Join 200,000+ other SprintUsers for free at the #1 online community for Sprint cell phone customers! Win cool prizes in our weekly contests. Talk about the newest phones or post your question in our forums! Become a premium member and get unlimited Focus Uploads to your Sprint phone.
All visitors must register before they can post questions, contact other members or search our database of over 127,000 threads and 1.7 million posts. So what are you waiting for? Register for free today!
||Thread Tools||Display Modes|
|03-03-2006, 10:49 AM||#1|
AT&T and Happy!
Join Date: Sep 18, '05
Location: Denver, CO.
Phone: Nexus 5 and 6
Thanked 369 Times in 308 Posts
Caller ID spoofing becomes all too easy...
Caller ID spoofing becomes all too easy
By Peter Svensson, The Associated Press
NEW YORK — Last fall, U.S. Rep. Tim Murphy's office started getting phone calls from constituents who complained about receiving recorded phone messages that bad-mouthed Murphy. The constituents were especially upset that the messages appeared to come from the congressman's own office. At least, that's what Caller ID said.
"People thought we were making the calls," Murphy said.
The calls, which the Pennsylvania Republican estimated in the thousands, were apparently placed with fake Caller ID. That has been possible for a long time, but it generally required special hardware and technical savvy.
In the last few years, Caller ID spoofing has become much easier. Millions of people have Internet telephone equipment that can be set to make any number appear on a Caller ID system. And several websites have sprung up to provide Caller ID spoofing services, eliminating the need for any special hardware.
For instance, Spoofcard.com sells a virtual "calling card" for $10 that provides 60 minutes of talk time. The user dials a toll-free number, then keys in the destination number and the Caller ID number to display. The service also provides optional voice scrambling, to make the caller sound like someone of the opposite sex.
Caller ID spoofing appears to be legal, though many of its uses are not. The Federal Communications Commission has never investigated the issue, spokeswoman Rosemary Kimball said.
Lance James, chief scientist at security company Secure Science, said Caller ID spoofing websites are used by people who buy stolen credit card numbers. They will call a service such as Western Union, setting Caller ID to appear to originate from the card holder's home, and use the credit card number to order cash transfers that they then pick up.
Exposing a similar vulnerability, Caller ID is used by credit-card companies to authenticate newly issued cards. The recipients are generally asked to call from their home phones to activate their cards. Some card companies maintain, however, that they use additional means to confirm new cards. And caller ID spoofing may not work for calls to 1-800 numbers, where the hardware can identify calls using a separate technology.
Two spoofing services contacted by The Associated Press, Spoofcard.com and Telespoof.com, did not return messages seeking comment about their business. However, some of the five or so websites in the business don't appear to be completely unscrupulous: James said he had been hired by a few of them, which he would not name, to help stop the Western Union scam.
Also, both Spoofcard.com and SpoofTel.com say they will surrender call logs to authorities in response to subpoenas. Spoofcard.com's site says the service is "intended for entertainment purposes only."
Telephone companies can trace calls to their origin regardless of the Caller ID information they carry, but the process is laborious, especially since a call may be carried by several companies before reaching its destination. The fragmented nature of the telephone network also makes it technically difficult for the carriers to prevent spoofing.
At Verizon Communications, security manager John Lewandowski said the company often gets complaints about fake Caller ID after a telemarketer has spoofed his number to cover his tracks.
In a typical case, someone will be jarred in the middle of the night by repeated telemarketing calls. He checks Caller ID, calls the number — which is false — and starts "cussing out" the person at the other end of the line, Lewandowski said.
"And that poor guy was asleep. It wasn't him at all," Lewandowski said. The company investigates and tracks down the callers, he added.
Apart from fraud and telemarketing, Caller ID spoofing can be used for pranks and spying.
In one case, SWAT teams surrounded a building in New Brunswick, N.J., last year after police received a call from a woman who said she was being held hostage in an apartment. Caller ID was spoofed to appear to come from the apartment.
