Caller ID Falsification Service 639
Dan writes "
A US website will offer Caller ID falsification service...Slated for launch this week, Star38.com would offer subscribers a simple Web interface to a Caller ID spoofing system that lets them appear to be calling from any number they choose. [...]
SecurityFocus took the site for a test drive, and found it worked as advertised. The user fills out a simple Web form with his phone number, the number he wants to call, and the number he wants to appear to be calling from. Within two seconds, the system rings back, and patches the user through to the destination. The recipient sees only the spoofed number displayed on Caller ID. Any number works, from nonsense phone numbers like "123 4567" to the number for the White House switchboard."
Fun for all ages and campaigns! (Score:3, Interesting)
Debt collection agencies already mask their online and phone identities pretty well. Using common telephone setups (before the big Asterik "save the children" bullshit) they just appeared as whatever they wanted. In fact their web-presence is generally unknown and they even mask their hostnames to the rest of the world with benign addresses like mta-mailserver.alliedfinancial.com (this is a recreation of an actual NAT host used by a collection agency).
Private Investigators should opt for paying the phone company to offer them a similar service (or better yet don't call from your business phone).
If they are really allowing ANY number it isn't going to make it very far out of the "hype-stages". Think of what this could do to our children and what could happen in the hands of the terrorists!
CallerID: "J. KERRY CAMP. OFF. HQ"
Caller: "Hi, I'm calling you to vote for John Kerry via absentee ballot."
John_Overseas: "Ok. Count me in. Down with Bush!"
Caller: "Done. Thanks for helping Bu...I mean...Kerry win!"
Caller: "Another close one Dubya."
hidden methods (Score:4, Interesting)
Any speculation what it could be?
How is this even remotely legal? (Score:3, Interesting)
Telemarketers (Score:3, Interesting)
Hopefully this will deter the telemarketers. That's my biggest fear.
Re:hidden methods (Score:2, Interesting)
Simple callback system? (Score:3, Interesting)
(You call the callback answering maching, it waits until you dial the number you want; then you hang up; the machine calls the number for you, and calls you. You're not calling "from" your country, and won't have to pay the rates charged there.)
http://www.google.com/search?q=callback+phone+ser
Re:How is this even remotely legal? (Score:1, Interesting)
Re:Social Engineering (Score:4, Interesting)
Although the calls are funny - he actually provides a useful service to all of us - he shows how easy it is for a complete phoney to get through on the news. The media gets into such a major rush to be first on everything that they put him right on the air and give him the chance to say "Howard Stern's balls" or something like that. The scary part is, who's doing this and doesn't let in on the joke? We can never know for sure. Don't trust those people who call in during news broadcasts!
This is nothing new (Score:5, Interesting)
As Kevin Mitnick pointed out in his book The Art of Deception [barnesandnoble.com], anyone with a PBX system can program their outgoing Caller-ID information to show anything they want.
As far as star38.com goes, I wonder what purpose they hope to serve by doing this. After all, it's a free service, and as we all know, nothing in this world is free. Could it be that star38.com will sit in the middle and record these conversations, either to sell prank calls a la The Jerky Boys? Or, maybe they'll gleam little bits of information about people and sell that marketing information to companies?
Strike it Down (Score:2, Interesting)
I don't think the FCC will let this stand long. Especially if telemarketers, or similar crud start using it in the obvious ways.
Could the DMCA be applicable here? I can't recall all of its subtle clauses right now. But I wouldn't be suprised if such a technology violated it (everything else seems to). Can you imagine? The DMCA being used for good !?
Re:Fun for all ages and campaigns! (Score:5, Interesting)
True...it's ok for a debt collection agency to call you with no caller ID identity, or their real caller ID identity. Though I am not an attorney, and I don't even play one on television*, the attorney's comments at the end of the article saying that the practice of making up a fake caller ID identity would violate the fair debt practices collection act seem right on. (If you're hounded by creditors, you have a surprisingly large amount of rights, including the ability to tell them to just stop contacting you.)
*I am however an actor and I could play one on television.
Spoof for Truth (Score:5, Interesting)
One way to do it would be to call a service at my VoIP landline, authenticate my mobile# CallerID, and replace the call to the actual recipient, from the landline with the landline# sent in CallerID. A better way would be to learn from email, and include both a "From:" and a "Reply-To:" field in the sent CallerID metadata. This service is a step in the right direction.
