchboard."

    I think that the people who are going to profit from this the most will be guys like Howard Stern [howardstern.com] (if he's still on the air). He'll ring up anyone he wants and pretend to be working for some fake government agency while the nimrods on the line will be in fear if they have caller id. Oh the laughs... until the FCC has their way with Stern and shut him down.

    How many kids are going to get into serious trouble with this service?

    Let's not even start talking about all the wonderful social engineering that can now be performed with this great service. "This is Bill Gates. I forgot my password. Give it to me."

    So all ye lawyers, would the owners of Star38.com be in the doghouse for this service when the masses start using it as a launchpad for social engineering? I'm thinking, hell yes (but IANAL).
    • by Soporific (595477) on Monday August 30, 2004 @12:06PM (#10109880)
      It's illegal for Stern to do that. He's not even allowed to make phony phone calls on the show at least according to him. If someone else does it and sends it to him it's okay to play but he can't originate them. Don't ask me why because I don't know.

      ~S
    • by Anonymous Coward on Monday August 30, 2004 @12:06PM (#10109884)
      Any good security policy would include callbacks to ensure the person you're talking to is actually within your organization.

      "Alright Mr. Gates, let me call you back at your number and help you with your password."
    • by blackmonday (607916) on Monday August 30, 2004 @12:07PM (#10109893) Homepage
      Howard doesn't call anyone - thats some guy named Captain Janks, and certaintly doesn't need this, he does just fine already.

      Although the calls are funny - he actually provides a useful service to all of us - he shows how easy it is for a complete phoney to get through on the news. The media gets into such a major rush to be first on everything that they put him right on the air and give him the chance to say "Howard Stern's balls" or something like that. The scary part is, who's doing this and doesn't let in on the joke? We can never know for sure. Don't trust those people who call in during news broadcasts!

    • by Black Parrot (19622) on Monday August 30, 2004 @12:49PM (#10110333)


      > Let's not even start talking about all the wonderful social engineering that can now be performed with this great service. "This is Bill Gates. I forgot my password. Give it to me."

      It's probably a front for an FBI sting operation, an invitation for stupid criminals to use them as a middle-man in their crimes.

  • by garcia (6573) * on Monday August 30, 2004 @12:00PM (#10109811)
    Star38.com claims it will screen subscribers, and initially make the service available only to licensed private investigators and collection agencies. Jepson and his partners believe that collection agencies in particular will find the service invaluable for getting recalcitrant debtors to answer the phone.

    Debt collection agencies already mask their online and phone identities pretty well. Using common telephone setups (before the big Asterik "save the children" bullshit) they just appeared as whatever they wanted. In fact their web-presence is generally unknown and they even mask their hostnames to the rest of the world with benign addresses like mta-mailserver.alliedfinancial.com (this is a recreation of an actual NAT host used by a collection agency).

    Private Investigators should opt for paying the phone company to offer them a similar service (or better yet don't call from your business phone).

    If they are really allowing ANY number it isn't going to make it very far out of the "hype-stages". Think of what this could do to our children and what could happen in the hands of the terrorists!

    CallerID: "J. KERRY CAMP. OFF. HQ"
    Caller: "Hi, I'm calling you to vote for John Kerry via absentee ballot."
    John_Overseas: "Ok. Count me in. Down with Bush!"
    Caller: "Done. Thanks for helping Bu...I mean...Kerry win!"

    Caller: "Another close one Dubya."
    • by JimBobJoe (2758) <swiftheart AT gmail DOT com> on Monday August 30, 2004 @12:09PM (#10109915)
      Debt collection agencies already mask their online and phone identities pretty well.

      True...it's ok for a debt collection agency to call you with no caller ID identity, or their real caller ID identity. Though I am not an attorney, and I don't even play one on television*, the attorney's comments at the end of the article saying that the practice of making up a fake caller ID identity would violate the fair debt practices collection act seem right on. (If you're hounded by creditors, you have a surprisingly large amount of rights, including the ability to tell them to just stop contacting you.)

