Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Communications Security

Caller ID Spoofing for the Masses 286

lolly72 writes "SecurityFocus has a story on a new U.S. website offering a caller I.D. falsification service. It's called Camophone. It's being advertised in Google ads that appear with search results for Star38.com, which was the the last service to try and make money off caller I.D. hacking. But unlike Star38.com, Camophone isn't limited to collection agencies and private investigators, and it doesn't cost $125 to sign up. Anyone with a PayPal account can use it, and at five cents a minute, probably will. Who do you want to fake out today?"
This discussion has been archived. No new comments can be posted.

Caller ID Spoofing for the Masses

Comments Filter:
  • by erick99 ( 743982 ) <homerun@gmail.com> on Thursday October 28, 2004 @10:41AM (#10654144)
    I am assuming that someone will figure out who the owner(s) of this company is/are. PayPal would have some information but even that could be mostly false accept for an actual checking account number. Would a law enforecement agency be able to track down the owners?

    I am not a proponent of bigger government but I think that this is something that should be made illegal. Communication is too important to our society. It's one thing to block your I.D., it's a whole 'nother thing to falsify it.

    It is most likely a mistake for them to boast of their annonymity. Someone will figure out who they are and I am betting that more than intrepid hacker will take down Camophone's website repeatedly.

    We should keep track of this one for a while, it should get real interesting.

    • by SnowDeath ( 157414 ) <`peteguhl' `at' `gmail.com'> on Thursday October 28, 2004 @10:43AM (#10654179) Homepage
      Ever heard of Call-Back security? Any security that is based on Caller-ID is inherently flawed.
    • We really shouldn't be relying on a service that is so easily spoofable anyways.
      It has always been pretty easy to do this from a PBX, now it's just open to the masses.
      • It has always been pretty easy to do this from a PBX, now it's just open to the masses.

        What amazes, and pleases, me is that so many of the people I don't want to answer the phone for withhold their number. If they gave the real number I might answer, but if they withhold it I don't (at least not outside office hours).

    • Good point. Saying I dont want to be track with caller ID is one thing. But giving a false record is open to a lot more abuse. Call some one up threaton then with someone elses number. So that other person will get in trouble. Telemarketers hiding altering their IDs so the call you and not be tracked via their telephone #. This is not a good thing. Being anonymous is different. The person who sees anonymous can make an informed decision to pick up the phone or not. But if the number is altered say thei
      • by davidwr ( 791652 )
        "Hi, this is the Big Name Legitimate Charity, we're raising money to promote the glorious teachings of Adolf Hitler. Would you care to make a donation [click] hello? hello?"

        Word spreads, and Big Name Legitmate Charity's contributions dry up.
    • by Doc Ruby ( 173196 ) on Thursday October 28, 2004 @10:51AM (#10654317) Homepage Journal
      Why do we need the government, when our address books can authenticate the caller cryptographically? Unfamiliar callers should all be treated as untrustworthy until proven otherwise. That can be established through an automated web of trust, and callback, or shunted to voicemail or /dev/null. Distributed software is much better protection than the FBI, much cheaper, and doesn't come with dirty stormtrooper boots muddying up your foyer.
    • Putting a different From: in your email is the same thing as spoofing caller id. If you've been using it as authoritative then you're wrong. The operators at the phone company are making fun of (l)users like you for not knowing that.
    • PayPal would have some information but even that could be mostly false accept for an actual checking account number. Would a law enforecement agency be able to track down the owners?