Re:CallerID != ANI (Score:5, Interesting)
Here comes the wave of young boys calling girls... (Score:4, Interesting)
Why would a website want to offer this kind of service and put themselves in legal jeopardy?
And could traditional phone companies block them the way spam is blocked, to say anything originating from their service is blocked? I hope the telemarketers don't start using this kind of system. I am on the do not call list, and suddenly the number from which telemarketers call has switched from USA numbers to numbers located in Canada.
Dept colection? Great (Score:4, Interesting)
(Not a sports fan)
They identified themselfs and I contacted a laywer who was apparently handling a class action lawsute against thies people (not the dept colection agentcy but the people they were colecting for) for fraud.
Dept colection agentcys should not be alowed to hide who they are (or who they work for) for this reason.
Re:Fun for all ages and campaigns! (Score:5, Interesting)
I have, thankfully, never been hounded by debt collectors but I know someone who does do it for a living. Telling them not to call YOU doesn't mean that they stop. They call your friends, your family, your boss, your co-workers, your babysitters, anyone...
As far as what comes up on Caller ID. His shows up UNKNOWN, ALLIED GROUP (name changed to protect the guilty/innocent), or PRIVATE. I suppose if you knew it was them you could just ignore it and they would just keep calling everyone you know under the sun...
Honestly, if they were calling MY boss daily about having me pay up I'd think twice about letting the answering machine pick that up.
Re:hidden methods (Score:5, Interesting)
A computer running Linux and Asterisk
A T100P (Asterisk T1 card)
A PRI to a telco that lets you specify Calling-Party-ID (you can get this pretty easily from a lot of CLECs)
About 30 minutes of coding up a simple perl or PHP script to parse a web form and use the data to dump a call request file into Asterisk's outbound spool directory.
Voila. Done. Setup cost is whatever you pay for the computer plus $500 for the T1 card (or spring for the quad T1 model at $1500). Your monthly cost to run this service should be no more than about $500 per PRI, plus a little more if you'd rather colo the box somewhere.
Good God... (Score:3, Interesting)
My state has laws saying if you tell a creditor to stop calling and only communicate with mail, they have to honor that. Yet I know people with bad credit, and the phone rings with "Unidentified" in the caller ID. He is pretty sure it is the collection agencies because it happens all day long, at least once every other hour. About every 10th one of these unidentified calls is a recorded message saying "call 1-913-xxx-xxxx" or some number like that.
How can collection agencies circumvent the law? How can someone prove it is them?
Re:Illegal for Telemarketers? (Score:3, Interesting)
One way to do it (Score:5, Interesting)
Amy is supposed to be having a sleepover at Beth's house, but instead is spending the night with her boyfriend Carl.
Dad calls Beth's house to speak to Amy. Beth says, "Oh, Amy's in the bathroom. I'll have her call you back when she gets out." A minute later, Dad's phone rings, Beth's number displays on the Caller ID, and Amy's voice is on the line. Dad is satisfied that Amy is at Beth's house. Wrong!
What happened is that after speaking to Dad, Beth calls Amy at Carl's house, initiates 3-Way Calling back to Dad's number, then hangs up as soon as Das picks up the phone. Amy (at Carl's house) is on the line, but it's Beth's number on the Caller-ID because that's where the call originated from.
I have gray hair.
Very easy (Score:5, Interesting)
So, sometimes, we changed the number enroute so that it would launch a new ticket window instead of a ticket with 20,000 IDs all indexed to the same phone number. We just marked it with a random number that let the techs know this was not their real home phone, and thus, had to ask for a callback number if needed.
We also had hackers that did this as well, like one guy in Vancouver who hacked the ANI so he could make illegal and harrassing long distance calls in the US using a US 800 number that would, in theory, make the call unbillable. [punkwalrus.com]
Then there's the mysterious 604 number [derkeiler.com] that people get from time to time...
This has a legitimate use (Score:4, Interesting)
Take a look at some of these nifty caller-id features [verizon.com] such as "Prevent Your Number from Displaying on Caller ID" or "Caller ID with Anonymous Call Block"
Suppose your phone number is unlisted and typically shows up as "Anonymous" or "Unavailable" to caller ID. Now suppose the recipient of your call has Caller ID with Anonymous blocking. You can't get through or, with some services, you have to leave your name at the tone and hope they pick-up and decide to take your call.
It would serve as a way to make your own number show up when you want it to but otherwise remain anonymous and not defeat the purpose of having an unlisted telephone number.