      *I am however an actor and I could play one on television.
      • by garcia (6573) * on Monday August 30, 2004 @12:14PM (#10109994)
        Though I am not an attorney, and I don't even play one on television*, the attorney's comments at the end of the article saying that the practice of making up a fake caller ID identity would violate the fair debt practices collection act seem right on. (If you're hounded by creditors, you have a surprisingly large amount of rights, including the ability to tell them to just stop contacting you.)

        I have, thankfully, never been hounded by debt collectors but I know someone who does do it for a living. Telling them not to call YOU doesn't mean that they stop. They call your friends, your family, your boss, your co-workers, your babysitters, anyone...

        As far as what comes up on Caller ID. His shows up UNKNOWN, ALLIED GROUP (name changed to protect the guilty/innocent), or PRIVATE. I suppose if you knew it was them you could just ignore it and they would just keep calling everyone you know under the sun...

        Honestly, if they were calling MY boss daily about having me pay up I'd think twice about letting the answering machine pick that up.
        • by SomeoneGotMyNick (200685) on Monday August 30, 2004 @12:33PM (#10110194) Journal
          Telling them not to call YOU doesn't mean that they stop. They call your friends, your family, your boss, your co-workers, your babysitters, anyone...

          I'm pretty sure Friends/Family/Bosses enjoy the same privileges, by law, of telling someone else's creditors where to stick it ^H^H^H^H to not call anymore.

          That's why I'm in the IT profession. As all my positions get outsourced, I'm never in the same job long enough. If I ever get behind in the bills, I guess they can call my old boss, because I don't bend over backwards telling creditors where I'm working now. Unless, I feel I need a new loan.

        • by damiangerous (218679) <1ndt7174ekq80001@sneakemail.com> on Monday August 30, 2004 @12:46PM (#10110300)
          I have, thankfully, never been hounded by debt collectors but I know someone who does do it for a living. Telling them not to call YOU doesn't mean that they stop. They call your friends, your family, your boss, your co-workers, your babysitters, anyone...

          Then your friend is violating the law and is one of those scumbag debt collectors who fancies himself sort of of skip tracer or PI.

          The Fair Debt Collection Practices Act, Section 805, part B:

          (b) COMMUNICATION WITH THIRD PARTIES. Except as provided in section 804, without the prior consent of the consumer given directly to the debt collector, or the express permission of a court of competent jurisdiction, or as reasonably necessary to effectuate a postjudgment judicial remedy,
          a debt collector may not communicate, in connection with the collection of any debt, with any person other than a consumer, his attorney, a consumer reporting agency if otherwise permitted by law, the creditor, the attorney of the creditor, or the attorney of the debt collector.

          They can call your acquaintances to find you, but they cannot communicate why they're looking for you and they cannot keep doing so once they have made contact with you. Section 805, Part C says that debt collectors must cease contact with you if you tell them to, at the point they must do so and from then on can only contact you to tell you they're taking some sort of legal remedy (like suing you).

          Oh yeah, and if by "Allied Group" you mean "Allied Interstate" I see why your 'friend' is such a scumbag. Look them up on Google and you'll find story after story of innocent people hounded by these pricks because they're too fucking incompetent and aggressive to do their job properly. Minnesota, for one, has taken legal action against them for their unlawful operations.

        • by clifyt (11768) <sonikmatter&gmail,com> on Monday August 30, 2004 @01:04PM (#10110483) Homepage
          "Telling them not to call YOU doesn't mean that they stop. They call your friends, your family, your boss, your co-workers, your babysitters, anyone..."

          Yup...I had credit problems about 10 years back as a young 20 something with too many credit cards and not enough selfwill and no friends willing to kick me in the ass. I've since taken personal finance classes and had a stint dealing with credit councling and kept my record clean since then...

          BUT in my quest to get out of the debt that was actually impossible to do on my own (when the vampires move you to 26% interest, and then move your bill to a irregular schedule where you have 7 days from the time its mailed to pay or you will be considered late with a $30 late fee, and BTW we just lowered your credit, so you are now over the limit and thats another $30 over the limit fee and a few months later, your original $1000 in credit card fees is now $3500 without charging anything -- I'd consider that impossible to get out of).

