dslreports logo
 story category
CallerID Spoofing
Making stalker's lives much easier...
A few months ago, Star38 tried to offer an on-line service that allowed users to spoof Caller-ID information, but was forced to shut down after ample criticism (and some death threats). Shortly afterwards another service opened their doors, dubbed Camophone. Camophone is open to anyone with a PayPal account, at a rate of five cents per minute - and the site claims they keep no logs. The Chicago Tribune (free reg. required or use BugMeNot) has a good overview of the services - and the trouble they may cause.
view:
topics flat nest 
page: 1 · 2 · next

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

1 recommendation

Doctor Olds

Premium Member

Why even have the CID at all if it can be faked?

If they don't see this, the Telco's should be screaming to shut it down as it will make me and others who rely on the accuracy of the incoming CID data, just go back to "all calls go to my answering machine first" and I'll drop the monthly fee on Caller ID altogether.

Do you hear this consumer, Telcos???
kruser
Premium Member
join:2002-06-01
Eastern MO

kruser

Premium Member

Re: Why even have the CID at all if it can be faked?

I agree 100%.

Andrew J
Premium Member
join:2001-11-09
Lancaster, PA

Andrew J to Doctor Olds

Premium Member

to Doctor Olds
Only with landline to landline calls can CID be trusted. All net calls to landline lack CID credibility. With a free program a 10 year old can spoof CID using any internet phone.

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

Doctor Olds

Premium Member

Re: Why even have the CID at all if it can be fake

I did not know that. Well, that really sucks.

I guess it's time to call Bellsouth to have them drop CID on my line and they will lose it's monthly fee from now on since I'm just going back to using my answering machine from now on like I did before CID was introduced. CID has zero value to me now.

Corvus
Flaming Tards Since 2003
Premium Member
join:2003-11-26

Corvus to Andrew J

Premium Member

to Andrew J

Re: Why even have the CID at all if it can be faked?

You can spoof landline calls CID, see one of the 2600 Magazine of 2003.

click_310
Eat my shorts
join:2002-12-06
Savannah, GA

click_310

Member

Re: Why even have the CID at all if it can be fake

said by Corvus:

You can spoof landline calls CID, see one of the 2600 Magazine of 2003.
?

Jigsaw
Stardust We Are
Premium Member
join:2000-10-21
Cleveland, OH

Jigsaw to Corvus

Premium Member

to Corvus
said by Corvus:

You can spoof landline calls CID, see one of the 2600 Magazine of 2003.
Wow that Mags still around.That's more a less a Hacking Mag but has some pretty cool stuff from what i remember.

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

1 recommendation

Doctor Olds

Premium Member

Re: Why even have the CID at all if it can be fake

alt.2600 newsgroups are still up and running last I checked and so is the web site »www.2600.com/

Regards,

Doctor Olds (that's not my blue box.)
drewber
Premium Member
join:2003-06-04
New Bedford, IL

drewber to Corvus

Premium Member

to Corvus
only if the caller has already picks ups. You can fake the call waiting caller id, but thats about it. At least if you use the Software orange box... SOB program.

sweintz
Premium Member
join:2002-03-01
Chester, CT

sweintz

Premium Member

Re: Why even have the CID at all if it can be faked?

said by drewber:

only if the caller has already picks ups. You can fake the call waiting caller id, but thats about it. At least if you use the Software orange box... SOB program.
Oh no. Not true. *I* can make my phone send any caller ID info I want from my ISDN line. I *COULD* prank call people and have the caller ID show the main number for the CIA while the call is ringing in, for instance. Or 000-000-0000, or whatever 10 digit number I want.