I used to to credit before IT (Score:5, Interesting)
Standards for honesty for any method of a collection company presenting itself are very strict. Wording of exactly what can be said is drilled into collectors. You can't claim to be an old college buddy, a cop, lawyer, or anything else to try to get someone on the phone. If you can't tell someone a lie like that, I don't see how telling a lie by caller ID would be any more allowed.
Re:Great! (Score:5, Interesting)
I would hope the credit card company is using the ANI (Automatic Number Identification) on their 800- line instead of caller ID. It's not subject to the same spoofs.
Re:Sooner or Later... (Score:5, Interesting)
Re:Good God... (Score:5, Interesting)
Re:Fun for all ages and campaigns! (Score:5, Interesting)
I'm pretty sure Friends/Family/Bosses enjoy the same privileges, by law, of telling someone else's creditors where to stick it ^H^H^H^H to not call anymore.
That's why I'm in the IT profession. As all my positions get outsourced, I'm never in the same job long enough. If I ever get behind in the bills, I guess they can call my old boss, because I don't bend over backwards telling creditors where I'm working now. Unless, I feel I need a new loan.
MPAA conspiracy theory (Score:3, Interesting)
Every time a killer taughted his victim over the phone you'd know right away who John Q. Killer was but, leave it to the MPAA and their crafty ways to secretly fund this anti-Caller ID technology....
Re:Social Engineering (Score:5, Interesting)
Re:Dept colection? Great (Score:5, Interesting)
They can't call you on Sunday, they can't call you at work or after 6PM (IIRC), without your explicit permission.
There's very little a debt agency can do. They have no power, and they can't make you pay. They can only remind you that you owe. They like to sound official and intimidating, because they want to scare you into paying up, and paying all the ridiculous late fees and stuff they assess.
The only way they can make you do anything is through the courts. Once things get that far, you can cut a deal, like paying off the debt but dropping the late fees etc. Because then they compare the late fees to legal fees. Note that by this point your credit report is already boned so you aren't hurting yourself by not bending over for the thugs.
This is really dangerous in a lot of ways... (Score:5, Interesting)
I think there's another risk here though, which is less stated. This service is to go live Sept 1st, from the web site. Unless it's on a minimal page after getting /.ed, I couldn't find any link to terms and conditions. What exactly are you submitting to when you use this? Is your information safe? Keep in mind, the call is routed through their system. Right now, until I see T and C which specifically states that my information is priviledged and cannot be listened in on or used against me, I can only assume it will be. They must have some concept of how they intend to make money.
Also, who's liable for the damages WHEN (not if) someone uses it to commit a crime? This company, I can forsee turning anyone over at the drop of a hat. They're going to have a hard time pleading the internet provider's argument that they are merely the conduit (and therefore not liable for the actions of individuals on their networks), since there is little or no use for the system for legal ethical purposes.
VoIP/Spoofing/and other (Score:3, Interesting)
We actually thought about setting up a similar type of service (more of a concept service, really) to allow CID spoofing. After much discussion, between ourselves and the EFF, we decided that it wasn't a very smart thing to do.
http://www.telephreak.org
Re:How'd you find out? (Score:5, Interesting)
Actually, Beth's mother got pissed at the number of 3-Way Calls on her bill, and demamded that I pay for some, since they involved my number -- as well as Carl's.
From that point, it didn't take long to figure it out.
Re:Good God... (Score:3, Interesting)
Crazy as it may sound I went to college and I saw those tables set up all over campus, I got those envelopes in the mailbox in my dorm and off-campus, and I even passed every single one of those T-shirts up. Can you believe that? Self-restraint!
I have no qualms in telling someone that has run themselves into debt because they couldn't pass up a free t-shirt to get a life. I am actually quite disappointed that you would support those kids. Yet another example of no one needs to be responsible for their own actions. It was the fault of the CC companies throwing freebies away! OOOOOOH shiny plastic. Give me a break.
Even if the debt is valid, do you think it resonable for collection agencies to call every day. It stinks of harrasment. Perhaps the credit card companies should be a little more picky with who they grant credit to.
Do you think it is reasonable to go for weeks/months/years without paying off what you owe? You apparently do because you seem to be flatly defending them. Yeah CC's suck and their terms suck. The promise of free money that you don't have is nice but you certainly don't have to give in to the temptations.
Reverse Social Engineering (Score:4, Interesting)
> Let's not even start talking about all the wonderful social engineering that can now be performed with this great service. "This is Bill Gates. I forgot my password. Give it to me."