      Sure... a bank account number is a grrreat piece of evidence. They have to access the funds somehow, either electronically so it can be transfered or applied as a bill payment to something, or physically get access. Those provide all sorts of great opportunities to track down the bastards ;)

      That evil DMCA thing might be a

  • do this for free (Score:5, Informative)

    by Prophetic_Truth ( 822032 ) on Thursday October 28, 2004 @10:42AM (#10654156)
    you can already do this using an asterisk pbx and a VoIP provider. Although once this starts being abused I doubt it will remain a feature.
    • by exhilaration ( 587191 ) on Thursday October 28, 2004 @10:43AM (#10654193)
      You can do this with just about any PBX. And they'll never remove this feature because call centers make heavy use of it.
      • But, again, your provider has to support this. Some providers allow you to set CID/ANI to anything. Others limit you to certain numbers.
        • Re:do this for free (Score:4, Interesting)

          by jerde ( 23294 ) on Thursday October 28, 2004 @11:47AM (#10655042) Journal
          > Some providers allow you to set CID/ANI to anything

          CID, yes. ANI? Are you sure?

          Since ANI is used for billing purposes, including 900 numbers, I highly doubt any telco allows it to be modified.

          Camophone sets CID, but the ANI is the number of the line that belongs to Camophone. (Or whomever their telco provider is)

          Given that, it really really surprises me that anyone bases security on CallerID. I just successfully broke into my own t-mobile voicemail box using camophone, since I have the feature set so i don't have to dial my password if i'm calling from "my own phone."

          I also have a sprint phone, and I haven't been able to get in there, yet, but I don't know their voicemail system direct number, so I can't be sure. (I had to use the direct access number for tmobile to get the hack to work on them)

          I would HOPE that creditcard activation systems use ANI, not CID.

          How soon before ordinary plebes will be able to get ANI on their incoming calls? Or a new service that lets you forward your calls to an ANI-detection center that then places ANI on CID and sends the call back to you!

          I see some Sneetches whose bellies have stars...
          • by Your_Mom ( 94238 )
            I would HOPE that creditcard activation systems use ANI, not CID.

            No, they usually don't. They usually use the CPN (Calling Party Number), which is not /supposed/ to be able set by the end user, but can be in certain circumstances with certain VoIP providers.

            Like you said, ANI is the Telco's billing number, it is just usually the same number at yours.
          • Re:do this for free (Score:3, Informative)

            by kgasso ( 60204 )

            > CID, yes. ANI? Are you sure?
            >
            > Since ANI is used for billing purposes, including 900 numbers, I highly doubt any telco allows it to be modified.


            I have a 23-channel PRI here from a local CLEC (utilizing it for inbound local DID numbers and toll-free DNIS numbers as well as outbound calls) who lets us not only stuff our own CID, but sends that as the ANI as well. Not sure if they even know they're doing this, although we have a pretty good standing business relationship with them, and we have
          • >> Some providers allow you to set CID/ANI to anything > >CID, yes. ANI? Are you sure? > >Since ANI is used for billing purposes, including 900 numbers, I highly doubt any telco allows it to be modified. Yup. I have access to a DS3 worth of PRIs from Radiant and Global Crossing. I can set ANI on them to anything I want to all day long. I've also got direct access to CLEC's switch with an SS7 interconnect. I can do pretty much anything I want to. It could, eventually, be traced back
      • by Lumpy ( 12016 ) on Thursday October 28, 2004 @11:15AM (#10654675) Homepage
        for about 3 weeks back in 1999 I had the new PBX here reporting our outgoing caller ID information as "Touch my Monkey"

        we were setting it up, messing around and forgot to set it to the company information after we put it online.

        The Director of sales was, for some strange reason, not amused.
        • "for about 3 weeks back in 1999 I had the new PBX here reporting our outgoing caller ID information as "Touch my Monkey"

          we were setting it up, messing around and forgot to set it to the company information after we put it online.

          The Director of sales was, for some strange reason, not amused. "


          That explains why the salesman refused to talk dirty to me. I thought it was just an agressive 976 campaign.
        • by RichDice ( 7079 ) on Thursday October 28, 2004 @11:42AM (#10654993)
          I've got a story like that, though perhaps a bit more grim than funny. (Though maybe funny too.)

          The hackers in my company were not given any test data to work with (of course) in a particular web app we were building, which had (among other features) an online events calendar.