With ISDN lines, the customer supplies the CID info to the telco. In fact, unless I specifically tell the phone what to send, *NOTHING* is sent and the call comes up "unavailable" or "out of area" on the persons CID box.

sdgthy
@optonline.net

sdgthy to Andrew J

Anon

to Andrew J

Re: Why even have the CID at all if it can be fake

Not quite, most companies have long been able to send what ever they what, or nothing. Until they were required to send a number, telemarketers nearly always appeared as "out of area".

fifty nine
join:2002-09-25
Sussex, NJ

fifty nine to Doctor Olds

Member

to Doctor Olds
I have vonage. CID is free (included in your monthly package).

sweintz
Premium Member
join:2002-03-01
Chester, CT

sweintz to Doctor Olds

Premium Member

to Doctor Olds
Anyone with an ISDN line has always been able to spoof caller ID.

Nothing new here.

Caller ID has never been spoof proof.

Corvus
Flaming Tards Since 2003
Premium Member
join:2003-11-26

Corvus

Premium Member

Re: Why even have the CID at all if it can be faked?

said by sweintz:

Anyone with an ISDN line has always been able to spoof caller ID.

Nothing new here.

Caller ID has never been spoof proof.
Which means you can spoof someone identity, ask a credit card for him, and authorize it spoofing his phone number...I wonder how long it will take before script kiddies will find it?

sweintz
Premium Member
join:2002-03-01
Chester, CT

sweintz

Premium Member

Re: Why even have the CID at all if it can be faked?

said by Corvus:

Which means you can spoof someone identity, ask a credit card for him, and authorize it spoofing his phone number...I wonder how long it will take before script kiddies will find it?
You can easily spoof *IF* you have an ISDN line and the right hardware (like a PBX system that interfaces to ISDN - usually about 10 grand)

You can also spoof from *SOME* voip providers using THEIR isdn lines from your own voip account. That is a security hole that will likely get corrected in the future. ISDN caller ID spoofing will likely never get fixed beacuse of the way ISDN PRI hunt groups get set up - there is no specific number associated with outgoing calls from the line, and one line could have HUNDREDS of DID numbers. which of those hunfred did numbers should show as the CID number? Often that depends on a number of factors - who is being called, who (which employee, which department) is making the call, where the call is being made to, etc. Many businesses rely heavily on being able to set the caller Id info themselves. I know we do where I work.

FingerGiver5
join:2004-10-10
Tacoma, WA

FingerGiver5 to Doctor Olds

Member

to Doctor Olds
I get suspicious calls to but they are not a spoof of any kind, there law enforcements partaking in propaganda in conjunction with listening devices installed at my residence.
Tinymouse
join:2002-12-04
Grand Prairie, TX

Tinymouse to Doctor Olds

Member

to Doctor Olds
I dumped my Caller ID. This was the last straw (I heard about the spoofing awhile back though). Since I got on the "Do Not Call" list I don't get enough calls to worry about screening anyway.

Kickrox
Premium Member
join:2002-08-18
Brooklyn, NY

Kickrox

Premium Member

Scams scams and more scams

I can see where this going... "can we have your social and address to confirm your..."

Rivalman
Rival
join:2004-01-18

Rivalman

Member

Re: Scams scams and more scams

Totally agree with you dude! If the telco's don't address this then there is no reason to trust or pay for their service. I hope they are listening because this is a bigger deal to them than it is to anyone else. I'm not worried about who's calling but I do pay for that service and I might as well get my money's worth right?

inciter
Noobie
Premium Member
join:2000-08-30
Rohnert Park, CA

inciter

Premium Member

Re: Scams scams and more scams

said by Rivalman:

Totally agree with you dude! If the telco's don't address this then there is no reason to trust or pay for their service. I hope they are listening because this is a bigger deal to them than it is to anyone else. I'm not worried about who's calling but I do pay for that service and I might as well get my money's worth right?
The Telcos will not be hurt that bad. It is the MFG of CID equipment that will be hurt and the folks that make them. That fancy phone you bought has more investments than the phone company.

What I am getting is 000-000-0000 on my land line and to relly piss one off they are tele marketers. The only kid spoofed one I got was from "agent 007".

rodst
Premium Member
join:2002-10-06
Victoria, BC

rodst

Premium Member

Why?

