Get APLawrence.com by RSSCaller ID Manipulation
This month's topic is about caller id manipulation.
Recently, Caller ID spoofing has become much easier and more prevalent. Millions of people have Internet based telephone equipment that can be set to make any number appear on a Caller ID system. And to make this process even easier, several web sites have popped up to provide Caller ID spoofing services. These sites eliminate the need for any special hardware or software.
For purposes of this article, we will examine the site, http://www.spoofcard.com. They sell a virtual "calling card" for $10 that provides you with an hour of calling time. The user dials a toll-free number, then keys in the destination number and the Caller ID number to display. The service also provides you with an optional voice scrambling feature, to make the caller sound like someone of the opposite sex, either male or female. Currently Caller ID spoofing appears to be legal, though many of its uses are not and according to the Federal Communications Commission web site, it has never investigated this practice.
Some Caller ID spoofing web sites appear to be used by people who buy stolen credit card numbers. They will call a service such as Western Union, setting Caller ID to appear to originate from the card holder's home and use the credit card number to order cash transfers that they then pick up. Exposing a similar vulnerability, Caller ID is used by credit-card companies to authenticate newly issued cards. The recipients are generally asked to call from their home phones to activate their cards. Some card companies claim that they use additional means to confirm new cards. And caller ID spoofing may not work for calls to toll free numbers, where the hardware can identify calls using an additional technology.
Telephone companies can trace calls to their origin regardless of the Caller ID information they carry, but the process is labor intensive, since a call may be carried by several companies before reaching its destination. The fragmented nature of the telephone network also makes it technically difficult for the carriers to prevent spoofing. It's also fairly easy to break into a cell phone voice mailbox using spoofing, because many systems are set to automatically grant entry to calls from the owner of the account. Stopping that requires setting a PIN code or password for the mailbox. In a similar incident, spoofing was part of the technique used by a hacker who broke into Paris Hilton's cell phone voice mail in 2004. The hacker apparently called her by posing as a support person from her carrier and persuader her to give up her password. This technique is known as a "pretext" call, where someone poses on the phone as a customer or employee to obtain personal information from companies and individuals. And while spoofcard.com seems to be a service that is used for "entertainment purposes," it also notes on their web site that "Private Investigators and Law Enforcement" will find Caller ID spoofing valuable for pretext calls."
There you have it. False caller identification is more serious than pranks, or the annoyance of intrusive telemarketing. It facilitates fraud and can be potentially used for more sinister practices. So the next time you receive a phone call from a familiar number and you do not recognize the voice on the other end, you might want to ask who it is.
To respond to this or previous newsletters or to inquire about an on-site presentation, please feel free to call us at 508-995-4933 or email us at mdesrosiers@m3ipinc.com.
Michael Desrosiers
Founder
m3ip, Inc.
We Manage Risk, So You Can Manage Your Business
(O)508-995-4933
(C)774-644-0599
mdesrosiers@m3ipinc.com
http://www.m3ipinc.com
Technorati tags: Security
More Articles by Michael Desrosiers
/MDesrosiers/caller_id.html copyright March 2006 Michael Desrosiers All Rights Reserved
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
I sell and support
Kerio Mail server
Click here to add your comments
Wed Mar 8 14:21:26 2006: Subject: BigDumbDinosaur
The fragmented nature of the telephone network also makes it technically difficult for the carriers to prevent spoofing.
The irony of this is that prior to the 1984 divestiture of ATT, caller ID spoofing would not have been possible -- if VoIP had been available back then. This is just another example of one of my favorite aphorisms: new technology isn't necessarily good technology. It's also yet another reason to not be dependant on caller ID to screen calls. I don't use caller ID. I answer the phone and if it isn't someone I wish to speak to I have no problem with cutting him off in mid-sentence and hanging up.
As for giving out sensitive information, such as a PIN, to someone on the phone, there's no technology that will protect you from your own stupidity.
Fri Mar 16 23:19:44 2007: Subject: anonymous
I am being stalked and the caller ID manipulation you described is one of my stalkers favorite tricks. NOW I know how he's doing it. Thanks.
Sun Jun 17 16:35:22 2007: Subject: http://www.thezerogroup.com anonymous
here is another caller id spoofing website, that also lets you spoof txt messages as well
http://www.thezerogroup.com
Fri Jun 22 03:25:57 2007: Subject: CID Spoofing Site anonymous
If you want the complete scoop on http://www.calleridspoofing.info caller id spoofing visit that site right there. Its the real deal spoofing resource. The wiki entry stinks, so its good someone made that.
Mon Jul 16 14:44:15 2007: Subject: me
Thanks for all the recommendations, I wound up using Zer0-Fone by The Zero Group and I love it. I called everyone I knew from "funny numbers". I also found an online coupon code for the zero group's caller id spoofing service for $3 off a $10 purchase (100 mins)
here is the coupon code: zf1952-0001
Fri Aug 3 14:22:27 2007: Subject: anonymous
thanks for the coupon for Zer0-Fone. . . I must say they are the best of the caller id spoofing sites out there that I have tried
Mon Sep 3 07:53:38 2007: Subject: anonymous
Heres an interesting caller id spoofing link http://www.officialspoofcard.com Official SpoofCard offering free caller id spoofing trials.
Don't miss responses! Subscribe to Comments by RSS or by Email
Click here to add your comments
If you want a picture to show with your comment, go get a Gravatar