          But during my time in debt, I had asked these guys to never contact me again -- in writting -- and asked them to take up the debt with my credit councellors or my attorney (who is a friend and I trade work for services with).

          So what happens, they legally have to stop contacting me -- but they threatened to sue both my parents living in seperate states, even though they weren't connected to me financially -- but it was noted one of my bank accounts from when I was under 18 had their sigs on it ($15 in there that I didn't know about), and then they started calling the neighbors. My two neighbors on both sides of me claimed that a credit agency was calling to see if they had any information on me they could share, but 'legally' they couldn't give them any information about what they were contacting them for other than they were with "You Skipped Town And Owe Us Credit Recovery Corporation" (it was actually something sleezy like that). They did this with my employeers as well, but the human resources department didn't give a fuck (they actually called to let me know and said they had forms I could fill out if they wanted the company not to call at work). I don't think they broke any laws, but they were in plenty of grey areas.

          So, and noting this is off topic with the article but very on topic to the parent post, if you feel like telling them to stop contacting you, do so. But do it at your own risk. Its better just to get into a program to pay the stuff off and do it as soon as you can...just don't get into one owned by the same corps (like CCC).
    • by Felinoid (16872) on Monday August 30, 2004 @12:12PM (#10109973) Homepage Journal
      Reminds me of the day when I receaved a bill for $100 for a mag subscription to a sports mag I never wanted.
      (Not a sports fan)

      They identified themselfs and I contacted a laywer who was apparently handling a class action lawsute against thies people (not the dept colection agentcy but the people they were colecting for) for fraud.

      Dept colection agentcys should not be alowed to hide who they are (or who they work for) for this reason.
      • by Anonymous Coward on Monday August 30, 2004 @12:21PM (#10110061)
        Dear god, BUY A DICTIONARY!!!
      • by stratjakt (596332) on Monday August 30, 2004 @12:36PM (#10110225) Journal
        Debt collection agencies cant (in the US) hide who they are. They can't hide the purposes for which they call you. Ie; every call you get starts with "any information collected is for the purpose of collecting a debt..."

        They can't call you on Sunday, they can't call you at work or after 6PM (IIRC), without your explicit permission.

        There's very little a debt agency can do. They have no power, and they can't make you pay. They can only remind you that you owe. They like to sound official and intimidating, because they want to scare you into paying up, and paying all the ridiculous late fees and stuff they assess.

        The only way they can make you do anything is through the courts. Once things get that far, you can cut a deal, like paying off the debt but dropping the late fees etc. Because then they compare the late fees to legal fees. Note that by this point your credit report is already boned so you aren't hurting yourself by not bending over for the thugs.
        • by Alioth (221270) <no@spam> on Monday August 30, 2004 @01:04PM (#10110481) Journal
          Well, they DO call after 6pm. A friend of mine got in debt trouble after his son crashed his motorcycle (without wearing a helmet I may add) and suffered serious brain damage. All the stuff he had on credit became secondary to paying medical bills.

          They called him at 11pm, 1am etc. He changed his phone number. So they called his family and found his new phone number and started again. Someone who can't even pay off their debts probably can't pay a lawyer to stop the harrassment.
    • Good God... (Score:3, Interesting)

      by TruthDefender (808342)
      Debt collection agencies already mask their online and phone identities pretty well. Using common telephone setups (before the big Asterik "save the children" bullshit) they just appeared as whatever they wanted. In fact their web-presence is generally unknown and they even mask their hostnames to the rest of the world with benign addresses like mta-mailserver.alliedfinancial.com (this is a recreation of an actual NAT host used by a collection agency).

      My state has laws saying if you tell a creditor to sto

    • by jdreed1024 (443938) on Monday August 30, 2004 @12:22PM (#10110076)
      Jepson and his partners believe that collection agencies in particular will find the service invaluable for getting recalcitrant debtors to answer the phone.

      They should do their research. There are very strict laws about debt collectors calling. They cannot contact you outside 8AM-9PM, for example. If they call you, they are legally required to provide a mailing address if you ask, and if you send them a letter requesting no further contact, it is illegal for them to continue to contact you (except one call saying they received the letter). They can still sue your ass in court, and you can get served with papers, etc, but the debt collector themselves cannot contact you. Additionally, if you have an attorney, they must call the attorney, not you.