What purpose could this serve other then helping scammers and stalkers hide their identity? I see no legitimate use for this service.

RyanThaDude
Indiana's No. 1 Zero
join:2004-01-24
Walkerton, IN

RyanThaDude

Member

Re: Why?

There isn't any legitamate services that I can think of, again, unless you're a scammer, stalker, or even a telemarketer.

dib22
join:2002-01-27
Kansas City, MO

dib22

Member

Re: Why?

from reading the camophone message boards a lot of people using them are doing it to protect their home numbers on work calls.

for example they will call a client spoofing their main office number... the client sees the work number and answers and their home number is protected.

even the ones who use it for this profess to playin with their friends as well

MorWired
Premium Member
join:2001-03-03

MorWired to rodst

Premium Member

to rodst
said by rodst:
What purpose could this serve other then helping scammers and stalkers hide their identity? I see no legitimate use for this service.
Personally, I don't answer unless I know who it is, so unless someone can input the names and numbers of my friends or my doctor's office, it wouldn't get them anywhere anyway.

Supposedly this (or something like it) is a tool for collection agencies, but if you're dodging bill collectors, aren't you going to be even more vigilant about what you answer?

I agree, except for 7th graders getting back to the glory days of prank calls, I'm not sure I see the point.

inteller
Sociopaths always win.
join:2003-12-08
Tulsa, OK

inteller to rodst

Member

to rodst
I can think of one, a war dialing program that dials your fucking neighbors who played their music too loud at 4:00 am in the morning. Who cares if they fucking pick up, its the ringing I want them to hear, and not have a CID to trace back to.

inciter
Noobie
Premium Member
join:2000-08-30
Rohnert Park, CA

inciter

Premium Member

Re: Why?

Im with you on that!
Pony99CA
join:2004-09-05
Hollister, CA

Pony99CA to inteller

Member

to inteller
said by inteller:

I can think of one, a war dialing program that dials your fucking neighbors who played their music too loud at 4:00 am in the morning. Who cares if they fucking pick up, its the ringing I want them to hear, and not have a CID to trace back to.
I can do this with *67 before any call already. You can waste your time and money with spoofing if you want.

DHRacer
Tech Monkey
join:2000-10-10
Lake Arrowhead, CA

DHRacer

Member

Why pay for it?

I had caller ID for a while, and it was nice.

But then I had to cut down my bills (I got laid off) and I got used to using the answering machine as a call screener like I had always done prior to Caller ID.

Now that I'm back in employment again, I see no reason to pay the ridiculous prices Telcos charge for this service when I have an answering machine that performes the same function, albeit with a couple more rings and a message...

And to hear that there are services out there to spoof it is making it about as reliable as email, for knowing who you are getting messages from. I quit using email as much becasue of all the spam.

It will cause the doubt as to the veracity of the caller and people will start letting it go to the answering machine like they used to.

Spoofing services will kill the usefulnes of that service to people who can't be hassled to filter out the chaff from the wheat, especially when they spend more time filtering and less time being productive.

Toguro
join:2003-10-23
Rockford, IL

Toguro

Member

OT

It is cool they started mentioning BugMeNot

gwion
wild colonial boy

join:2000-12-28
Pittsburgh, PA

1 recommendation

gwion

CID spoofing is to fraud...

... as burglary tools are to burglary.