          So, the hackers would make up data themselves. Which led to some fairly off-colour events being entered into the events calendar database.

          At a client acceptance meeting, the project manager demonstrated a "show all events through the web" feature and was presented with (among other things) a "baby raping festival".

          We were given a policy on test data creation after that.

          Cheers,
          Richard

        • by gstoddart ( 321705 ) on Thursday October 28, 2004 @11:58AM (#10655159) Homepage
          for about 3 weeks back in 1999 I had the new PBX here reporting our outgoing caller ID information as "Touch my Monkey"


          we were setting it up, messing around and forgot to set it to the company information after we put it online.


          That's because all Monkey Touching at the corporate level is strictly reserved for sales people and other wankers. ;-)

          But, if *I* had call display, I'd certainly be intrigued by such an item displayed on an incoming call.

    • Re:do this for free (Score:5, Informative)

      by DarthBart ( 640519 ) on Thursday October 28, 2004 @10:46AM (#10654221)
      Assuming your VoIP provider lets you set caller id. We've started implementing filtering that only allows you to set your CID to one of the DIDs that are assigned to you.
  • Doesn't Work (Score:5, Informative)

    by The_Rippa ( 181699 ) * on Thursday October 28, 2004 @10:42AM (#10654160)
    I signed up for the service while this article was still in the mysterious future. Tried it out, didn't work.

    I got to file my first Paypal dispute claim!

    Seriously though, the website is just text and there's no contact info for anything.

    Scam.
  • Oh no! (Score:5, Insightful)

    by mconeone ( 765767 ) on Thursday October 28, 2004 @10:42AM (#10654163)
    Now we will have scammers blackmailing businesses with the threat of sending falsified phone calls to the general public.
  • by Nom du Keyboard ( 633989 ) on Thursday October 28, 2004 @10:43AM (#10654177)
    It's all run off a web-site. Just DDoS it.

    Or /. it!

    • Running an outdated version of Apache 2.0, too:
      [tom@hal tom]$ curl -sI http://www.camophone.com/ | grep Serv
      Server: Apache/2.0.48 (Fedora)
      [tom@hal tom]$
  • by YetAnotherName ( 168064 ) on Thursday October 28, 2004 @10:43AM (#10654190) Homepage
    Of the /. story, that is? Their website is currently up (this posting will probably be the 10th or so), but is surprisingly minimal. No images at all. Plain, unadorned HTML. Not even a CSS file.

    I have a feeling they'll withstand the slashdotting.
  • Telemarketing (Score:5, Interesting)

    by Ambient_Developer ( 825456 ) on Thursday October 28, 2004 @10:44AM (#10654198) Journal
    This could make telemarketing nearly untraceable, a company just uses a call center that utilizes this technology, and people will never know where the phone call is coming from. Imagine getting a phone call from a telemarketer, and it says 911 on the caller ID.
    • by radish ( 98371 ) on Thursday October 28, 2004 @10:47AM (#10654256) Homepage
      ...911 calls you!
    • It already does make telemarketing diffcult to trace. Those telemarketers who call you do not, I repeat, do not work for AT&T or whoever else they are selling products for. They work for a telemarketing firm (which, by the way, are dying out. They're being purchased by legit incoming call callcenters). If you get a call and it says that it is from BellSouth, and you get a telemarkter (for example, BLS has a strict no telemarketing policy), then you are seeing a falsified id.
      • We get several calls a day here from telemarketers and it seems most of them send the Bellsouth phone number. I called Bellsouth about it, the operator didn't even seem to realize it was possible to spoof your callerID signal. I never answer the damn thing anyway. -Tyler D.
    • I only pick up calls from people I recognize, sort of a mental "whitelist". The fakers would have to get the names and phone numbers of people I know, otherwise they get my answering machine.