It's probably a front for an FBI sting operation, an invitation for stupid criminals to use them as a middle-man in their crimes.
Re:Great! (Score:2, Interesting)
Even if, however, they used CallerID, this kid would be caught about a half hour after you notice the fraud.
This company obviously keeps records of the real numbers on each end, the kid has to pay somehow (aside, do even they verify credit cards to see if you're calling from an approved ship-to address?).
To avoid serious legal troubles, I'm sure they'd have no problems turning these logs over. At most they'd require a subpoena.
It's much easier to just plug a handset into the demarq spot outside your home. Or dig up a section of cable and spice your own extension into it.
The POTS really isn't uber-secure, I'd figure people would take that as a given by now.
Re:Dept colection? Great (Score:5, Interesting)
They called him at 11pm, 1am etc. He changed his phone number. So they called his family and found his new phone number and started again. Someone who can't even pay off their debts probably can't pay a lawyer to stop the harrassment.
Re:Fun for all ages and campaigns! (Score:3, Interesting)
If they were calling my boss (if I had one, I'm self employed
Re:Good God... (Score:3, Interesting)
Of course it's a free country and you can borrow money for a car if you like, but don't whine about it when you find it's a crappy deal - basic junior school arithmetic can be used to tell it's a crappy deal before even entering it. I do have some sympathy for many in this trap because they've often fallen for high-pressure sales, but it still doesn't change the fact that they did it to themselves.
Re:Good God... (Score:5, Interesting)
Bell Canada decided our office owed them money. We had a DSL account with them for about two years. One day, all of a sudden, I could no longer connect to port 25. Called them up, and asked. First guy said "No, we haven't made any changes at all. must be your end". Looked around some more, found I was definately being blocked. Called back, and this guy told me that they had noticed one of their connection racks hadn't been blocking port 25, so they "fixed it". Fine, whatever, created a dns alias for the network to send our smtp mail to their smtp server.
This was fine for a month or so, but then it would randomly die.. their SMTP server just stopped working intermittently, for an hour or so. About the third time it happened (and this time it lasted a few hours, beyond the point of being a major annoyance, where it was hindering the business), and I was actually in the office this time, I called them to see what was going on. The tech told me that they were getting hammered by viruses sending spam, and that it would go away eventually. "Eventually" does not work for business.
So I asked them to unblock port 25 for me (since it's virus free), even if to only my own properly configured mail server, so I could send email. He told me they can't. So I asked how I was supposed to be able to send email, to which he replied that their webmail was working. Yeah, that's great, I have webmail too
So I called up another ISP, and asked them when they could have DSL in.. they said 5 days, which just happened to correspond with my billing period with Bell. So I called bell back, and told them to cancel the account.
Here's where it got real fun. They said ok, we can cancel, but you will still owe us $300 or something for terminating the contract early. Contract? I looked at our bills.. initially, we had signed on with a one-year contract, but all of our bills after that just said "monthly recurring charge" with absolutely no mention of a yearly contract. The month where it would have renewed was no different from any of the rest of them.
So we pointed this out, and they said that regardless of what the bills said, we were on a year contract still. So we asked them to fax the contract to us. "Uh.. we don't have it". Well, we didn't have this supposed contract either.. most people at this point would assume with no contract anywhere, that there was no contract. Well, next they told us it was a "verbal contract" to renew, but couldn't tell us who exactly made this contract (only me and the owner would be authorized to do that, and being the IT person, I'm the only one who actually would have done it), nor produce a recording of it or anything. So at this point we said, well, no contract, come get your modem, we're done.
A few months later, we got a notice in the mail from bell saying we owed them $500 or something now, for an outstanding balance plus interest plus late fees etc. Called them up to clairify this, and again went through the same stupid banter, with the same conclusion. That was about a year ago, and we haven't heard anything else from them since. Maybe they'll decide to sue us or something, I don't know. But taking us to court over a "verbal contract" without knowing who exactly made it or anyone at our company who's authorized having any recollection of it seems a bit flakey to me.
Since that happened, I've learned a few other people have been burnt by them as well. The trick is, they'll never take you to a collection agency. They have their own internal collections, and they'll get it through their subsidary companies. Ie, If you owe money (or they think you do) on a Sympatico internet
Re:Good God... (Score:3, Interesting)
I'd just like to say, politely, that you need to be knocked down a few notches. There is no lack of understanding what a credit card is. What gets people into trouble with credit cards is that they're being financially manipulated. They're starved. It's the same biological response as not eating for seven days and then being offered a $10 cheeseburger. $10 is way too much but hunger plays a factor.