      Most importantly, they are also prohibited from misrepresenting themselves. I'd say falsified caller id falls pretty clearly under misrepresenting. (They can block caller-id, that's fine, but they can't say they're Joe's Pizza, for example). I sincerely hope these guys get sued into oblivion for encouraging slimy debt collection processes. It's not clear the service itself is illegal, but debt collectors using it to identify themselves as someone else very clearly is. I predict some attorney general is going to have a field day with this. I plan to write to mine about it.

      More info: http://www.ftc.gov/bcp/conline/pubs/credit/fdc.htm [ftc.gov]

  • by Anonymous Coward on Monday August 30, 2004 @12:00PM (#10109813)
    Have you ever wanted to post a comment as someone else, for humor or other more mischievous purposes? Now you can thanks to Slashdot's new comment author falsification service! You can be CmdrTaco [slashdot.org], Hemos [slashdot.org], CowboyNeal [slashdot.org], or one of literally hundreds of thousands of other people, some of them actually famous [slashdot.org]!

    Author falsification starts at a mere 10,000 subscription points [slashdot.org]!
  • by scaltagi_the_pirate (777620) on Monday August 30, 2004 @12:00PM (#10109817) Homepage
    Chalk one up for the stalkers!
  • hidden methods (Score:4, Interesting)

    by BoldAC (735721) on Monday August 30, 2004 @12:00PM (#10109819)
    The methods behind this are still hidden. They claim that it's not VoIP as most people currently do...

    Any speculation what it could be?

    • Re:hidden methods (Score:5, Informative)

      by Short Circuit (52384) * <mikemol@gmail.com> on Monday August 30, 2004 @12:04PM (#10109866) Homepage Journal
      Anybody can spoof their own Caller-ID info with the right equipment. Use a multi-thousand-dollar system from Panasonic, or go cheap and use Asterisk with a $125 PCI card from Digium.
    • Re:hidden methods (Score:3, Informative)

      by m0rph3us0 (549631)
      A PBX. Seriously, any PBX that allows ANI generation will let you do this. The phone companies switches just forward an ANI if there is one present. When you pick up your phone and make a call the CO generates an ANI for you with your name and phone number now when it calls where ever it keeps fowarding it. You can also spoof an ANI with some calling card services. Basically, you can think of an ANI as being as secure as the proposed DDOS flag on TCP packets.
    • Re:hidden methods (Score:3, Informative)

      by a2wflc (705508)
      T1 protocols let you send caller ID when you place a call. Most telcos either ignore it and put in your "default" number or only let you use specific numbers that you "own".

      I have programmed an IVR system that went through a telco who didn't check the caller ID and I was able to send any number I wanted. I used this feature to test our system since I was able to call as any of our customers (and verify that I got the correct callerID-based greeting & info)

      I've also used a telco who always puts in
    • Re:hidden methods (Score:5, Interesting)

      by funaho (42567) on Monday August 30, 2004 @12:15PM (#10109996) Homepage
      This is so brain dead simple to set up it isn't even funny. I can do this at work easily. All you need:

      A computer running Linux and Asterisk

      A T100P (Asterisk T1 card)

      A PRI to a telco that lets you specify Calling-Party-ID (you can get this pretty easily from a lot of CLECs)

      About 30 minutes of coding up a simple perl or PHP script to parse a web form and use the data to dump a call request file into Asterisk's outbound spool directory.

      Voila. Done. Setup cost is whatever you pay for the computer plus $500 for the T1 card (or spring for the quad T1 model at $1500). Your monthly cost to run this service should be no more than about $500 per PRI, plus a little more if you'd rather colo the box somewhere.
  • And now... (Score:4, Insightful)

    by Short Circuit (52384) * <mikemol@gmail.com> on Monday August 30, 2004 @12:01PM (#10109822) Homepage Journal
    ...watch legislation arrive to clamp down on who can own PBX equipment, and what it can be used for.