      Let 'em try faking Caller ID -- it just raises the bar a little. The appropriate countermeasure is a challenge/response scenario where authorized callers have a PIN number and the rest go to voice mail. I can't wait to see how much the telcos enjoy losing their Caller ID revenue stream when people get annoyed wit
      • I can't wait to see how much the telcos enjoy losing their Caller ID revenue stream when people get annoyed with faked calls.

        I'm sure they won't mind too much as long as they can sell you, in its place, the PIN-authentication scheme you propose. You don't think they'll offer such a service for free, do you? ;)

        • IIRC, some years ago, Compaq machines came with a "voicemail center" package. The modem answered, and the SW handled calls appropriately, including mailbox selection and passwording.

          How long until someone puts all that in a cheap appliance (say a cordless phone base) so that the base screens calls and only rings the handsets if the caller is authorized? Or do they have that now?

          GTRacer
          - First patent!

        • Nobody needs telco services to implement PIN authentication; you can do it yourself. Some of the high-end answering machines are like a miniature PBX; it won't take long before they screen all incoming calls for you. I believe there are some that already do.

          The ultimate telco nightmare is when commodity hardware replaces network-based services. If the telcos don't defend the integrity of Caller ID, the problem will be solved without their participation.
    • Do we know where it's coming from now? Most of the telemarketing calls I get are either "blocked", "personal", "California Call", etc.

      Hell, even my local state senator came up as "Unknown" on the five, yes five, times I've been called in the last eight days by her campaign.

      Telemarketers I can see hiding their identity because they are the scum of the Earth but isn't the purpose of campaigning to get your name before the masses?

      Hell, I'm voting for her apponent anyway. Of course as a political campaign
      • As long as you're registered with the other party, or not registered at all, they will keep calling you til election day. They don't care as much about the die-hard supporters as they do about converting the other people. Plus, the fact that you said no makes them call back more, just like a child who won't stop saying "please mommy" in that annoying ass voice when they want candy and you don't want to give it to them.
  • Glad (Score:5, Insightful)

    by alatesystems ( 51331 ) <chris&chrisbenard,net> on Thursday October 28, 2004 @10:44AM (#10654202) Homepage Journal
    I'm glad this happened. I am so sick of people using Caller ID as an authentication mechanism. It has been so easy to spoof if you had connections before and is even moreso now.

    My cell phone doesn't even require a password to get to my voicemail because it uses caller id. Every credit card I've activated required me to call from my home number, verifying it with caller id. When I order pizzas, they verify I am who I say I am with caller id.

    It is ridiculous and is worthless as an authentication mechanism. Its only use is a convienience, to decide if you want to answer the phone. Lesson: don't rack up bills you can't pay :)

    Anyway, it's always nice to have another way to screw with your friends' minds.
    • Re:Glad (Score:5, Informative)

      by JUSTONEMORELATTE ( 584508 ) on Thursday October 28, 2004 @10:53AM (#10654347) Homepage
      You're mixing callerID (in the case of "voice mail access without password") with ANI (in the case of credit card activation)
      CallerID is spoofable, but ANI info is not. Any time you call an 800 number (or 888, or 877, or any of the other variants that are out now) your info is sent prior to the first ring. This is ANI (Automatic Number Identification? It's been a while. I'm sure someone will correct me if I've got it wrong :) You can't disable this with star codes, or with the "Private Name" feature of callerID blocking.
      CallerID, on the other hand, can be enabled or disabled, and can be spoofed.

      Easy way to remember -- who's paying for the call? If it's you, then it's callerID. If it's the other guy, then it's ANI.
      --
      • CallerID is spoofable, but ANI info is not.

        So I want the ANI info in my CallerID line. Why is this hard, or why are the Baby Bells unwilling to do it? They could sell "CallerID+" for an extra $2 per month.

        Interestingly enough, VOIP may be the only way to authenticate callers reliably (in some future iteration with something like Domain Keys in SIP, perhaps). I bet a VOIP provider would be more willing to provide ANI information. Heck, maybe it'll spur adoption.
        • by rcw-home ( 122017 )
          So I want the ANI info in my CallerID line. Why is this hard, or why are the Baby Bells unwilling to do it?