It needs to set off more bells and whistles than that. It's purely criminal and fraudulant, it has absolutely NO legitimate use worth the risks whatsoever. There's a star code to suppress CID. PIX owners don't have to (and often don't) program their CID string, and it just returns "unavailable." The very few imaginable benign uses are steamrollered by the massive potential for fraud, tele-phishing, harrassment, and framing up third parties for calls they never made, just to start off. This is a precedent that doesn't need testing or study, it just needs swept into the same bin with all wire fraud, and outlawed completely post-haste. This from one of the single least enthusiastic "legislation as a solution" people around. It's a pretty simple equation. Either send accurate data, or send no data at all. And, as far as 9-1-1 and 800 number calls... well... there's NO WAY of suppressing the data, because they don't receive it through the CID method. It's taken directly, using ANI (automatic number identification), not from caller ID. So it's not a viable argument that it might be used for "anonimyzing" whistle-blowing or 800 number service calls, etc.; caller ID blocking is a useful privacy enhancement - unvarnished CID spoofing is just a fraud, waiting to be born somewhere...

ye gads ... sounds like the basis for a new movie series - "Return of the Phreaks" and "Phreaker's Revenge."

Dominokat
"Hi"
Premium Member
join:2002-08-06
Boothbay, ME

2 edits

Dominokat

Premium Member

Feds will get it...

I agree. If the Telcos don't stop this in it's tracks. Caller ID will be worthless and I won't pay for it.
But if the Telcos don't decide to do anything, the Feds might as Camophone said "This method is private and untraceable." In this day of age, the Feds want to know every thing.

insomniac84
join:2002-01-03
Schererville, IN

insomniac84

Member

5 cents a minute, LOL

As long as they are charging per minute when they are only offering to alter the caller id message at the beginning of the call means they will have no business. Since blocking caller id is free, this will never catch on as a service.

richk_1957
If ..Then..Else
Premium Member
join:2001-04-11
Minas Tirith

richk_1957

Premium Member

No reason for this

That is no legal reason.
What's behind the idea of Caller ID, anyway? To be able to tell who an incoming call is from and choose not to answer it.
Of course, we've seen the 'Out Of Area' and 'Blocked' messages on the caller ID, but for the most part, when we see a number we take it for granted that the number on the screen is the number that the call is originating from. If you use this service (or one like it) you are essentially committing fraud. If this continues, then what's the reason for paying for caller ID service, when you can't tell if the displayed number is the actual originating number or just made up?
john262
join:2003-09-26
Elko, NV

john262

Member

Re: No reason for this

It's not fraud unless the perpetrator is going to get financial gain from it. A kid who is just playing around with it for the heck of it may be an irritant, but he's not committing fraud.
SanJoseNerd
Premium Member
join:2002-07-24
San Jose, CA

SanJoseNerd

Premium Member

SBC Do Something!

I pay SBC $12/month for caller ID on two lines. I won't keep paying it if SBC won't do anything to make sure the information is reliable. IMO, all caller ID info coming from unreliable sources should be blocked and replaced with "VOIP Phone" or something like that.

sweintz
Premium Member
join:2002-03-01
Chester, CT

sweintz

Premium Member

Re: SBC Do Something!

Caller ID has NEVER been reliable - why do you think so many telemarkerters calls show up as "out of area" or "000-000-0000"

People have always been able to spoof caller ID from ISDN PRI lines - the ability to do so is critical to the way ISDN PRI's function.

all *38 and camophone are doing is getting PRI lines from their telco and then placing the calls from those lines.

I could set up a similar service with the setup I have here at work very easily (if I want to get fired, that is!) Always could have. What suprises me is the fact no-one has ever thought of setting up a business like this before.

Oxygen
Times Square can't shine as bright
Premium Member
join:2001-12-04
Huntington Station, NY

Oxygen

Premium Member

Stop The Crap

Oh come on, stop the bullshit.

I know that all of your who read that headline are on Camophone right now buying minutes and prank calling all your friends.
raspewtin
join:2002-01-06
Carlsbad, CA

raspewtin

Member

Re: Stop The Crap

said by Oxygen:

Oh come on, stop the bullshit.

I know that all of your who read that headline are on Camophone right now buying minutes and prank calling all your friends.
lol

digiblur
Premium Member
join:2002-06-03
Louisiana

digiblur

Premium Member

Spoofing is cool ;)

People don't realize that businesses with PBX's have been able to spoof for quite some time. Just using a little VOIP technology I can spoof any of my phone calls.