    Bye bye, Asterisk [asterisk.org].
    • Re:And now... (Score:3, Insightful)

      by Zak3056 (69287)
      ...watch legislation arrive to clamp down on who can own PBX equipment, and what it can be used for.

      I can't believe this got modded as insightful--because it's absurd. Just about any business not being run out of a garage (and some that are) all but requires a PBX or at least a Key system to function on a day to day basis. A bill such as you describe above wouldn't go anywhere even in our idiotic legislature.

      Far more likely would be legislation requiring telcos to configure their switches so customers
    • Re:And now... (Score:5, Insightful)

      by funaho (42567) on Monday August 30, 2004 @12:19PM (#10110044) Homepage
      The real problems is companies that treat CallerID as a method of identification. CallerID never was, never has been, and never will be a way of positively identifying who's calling. The best you can do is use it as a hint.
  • Courthouse (Score:5, Funny)

    by Nate Fox (1271) on Monday August 30, 2004 @12:01PM (#10109824)
    I knew a friend who worked in a courthouse, and she'd call me from the phone in there.

    The caller id was (999) 999-9999. Always thought that was kinda cool.
  • by Gentoo Fan (643403) on Monday August 30, 2004 @12:01PM (#10109825) Homepage
    Right off the bat doesn't this violate wiretapping laws? I thought there was a clause that prohibits mucking around with phone tech like this.
    • I thought there was a clause that prohibits mucking around with phone tech like this.

      While you might run into fraud or other laws, I'm not sure it would necessarily bother any wiretapping statutes. Spoofing caller-ID is different from actually changing what the *phone company* sees as the originating number, so if they're not doing that, they're probably okay. Well, except for the fraud bit, which can get pretty serious, but that would likely be the responsibility of the person using the service.
    • by kidgenius (704962) on Monday August 30, 2004 @12:17PM (#10110023)
      No, it doesn't. This has been possible for YEARS. Normally it would require the use of a very expensive piece of equipment known as a PBX. It's able to display caller-id however they want it to. Notice how when you receive calls from very large companies, the number always comes back as the main line, instead of the individuals desk number? That's the PBX working. This is nothing new, and it's not illegal.
  • by Nos. (179609) <andrew@@@thekerrs...ca> on Monday August 30, 2004 @12:01PM (#10109828) Homepage
    Isn't there a law (at least in the US and Canada) that says telemarketers must make the call with real callerid information supplied?
  • by keiferb (267153) on Monday August 30, 2004 @12:02PM (#10109836) Homepage
    Anyone have Darl's phone number?
  • Telemarketers (Score:3, Interesting)

    by StevenHenderson (806391) <stevehenderson&gmail,com> on Monday August 30, 2004 @12:03PM (#10109843)
    Jepson claims the service will charge a twenty-five cent connection fee for each call, and seven to fourteen cents per minute.

    Hopefully this will deter the telemarketers. That's my biggest fear.
  • by deadmongrel (621467) <karthik@poobal.net> on Monday August 30, 2004 @12:03PM (#10109845) Homepage
    Its a copy and paste from theregister.co.uk.

    http://www.theregister.co.uk/2004/08/30/caller_i d_ falsify/
  • by WanderingGhost (535445) on Monday August 30, 2004 @12:05PM (#10109871)
    This sounds to me like a simple callback system. It has been used by people who want to reduce the price they pay for international calls -- for several years.

    (You call the callback answering maching, it waits until you dial the number you want; then you hang up; the machine calls the number for you, and calls you. You're not calling "from" your country, and won't have to pay the rates charged there.)

    http://www.google.com/search?q=callback+phone+serv ice
  • Great! (Score:5, Insightful)

    by khrtt (701691) on Monday August 30, 2004 @12:06PM (#10109879)
    Now the neighbor's kid can activate my credit cards he stole from my mailbox without breaking into my place to use my phone line.
  • CallerID != ANI (Score:5, Informative)

    by GGardner (97375) on Monday August 30, 2004 @12:06PM (#10109882)
    Phone customers with 800 and other toll free numbers get the caller's number delivered via ANI (automatic number identification), which is not CallerID. I suspect that this service will not change the ANI, as ANI is much harder to block than CallerID.
  • This is nothing new (Score:5, Interesting)

    by mhesseltine (541806) on Monday August 30, 2004 @12:08PM (#10109907) Homepage Journal

    As Kevin Mitnick pointed out in his book The Art of Deception [barnesandnoble.com], anyone with a PBX system can program their outgoing Caller-ID information to show anything they want.