          Because they didn't create a way to do it that was backwards-compatible.

          CallerID is sent as 1200baud FSK between the first and second rings. ANI is, for E&M trunk lines, sent as DTMF codes by the phone switch, or for BRI/PRI trunks, sent digitally with the other call connection information. DTMF incurs a significant connection delay - sending ANI plus DNIS (dialed number identification service,

    • The whole cell phone thing can be done because they also check to see if the call is coming from their own network. If you tried calling from your home phone with some sort of Caller ID spoofing, it would still reject the call since it can tell that you are not calling from a wireless phone.
  • by jtmas83 ( 794264 ) on Thursday October 28, 2004 @10:44AM (#10654207)
    With such a professional-looking website [camophone.com] I can't see how this can possibly go wrong.
  • Hey the caller ID says Oliver Klozoff...

    • You can't spoof CID Name. Your local phone company dips into a database when it gets the ANI/CID from the incoming SS7 signalling. Actual CID name isn't transmitted in the SS7 setup.
  • Creepy! (Score:4, Funny)

    by JUSTONEMORELATTE ( 584508 ) on Thursday October 28, 2004 @10:47AM (#10654247) Homepage
    As I was reading this, my phone rang and callerID read:
    Out Of Area
    1-000-000-0000

    So which one of you smartasses is messing with me?
  • The call shows up to be from 425-789-4268 - it doesn't show the Caller ID info that I put in. I guess I'll have to file a Paypal claim too.
  • OpenVoIP (Score:3, Insightful)

    by Doc Ruby ( 173196 ) on Thursday October 28, 2004 @10:48AM (#10654265) Homepage Journal
    These services are the harbinger of a dazzling array of VoIP services just over the horizon. Today's telcos need millions of customers to want any given feature before it's worth their while to roll it out, because of their monolithic architecture. While a VoIP service can be plugged into the VoIP pipeline by a startup, putting their feature server on the Neb, and accepting connections through open, standard protocols. Anonymizing or spoofing are just the kind of TCP/IP services we'll see. And since the infrastructure is much cheaper, and more competition can get started globally, the prices for niche features will be much lower than the rates for voice provisioning itself.
  • by HanShootsFirst ( 825810 ) on Thursday October 28, 2004 @10:48AM (#10654269)
    to get a call from Jack Mehoff.
    • Re:Can't wait.. (Score:2, Interesting)

      by Red Weasel ( 166333 )
      That is the actual name of a DJ here in Colorado Springs. His parents were from Europe( Hungary I think) and his name is really pronounced like "jock".

      Needless to say the radio contests like "Beat Mehoff!" and "Can you jack Mehoff?" where widely considered rude until they found out that that was his real name and to get a life.

      It was still nice to see "Mehoff the intern" become Jack Mehoff the DJ.
  • by cuban321 ( 644777 ) on Thursday October 28, 2004 @10:49AM (#10654280) Homepage
    This company is probably nothing more than someone running Asterisk [asterisk.org], using Nufone [nufone.net] for the PSTN service.

    A simple php script will dump a callfile [voip-info.org] into /var/spool/asterisk/outgoing and bridge the two calls together.

    Then all you need to do is write something to manage user accounts, and accept paypal payments and bam. You've got camophone.com.

    This whole configuration could probably be whipped up in a day.
  • I also signed up... (Score:5, Informative)

    by daveschroeder ( 516195 ) * on Thursday October 28, 2004 @10:49AM (#10654281)
    Figured $5 through PayPal (and yes, it really was PayPal, not some spoofed tab or scam site) was worthwhile.

    However, even though their FAQ said it would be ready in 30 seconds, my account still shows zero minutes. Don't know if that's because PayPal takes a while to do the transfer, but I wasn't about to use a credit card with them.