Don't freak out over people....this isn't anything new.

•••••••

TechyDad
Premium Member
join:2001-07-13
USA

TechyDad

Premium Member

Very bad

For the past two days we've been getting harassing phone calls from the Albany County Correctional facility. Apparently, these inmates, bored with nothing better to do, have picked our number and keep making collect calls to our number. Of course, we hang up immediately and don't accept the calls, but still it's annoying (and kind of creepy) to get a collect call at 9:30 at night from some prisoner.

We called the Correctional facility and, after jumping through some automated phone menu hoops, got someone who could help us. Long story short, they'll be able to narrow it down to 10 inmates, punish those inmates, and block all calls from the inmates to our phone number, but we have to wait until Monday for the person who can do this to come in.

The only way we knew where the calls were coming from was Caller ID. If the prisoners were able to spoof that, then they would be able to continuously harass us without us knowing who it was. (The phone company could block all collect calls to our number, but not calls just from the correctional facility.)

•••

Radio Active
My pappy's a pistol
Premium Member
join:2003-01-31
Fullerton, CA

Radio Active

Premium Member

Santa Claus...

Santa Claus, good... Scammers, bad...

But if Santa Claus can call kids during Christmas time, scammers can call ALL the time.

Santa may have to do without, so the scammers can be thwarted, to some small degree. As telecommunications networks and equipment becomes more sophisticated, so do the scammers' and telemarketers' methods. *SIGH*

Kids have to miss out on a wonderful experience because of adults...

••••

xirian
Premium Member
join:2003-01-26
Beacon, NY

xirian

Premium Member

Article image

haha @ the image for this article
Bobcat79
Premium Member
join:2001-02-04

Bobcat79

Premium Member

Yawn

I don't care if the number is spoofed or not. I don't have Caller ID. There's no way I'm going to pay the phone company $7.50 per month for it. Like they expect us to believe it actually costs them $7.50 per month per line to provide caller ID. Can you say "Rip-off"?

inciter
Noobie
Premium Member
join:2000-08-30
Rohnert Park, CA

inciter

Premium Member

Re: Yawn

True it is a ripoff for a home owner. But Biz folks use them and get a write off for it so it's no that bid a deal. But as a Biz Owner I use CID like crazy. If I'm gone and come back to find 10 calls it's nice to see my customers name instead of looking up each number via records.

Caller ID is a must for me. But for a regular home line with DoNOTCALL setup I don't care about picking up the phone.

Corrahn
join:2004-08-09
Maumelle, AR

Corrahn

Member

i see

I guess that explains the 999-999-9999 number I saw on my caller ID a few weeks ago.

NOVA_Guy
ObamaCare Kills Americans
Premium Member
join:2002-03-05

NOVA_Guy

Premium Member

Blowing things out of proportion...

I'll play a little bit of Devil's advocate here...

I don't really see the horrible, horrific harm in spoofing caller IDs. I think that some of those who are predicting gloom and doom as a result of this service are acting like drama queens.

Right now I have caller ID on my phone-- but I only get up to answer the phone if I recognize the calling phone number. Unless some telemarketer can get their hands on incoming call logs for my phone number and spoof a friend's or relative's number, then there's really no harm done to me.

Looking at spoofed caller IDs when I'm being phoned will have the same effect as looking at spoofed email headers when I receive a message. How many spam messages from sender "Your Friend", "Your Neighbor", or "John" do you open and respond to? The same thing will apply to spoofed caller IDs: anybody with half a brain should realize that a spoofed caller ID from "John" at "1-800-555-0123" is something that's not worth your time to answer.

jwalk6
join:2002-11-18
Mesa, AZ

1 edit

jwalk6

Member

Re: Blowing things out of proportion...