    As far as star38.com goes, I wonder what purpose they hope to serve by doing this. After all, it's a free service, and as we all know, nothing in this world is free. Could it be that star38.com will sit in the middle and record these conversations, either to sell prank calls a la The Jerky Boys? Or, maybe they'll gleam little bits of information about people and sell that marketing information to companies?

  • by AnswerIs42 (622520) on Monday August 30, 2004 @12:09PM (#10109919) Homepage
    All my calls go to the answering machine...
  • Spoof for Truth (Score:5, Interesting)

    by Doc Ruby (173196) on Monday August 30, 2004 @12:10PM (#10109931) Homepage Journal
    I need a service like this, to make my CallerID more accurate. I have a VoIP landline and a mobile phone, with two different numbers. The landline rings my mobile simultaneously, at no charge, so I distribute only that phone#, and answer whichever phone is nearest - I'd prefer the mobile# remain undisclosed, to funnel all calls through the landline#. But when I initiate calls from my mobile, the recipient gets only the mobile#, which they might call back directly, insert into their contacts list, etc. But incoming calls on that mobile# won't ring my landline (although a less robust service for the mobile has a charge, while the landline multiringing doesn't). So I'd like to spoof the landline# when making mobile calls.

    One way to do it would be to call a service at my VoIP landline, authenticate my mobile# CallerID, and replace the call to the actual recipient, from the landline with the landline# sent in CallerID. A better way would be to learn from email, and include both a "From:" and a "Reply-To:" field in the sent CallerID metadata. This service is a step in the right direction.
  • by Sans_A_Cause (446229) on Monday August 30, 2004 @12:11PM (#10109949)
    Unless they figure out who all my friends and family members are. I don't answer the phone if I don't recognize the number. My current phone number is one digit off from the local KFC, so I get a half-dozen calls every day that I don't answer.

    • by commodoresloat (172735) on Monday August 30, 2004 @12:30PM (#10110156)
      Who the hell calls KFC? IIRC, they don't deliver or take orders over the phone. It's fast food, what are you going to ask them? Hey, you guys have any chicken today?

      Actually, you could have a lot of fun answering some of those calls and playing games with the callers. "I'm sorry, Sir, we're out of chicken today. No, our other stores are out of chicken too. In fact, we're under new ownership, and will feature an all vegetarian menu. Thank you for calling Kentucky Fried Tofu."

  • by mercury83 (759116) on Monday August 30, 2004 @12:11PM (#10109952)

    The more advanced and complex our communication systems get the more confusing and time-consuming and frustrating it becomes to communicate. It's odd how many people I know that will send emails to people, or chat online, but barely talk to people in person -- or at least with any real depth. The more "advanced" our communication, the more time we spend dealing with all the problems of communication that crop up (spam, caller id spoofing, junk mail, etc.)


    I know this whole group of people who are barely seen by other people and do nothing but communicate with random people from all over the world on a website [slashdot.org].

    Oh wait... damn ... nevermind

  • by TruthDefender (808342) on Monday August 30, 2004 @12:11PM (#10109963) Journal
    ...and breathing heavily on the phone.

    Why would a website want to offer this kind of service and put themselves in legal jeopardy?

    And could traditional phone companies block them the way spam is blocked, to say anything originating from their service is blocked? I hope the telemarketers don't start using this kind of system. I am on the do not call list, and suddenly the number from which telemarketers call has switched from USA numbers to numbers located in Canada.

  • by erick99 (743982) <homerun@gmail.com> on Monday August 30, 2004 @12:16PM (#10110014)
    If this enjoys wide-spread use, then a great many people will simply ditch CallerID. After all, it won't serve much purpose anymore since any number could be anybody. This would cost the telco's some revenue as folks (like me) cancel CallerID service.