    For what it's worth, their "Privacy Guard" service page looks like this:

    Camophone.com Home | Login to Privacy Guard | Frequently Asked Questions | Signup for Service

    Logged in: das
    Time Remaining in Seconds: 0
    Time Remaining in Minutes: 0
    Recharge Account

    Enter all phone numbers without a leading "1" and with no dashes or spaces. Example: 9095551212
    Caller ID must be ten digits to be passed properly through the telephone network. When the system calls you, the caller ID you set will be sent to you as well.
    number to call [recipient]: (format: NPANXXXXXX)
    your number [caller]: (format: NPANXXXXXX)
    caller ID to send:
    • So, I decided to see if a credit card paypal transaction would be any "faster".

      It did indeed show my account credited with 100 minutes.

      But the service did not work.

      I *really* *don't care* about the $10 I've now wasted; just wanted to see if it worked or not. :-)

      Anyway, there ya go.
    • If you paid using a bank account, you sent what PayPal call an eChe{que,ck} which will take a few days to clear. If you didn't use a CC, and didn't have a balance with PayPal, that'll be why.

      That PayPal don't make this clear to you is a small demonstration of how much they suck.
  • Then again GnomeMetting [gnomemeeting.org] and calling cards from Linuxjack.com [linuxjack.com] pretty much gives us spoofing anyway. Not that the phone number is spoofed in any way, it's just that it changes once you've used up your calling card and buy another one.. Personally I've assumed this to be a bad thing, but I do see the value with all this talk about caller id spoofing....
  • by xmda ( 43558 )
    ...in Sweden you only have to enter a certain prefix before you make your call to make it anonymous. This is the way to do it IMHO. Or you can, if you want, tell your phone provider to list your number as secret.
  • by diagnosis ( 38691 ) on Thursday October 28, 2004 @10:56AM (#10654390) Homepage
    I know for a while there has been a phreaking tool called Orange Box, which supposedly lets you spoof caller ID. But my understanding is it only works *after* the other person has picked up the phone, so it's not really good for much, or at least it's a lot trickier to take advantage of.

    Of course, there is a very cool software version of this tool: Software Orange Box, here [artofhacking.com]. You enter in the caller ID details you want to spoof, and it generates the phone tones that transmit that data, which you can then play thru your speakers and to the phone, or connect directly to the phone for better results.

    Again, it's not a great spoofer, but it is pretty cool to mess around with.

    this is *the* faq on orange boxing [artofhacking.com].

    -------------
    Rate free iPod offers: RateTheOffers.com [ratetheoffers.com]
    (Flat screens and Desktop PCs too)
  • by davidwr ( 791652 ) on Thursday October 28, 2004 @10:57AM (#10654402) Homepage Journal
    When someone offers a reliable, professional version of this service that's affordable to everyone, people will stop trusting Caller-ID and stop paying for it.

    You'll also see political pressure to regulate such services, mostly from the telcos who see revenue from CID drying up. Eventually, I think a compromise will be reached:
    You'll be allowed to spoof your ID, provided it's from a non-existant # or a # you have permission to use. There will also be a legal requirement to keep logs so the police or civil courts can issue subpeonas.

    Under such rules, people who want true anonymity will be forced to use international versions of this service which will show up as "out of area" or as an international #, or break the law.
  • by gtrubetskoy ( 734033 ) * on Thursday October 28, 2004 @11:00AM (#10654443)

    The ISP community has long had Acceptable Use Policies which forbid certain things (such as sending out spam). This is because when I get spam, I can fairly easily identify where it came from with the help of traceroute and whois, and its in the interest of the ISP not to have problem customers.

    Unfortunately there is no way for me to trace the provider behind that sales call with the caller-id of my mother's phone, short of obtaining a court order. Thus, there is no incentive whatsoever for the phone companies to enforce caller-id. If phone providers provided the ability to trace the call (hopefully voluntarily, or even by law), this would not be an issue.