The point is, A service you pay for to provide you supposedly useful information is now not only capable of being compromised but able to be used as another promotional avenue. IF some idiot calls me 10 times a day and I am paying for caller ID then I for damn sure want to be sure I can reasonably trust the information on that box.

I can't believe people would put up with this kind of stuff and pay for the privilege to boot! The harm is that you lose the value of the service you are paying for. It's like watching TV. If I stick an antennna on my roof and switch the TV on I expect to see commercials between my shows. If I pay the local cable company (or satellite co.)I will get better programming but on some channels like TNT for example I know I still will get commercials.

However, If I pay for more services like HBO or STARZ then I am paying for the privilege of seeing movies without editing, commercials or anything else. Now if suddenly STARZ decides to start running "Mr Clean auto wash" commercials and HBO starts editing all the nude scenes and bad language out of "the Soprano's" then I might just as well dump the premium service and go stick my antenna back up. That't the rub of it. If I pay for a service I have a reasonable expectation of its performance. If that can't be guaranteed the service is of no value.

As for what constitutes caller ID, it's nothing magical or special anyway. It's just a consumer use for information that is already present in the line. ANI functionality for the home.

Why am I suddenly feeling deja-vu about this. hmm, same exact argument could be made about email. We all see who won that battle.......

toby
Troy Mcclure
join:2001-11-13
Seattle, WA

toby

Member

555

Back when we had the elections, I got calls from 555-555-5555, including recorded messages from Arnie.

pog4
Premium Member
join:2004-06-03
Kihei, HI

pog4

Premium Member

Camophone's forums...

...have some interesting/funny comments, etc
»www.camophone.com/forums/
quote:
PostPosted: Sat Nov 06, 2004 9:40 pm Post subject: Star38 reply to my e-mail Reply with quote
On Oct 31 09:15, itsfrank@*** wrote:
> ------------------------------
> Your fees are much higher than Camophone. It's not ethical to charge these
high fees knowing that it's taxpayer dollars. I sincerely doubt that your fees
would be so high if you offered this unethical service to the citizens of the
U.S.A.
>

Here is Star38's reply :::

People that want to sell this technology to any John Doe for any reason should
hide in the shadows like Camophone does.

We call this "Subway Telecom," as it can ONLY function underground because it
caters to similar clientele and very likely will be employed to further the
agenda of the underbelly of society. By operating in such a frivolous manner
with blatant disregard for personal privacy and safety, this company has the
life expectancy of a housefly.

Jim Reynolds
Chief Analyst
www.star38.com

»www.camophone.com/forums ··· php?t=35

rob_in_chatt
Premium Member
join:2004-09-17
Chattanooga, TN

rob_in_chatt

Premium Member

BS numbers

i get them in Tennessee too but they show to me as 000-000-0000 and yes they goto my voice mail

Anonymous
@washly01.sc.comcast.

Anonymous

Anon

Re: BS numbers

CallerID is worthless at any price.. It is just a novelty that works some of the time and should NEVER EVER be relied on for credit card verification! That's what ANI II is for, and it can also me manipulated in several ways. Spoofing has a legitimate use as far as I am concerned! It is called Privacy! If someone calls you with a spoofed number that looks real, go ahead and call it, but spoof your CID first! Privacy! So if it is a real number then at least they don't get yours. Oh! and CID spoofing IS trackable (By the telco or PBX owner,Network Admin,etc..), if you use a line that can be traced to you then you could still be found, so keep that in mind. With or without callerid there is certainly nothing keeping you from just using a line that doesn't belong to you to make calls? CallerID was a novelty idea used to generate extra cash from idiots! It is working right this second! (Even I have CID, hehe) Oh look, I have a phone call! I think I'll let Asterisk get it, hehe »www.asteriskpbx.org ANI, and Flex ANI is what business need to worry about.. CID can suck it! ...but it's fun to play with..... Oh! You guys forgot to mention backspoofing! hehe
page: 1 · 2 · next