    I would simply go back to an answering machine that screens my calls and pick up the line when I recognize the voice, as I did before CallerID.

    Cheers,

    Erick

  • One way to do it (Score:5, Interesting)

    by Anonymous Coward on Monday August 30, 2004 @12:19PM (#10110047)
    My daughter and her friends figured out a way to do this years ago. Here's the scenario:

    Amy is supposed to be having a sleepover at Beth's house, but instead is spending the night with her boyfriend Carl.

    Dad calls Beth's house to speak to Amy. Beth says, "Oh, Amy's in the bathroom. I'll have her call you back when she gets out." A minute later, Dad's phone rings, Beth's number displays on the Caller ID, and Amy's voice is on the line. Dad is satisfied that Amy is at Beth's house. Wrong!

    What happened is that after speaking to Dad, Beth calls Amy at Carl's house, initiates 3-Way Calling back to Dad's number, then hangs up as soon as Das picks up the phone. Amy (at Carl's house) is on the line, but it's Beth's number on the Caller-ID because that's where the call originated from.

    I have gray hair.
    • by bmajik (96670) <matt@mattevans.org> on Monday August 30, 2004 @04:28PM (#10112415) Homepage Journal
      except it was usually pizza hut answering the phone: "hello, pizza hut" only to be greeted by "uh, hello, this is papa johns"

      it was a real treat to listen to the two angry pizza guys, both of whom were insisting that THEIR phone was the one that rang, work out who was the bigger jerk

      3 way calling and the "mute" button is the best thing that happened to beeing a geeky teenager.

  • Very easy (Score:5, Interesting)

    by Punk Walrus (582794) on Monday August 30, 2004 @12:20PM (#10110051) Journal
    Dude, we used to do this all the time when I programmed for call centers. The ANI (telecom term for caller ID) was programmed at the Layer 2 level, and like a MAC address was easy to change. We usually used ANI via a software bridge to simultaneously launch a trouble ticket indexed via phone number, but there was always the issues with Pay Phones, Hotels, or companies that hid the originating ANI behind a PBX (i.e., for security).

    So, sometimes, we changed the number enroute so that it would launch a new ticket window instead of a ticket with 20,000 IDs all indexed to the same phone number. We just marked it with a random number that let the techs know this was not their real home phone, and thus, had to ask for a callback number if needed.

    We also had hackers that did this as well, like one guy in Vancouver who hacked the ANI so he could make illegal and harrassing long distance calls in the US using a US 800 number that would, in theory, make the call unbillable. [punkwalrus.com]

    Then there's the mysterious 604 number [derkeiler.com] that people get from time to time...

  • I don't like the thought of goofballs mucking around with the service either but I can see legitimate uses for it.

    Take a look at some of these nifty caller-id features [verizon.com] such as "Prevent Your Number from Displaying on Caller ID" or "Caller ID with Anonymous Call Block"

    Suppose your phone number is unlisted and typically shows up as "Anonymous" or "Unavailable" to caller ID. Now suppose the recipient of your call has Caller ID with Anonymous blocking. You can't get through or, with some services, you have to leave your name at the tone and hope they pick-up and decide to take your call.

    It would serve as a way to make your own number show up when you want it to but otherwise remain anonymous and not defeat the purpose of having an unlisted telephone number.
    • All phone companies offer a way to turn on and off this (and all other) features. With my local telco we dial *82 then the number to allow the caller id information through. I still don't see a legitimate use for this service. Cool hack, maybe. Useful, not from what I've seen.
  • by onyxruby (118189) <.onyxruby. .at. .comcast.net.> on Monday August 30, 2004 @12:23PM (#10110087)
    I did credit before getting into IT. If collection companies do this they will run headlong into FDCPA problems. Attorney Generals love to stick it to collection companies (and they often deserve it), and won't hesitate to nail any collection company that does this to the wall.

    Standards for honesty for any method of a collection company presenting itself are very strict. Wording of exactly what can be said is drilled into collectors. You can't claim to be an old college buddy, a cop, lawyer, or anything else to try to get someone on the phone. If you can't tell someone a lie like that, I don't see how telling a lie by caller ID would be any more allowed.