    Traceability is what we need, that's all. Caller-id faking should be legal. But more likely what will happen is the lawmakers will make caller-id spoofing punishable by death and declare this a non-issue.

  • by jspectre ( 102549 ) on Thursday October 28, 2004 @11:02AM (#10654487) Journal
    guess what. the old fashioned method still works. just hang up on them. regardless of what CID says. duh.

    or. ever try screening with an answering machine..? that works well too!
  • by bluesangria ( 140909 ) on Thursday October 28, 2004 @11:04AM (#10654512)
    Sheesh, despite the fact that I work in the IT industry I have only the most minimal service for telephone. We have a crappy 6 years old answering machine which we leave on all the time. The important people in my life know to leave a message and if we want to talk to them we will actually pick up the phone. You can *69 your call (or whatever key combo it is) until you are blue in the face. It won't make a damn bit of difference to me until I hear your voice and decide if I want to speak to you or not.

    Honestly, it's much simpler and cheaper than constantly trying to "one up" the next technological doohickey.

    Just my Luddite $.02

    blue

  • by bstarrfield ( 761726 ) on Thursday October 28, 2004 @11:05AM (#10654518)

    Folks, I'm all for cool technology, and I realize one can spoof caller id information. But caller ID can be a very good thing. I know...

    Three years ago I had the very unpleasant surprise of finding out my (ex) wife was having an affair. Unfortunately, she had also decided on using tactics designed to ensure her utter victory in the divorce. She'd actually purchased books (I saw them), giving her advice on dirty divorce tactics - "Divorce War! 50 Strategies Every Woman Needs to Know to Win." Apparently, one of the recommended strategies was to call your ex and try to drive him nuts - hopefully he'll say something nasty and you'll be able to bring it up in court, etc.

    Well, I realized what she was doing once I started getting anonymous calls at 2:00 - 3:00 AM. Strange, nasty stuff, weird messages. Technology was actually useful - the caller ID information allowed me to get a pretty damn good idea of who was calling. (Hint would-be-nasty-callers: remember to hit *69 before you call!). The police thought it was fun, too. Caller ID and outright stupidity saved the day.

    Look, in my case I wasn't directly threatened. it was cruel, it was viscous, it was nasty. But I was never in any danger. However, what if it had been something dangerous? When one's depressed, your willing to listen to anything - and when you see the ID comes out as "Police" or "Crisis Center" - you could be lured into a bad situation. This is real folks - stalkers are out there, I've seen and heard it.

    All technology can be abused, I know that. But in this case, let's try to prevent a service which provides fundamental identification information from being turned into something potentially dangerous.

    Incidentally, she pretty much wiped me out. Bummer. But all in all, it was for the best...

    • by Lumpy ( 12016 ) on Thursday October 28, 2004 @11:40AM (#10654972) Homepage
      I'll add some tips for guys looking down the double barrel gun of divorce.

      #1 - never EVER meet her without a witness. period. No excuses, nada...

      #2 - get a telephone recording device and install it. RECORD EVERY phone call. get in the habit of saying first thing. I am recording this.... if your state requires it, in michigan only one person in the conversation has to know it... you.

      #3 - at the first sign of things going wrong, get a GOOD lawyer, one that is specific to helping men in divorce, or the best lawyer in town. This is the best thing to do. Do not give her any money, have it go through the lawyers only and only if ordered to by a judge or advise to by the lawyers.. why do you want to finance her fight against you? you need an audit trail. I went the expensive route hiring the best lawyer in town... I ran and controlled the divorce. Secondly, if you file for it first, you are in the drivers seat.... beat her to the punch.

      #4 - document everything... absolutely everything. keep a logbook and write down everything that happen's and everything you notice.

      Finally, if you are going to hide assets, dont. if you did not liquidate things the second you thought things were getting a little wierd and before she/you left then you are breaking the law... The judge will fry your ass hard if you try to hide assets.