Credit agencies, insurance agencies, government agencies, collection agencies--they all work to keep the general population starved of cash. They can do it because they CONTROL the financial system. Give me one good reason why the bean-counters crunching numbers for banks and credit agencies WOULDN'T take advantage of their position to hamstring a few hundred million people. Look at the overwhelming evidence: The National Debt is up to what, about $6 trillion? Which segment of the taxpaying public is carrying the greatest burden of that as a percentage of their annual income? Minimum wage hasn't gone up in how many years? The cost of living goes up at a steady rate of how much? Student loans have increased by how much yearly? It doesn't take a conspiracy theory to demonstrate how easily the financial institutions can manipulate credit to keep people starved for funding which they RIGHTFULLY worked for but were sorely undercompensated.
Rather than being so self-important perhaps you should consider a little perspective. I'll have none of this "well, back in my day" crap. Things were different back in your day--there was community and a sense of good society. In today's world, it's all about Alan Greenspan's profit margin.
Re:Good God... (Score:3, Interesting)
Uh, no. The people running up debts they can't afford to pay are to blame. It is quite possible the parents "should" have done a better job of teaching their kids how to handle money, but in the end you're responsible for your own actions.
Oh, wait. I forgot - nobody is responsible for the consequences of their own actions anymore. Never mind.
Good idea to use this for toll-free numbers (Score:3, Interesting)
So if you call a toll-free number for whatever reason, they can capture your number and sell it to telemarketers - or collection agents.
Re:Good God... (Score:3, Interesting)
Back when I graduated high school, there were kids who passed their algebra class, but did not know how to count back change without a calculator. Most of those even had problems giving correct change even when the little screen said Change: 1.48.
Unfortunately, our school systems need to change some to take this into account. My Home Economics class focused almost entirely on safe sex. Shouldn't that be a small portion of what is taught in Health class? The teacher was not even qualified to discuss that matter without turning it into a big joke. It was a wasted 72 minutes every day the whole trimester.
To me, Home Economics should have been Economics. How to ballance a checkbook. How to figure out that Credit Card X at 16.99% compounding will take me Y decades to pay off. It should have been how to count change, how to make sure you were given the correct change from the kid behind the register at Drawl-Mart. It should have been about how to modify a recipe "I only have 2 tbls of butter, but the recipe calls for 3. How many cookies can I make and what amount of other ingredients need to be added?" Car insurance is Z dollars every 6 months, and I get paid X every other week. How much per paycheck do I need to put in savings each paycheck to pay that bill every 6 months?" I think you see what I mean.
My point is, schools any more are not teaching what is relevant to students that will not attend higher education. I realize it is out of "fairness" to everyone, so no student feels they are "behind." But as a result, they are not able to fully function as productive members of society, and remain "behind" the rest of their lives. Next, they raise kids who don't know the difference, and the process continues. Unfortunately we have to start teaching the students to be responsible for themselves, because their parents are not responsibile enough to do it themselves. I'm all for self-responsibility, and I hold myself to a very high degree of it. But we are now at the point that we have to start teaching it to the younger generations and break the cycle.
Jeremy
Comment removed (Score:3, Interesting)
Re:ICLID, ANI, name lookup, tephone cumpnies etc. (Score:3, Interesting)
Re:Social Engineering (Score:3, Interesting)
Every good security policy is a balance of risk mitigation, ease of use, and a number of other factors. Forcing callbacks would not be an acceptable security measure in most organizations.
Yes, I do! (Score:3, Interesting)
Anyhow, so long as you're not stupid enough to get yourself killed by him, here's all the contact info you could want:
The SCO Group
355 South 520 West
Suite 100
Lindon, Utah 84042 USA
(801) 765-4999 phone
(801) 765-1313 fax
Contact SCO online
http://www.thescogroup.com/company/feedba
Darl C McBride
1799 Vintage Oak Ln
Salt Lake City, UT 84121-6539
Darl's home phone #: (801) 424-2006
Darl's office phone #: (801) 932-5820
Email Darl: darl@sco.com
Re:Seems useless to me. (Score:2, Interesting)
My bank no longer has a phone, although plenty of people want to ring them. The found answering the phone was costing them money, so they got rid of it.
I think you can fax them, but you can't ever talk to a human being, unless you enter the branch (where incidently, they charge you for just about everything). Small town, one bank - what you gonna do?