It's also easy to break into a cellphone voice mailbox using spoofing, because many systems are set to automatically grant entry to calls from the owner of the account. Stopping that requires setting a PIN code or password for the mailbox.
In a slightly more complicated fashion, spoofing was part of the technique used by a hacker who broke into Paris Hilton's cell-phone voicemail in 2004, according to security consultant Kevin Mitnick, who said he was citing hacking sources. The hacker apparently called the celebrity socialite posing as a technical-support person from the carrier, and lured the password from her.
That is known as a "pretext" call — someone poses on the phone as a customer, employee or even a regulator to obtain personal information from companies and individuals. And indeed, while Spoofcard.com contends that its service is for "entertainment purposes," it also notes that "Private Investigators will find Caller ID spoofing valuable for pretext calls."
Robert Douglas, a privacy consultant in Colorado, testified before Congress last month that pretexters trade tips on finding the best spoofing services.
Pretexters generally claim their practices are legal, as long as they don't involve financial information. A bill introduced in the Senate would make it illegal to pose as someone else to obtain phone records, or to buy records from phone company insiders.
Douglas would like legislation against Caller ID spoofing as well, but there appears to be little interest in Washington.
"If I'm paying extra for Caller ID, which I do ... there should be some ability on my part to believe what I'm getting," Douglas said.
In Alaska, State Representative Bob Lynn has introduced a bill to make spoofing a misdemeanor. "False caller identification is more serious than pranks, or the annoyance of intrusive telemarketing," Lynn writes. "It facilitates fraud, and can be potentially deadly."
However, it is unclear what effect the bill would have. As Lynn notes, Caller ID is a federal issue.
> To all Veterans needing info on your earned benefits?
> Goto www.va.gov or goto
> m.va.gov on your phone and learn about them.
> The "old" VA Watchdog Site has Returned. http://www.vawatchdog.org/
> Ebenefits has a mobile site now at http://m.ebenefits.va.gov
> To read the Stars and Stripes on Military News. http://www.stripes.com/
|The Following User Says Thank You to SLME For This Useful Post:||
|03-03-2006, 01:48 PM||#3|
You down with YPG?
Join Date: Aug 26, '05
Location: Outer Space
Phone: M1 for life!
Thanked 285 Times in 253 Posts
Wow, that's awesome!
Be glad I'm not your ex!
|03-11-2006, 10:36 PM||#5|
I'm Kind Of A BIG Deal...
Join Date: Jul 19, '05
Location: Buffalo, NY
Phone: Galaxy Note 3
Thanked 39 Times in 36 Posts
I'm pretty sure there are no FREE sites out there. However, there is a way to do it yourself as well. If you have a seperate built computer lying around, just download and install ASTRIX PBX server. Not sure if that is the correct way to spell it. But you can program your own PBX and then get phone numbers from broadvoice for $5-$6 a month and have phone service that you can customize down to the CallerID to show whatever you want. but it is possible to do yourself.
|03-12-2006, 10:14 AM||#6|
Join Date: Oct 2, '05
Location: New Bedford, MA
Thanked 0 Times in 0 Posts
very interesting... i want to get into the PI feild within the next few years and this would become very handy. Thanx for the info i will have to do some research on this, Thanx
|03-12-2006, 11:39 AM||#7|
Walkie Talkie User
Join Date: Aug 17, '05
Location: Chandler, AZ
Phone: Nexus 4
Thanked 2 Times in 2 Posts
sheesh...some democrats will just go to any extreme in order to cheat their way into an election victory...
|Thread||Thread Starter||Forum||Replies||Last Post|
|Caller Tones are working... sort of||goldberg28115||Sprint Discussion||361||11-05-2009 04:44 PM|
|No caller id in Canada||creationsmiles||Sprint Discussion||1||10-07-2005 06:25 PM|
|PPC6600 Caller ID Program?||bit_bucket||Windows Mobile (6.x and earlier)||15||09-01-2005 04:39 PM|
|Caller ID spoof to gain access to VM||slipnslide||Tips & Tricks - All Carriers||21||04-08-2005 09:58 PM|