  • by kb9vcr (127764) on Monday August 30, 2004 @12:34PM (#10110199)
    I was wondering how the MPAA was going continuing making horror films!

    Every time a killer taughted his victim over the phone you'd know right away who John Q. Killer was but, leave it to the MPAA and their crafty ways to secretly fund this anti-Caller ID technology....

    ...Who else is looking forward to a "Scream 4: keep on screamin'"? ;)

  • by dfn5 (524972) on Monday August 30, 2004 @12:36PM (#10110223) Journal
    My phone blocks all callerIDs that are not PGP signed.

  • by dnaboy (569188) on Monday August 30, 2004 @12:41PM (#10110268)
    This has trouble written all over it. As mentioned a million times throughout the comments, there is a huge risk in terms of people using, what is by definition, wire fraud, to get credit cards etc...

    I think there's another risk here though, which is less stated. This service is to go live Sept 1st, from the web site. Unless it's on a minimal page after getting /.ed, I couldn't find any link to terms and conditions. What exactly are you submitting to when you use this? Is your information safe? Keep in mind, the call is routed through their system. Right now, until I see T and C which specifically states that my information is priviledged and cannot be listened in on or used against me, I can only assume it will be. They must have some concept of how they intend to make money.

    Also, who's liable for the damages WHEN (not if) someone uses it to commit a crime? This company, I can forsee turning anyone over at the drop of a hat. They're going to have a hard time pleading the internet provider's argument that they are merely the conduit (and therefore not liable for the actions of individuals on their networks), since there is little or no use for the system for legal ethical purposes.

  • by Anonymous Coward on Monday August 30, 2004 @12:45PM (#10110293)
    This "service" won't last long. This was brought up on a Telehpreak.org conference (shameless plug). There's better ways to do this _with_ VoIP. It's much easier to go down to my local store (with cash), by a pre-paid Visa card with any name I want. Then, use that card to signup with a VoIP server (Voicepulse, Vonage, etc). Then, using the fun of Asterisk, set my caller ID to anything I want. No ANI [it's VoIP], spoofed caller ID, and anonymous.

    We actually thought about setting up a similar type of service (more of a concept service, really) to allow CID spoofing. After much discussion, between ourselves and the EFF, we decided that it wasn't a very smart thing to do.

    http://www.telephreak.org
  • by sysadmn (29788) <sysadmn@g[ ]l.com ['mai' in gap]> on Monday August 30, 2004 @12:49PM (#10110328) Homepage
    Is anyone else really, really tempted to call someone and have this service send the number you're calling? Especially if you've got a friend with the Voice Announce caller-id feature? "Five Five Five One Six Zero Zero" "Hmm, that number seems familar" "Get out of the house, he's in there with you!"
  • by Castaa (458419) on Monday August 30, 2004 @12:52PM (#10110371) Homepage Journal
    This spoofing system is a telemarketer's dream for two reasons.

    1.) Nearly all telemarketers have their Caller ID blocked because they don't want to actual name to appear in people's caller ID display and thus keep people from picking up the phone.

    2.) I pay about $4 a month to have SBC (my local phone company) block all 'Anonymous' calls incoming to my phone. The caller has to leave a message or unblock their number to for call to be successfully connected. This filtering has reduced the number of unsolicited telemarketer calls by over an order of magnitude.

    Now, telemarketers can falsely spoof any name and number they wish. They already know my full name and phone number and easily could construct a database of people that are related to me. For example, I could now see my Mom's name and phone number every time a telemarketer calls me. Now both my caller ID and Anonymous caller ID blocking is circumvented. Now I am totally unable to avoid the torrent of calls from telemarketers that has plagued my phone number for years.

    This is has to be made illegal.
  • by isepic (117674) on Monday August 30, 2004 @01:18PM (#10110598)
    try wildgate.com -
    sign up for an account and you have the choice in your prefs on what outgoing ID you want...
    cost $5.00 or so.
    been around for years now.

The tree of research must from time to time be refreshed with the blood of bean counters. -- Alan Kay

Working...