      Lastly you need to keep your nose clean. be perfect for the next year as things progress. act like you are being watched, (you might be) followed, (you might be) or recorded (you probably are). DO NOT be vengeful. this is the time to be the mature adult... if friends offer to do things tell them loudly "NO! are you crazy!" having them replace her taillights with burned out bulbs when she goes to the bar, let's air out of tires, puts a I hate F**king cops bumpersticker on her car and other things is a very bad idea. do not be a part of it and do NOT be connected to it.

      Finally prank calls using this spoofing service is also stupid. it is not worth it to lose over something stupid.

      I'll probably get modded offtopic, but if I can help a fellow guy from getting screwed hard by his soon-to-be ex.... then the points are certianly worth it.
      • Got no mod points - you would get them all though. Am in that situation right now. Thanks for the tips and feel free to send anymore.
      • Install a recording device in your car and/or on your person. Someone I know was able to keep most of his stuff because he recorded the crazy stuff his ex-wife said.

        And if she's really crazy, have your friend bring a video camera to any meetings. You never know...

      • I also was in danger of getting screwed bad by a vindictive STBX. Excellent tips given here, to which I'll add my own:

        #5 - Know your enemy.

        Pay attention to your ex behavior towards you, towards friends, towards business entities. This goes a long way to predicting her tactics. While we were married my ex used to brag of manipulating public welfare - it was a foreshadowing to her manipulating the divorce system. She used to take joy in "getting even" with friends who stiffed her, then she predictably

  • It's Too Easy... (Score:5, Informative)

    by xanadu-xtroot.com ( 450073 ) <(moc.tibroni) (ta) (udanax)> on Thursday October 28, 2004 @11:12AM (#10654630) Homepage Journal
    Just use a calling card...

    I have a calling card that I got through WalMart. The caller ID comes up as Denver, CO. I live in PA. This is via my cell or my land-line...
  • Can't you already dial *69 or something to turn off caller ID?

    Man, I gotta get cracking on a way to soak some cash out of you paranoia wonks.

    NOW FOR SALE! High tech voice masking system. Scrambles the tone of your voice so not even your own grandmother will know it's you! And you can't trust her! Oh, no! You know she's watching you with nanocameras in your colon and reporting your every move to the Library Of Congress!

    The Voice Scrambler 7000 is constructed of genuine Corintian leather. Just wrap arou

    • Well, *69 is typically call-back the previous caller.
      *67 is usually block the next caller -- though I'm seeing VoIP providers, for whatever reason, use *67 to block ALL calls, but I digress. :)

      You may block caller-id, but there's a few problems. If you call my 800# I get your ANI information which is completely different. If you call my regular [VoIP] number and block caller-id your phone number [at a minimum] is still transmitted, but simply flagged as "P"rivate (which I have my equipment set to ignore).
  • I only need it for a few seconds at a time!
  • by AGTiny ( 104967 ) on Thursday October 28, 2004 @11:25AM (#10654784)
    If you just want to hide your number, not necessarily spoof your enemies, any calling card will do, like another posted mentioned.

    I use OneSuite [onesuite.com] as my long distance service because their rates are excellent. Caller ID from OneSuite shows up as either Unknown or some random out of state number.
  • Login (Score:2, Interesting)

    by Anonymous Coward
    You can login to check out the interface with their unguarded testing account:

    user: test
    pass: test

    No cash on the account, but fyi.
  • SS7 - ANI (Score:5, Informative)

    by Qbans ( 470478 ) <jnavitsky AT gmail DOT com> on Thursday October 28, 2004 @11:32AM (#10654875) Homepage
    No one's mentioned that Caller ID isn't really used for that much authentication. Let me give you a little bit of background on caller ID.

    There is actually two types of calling number identification one being the popular Caller ID which as we know can be manipulated and blocked and the other being ANI or Automatic Number Identification which the user has no (or minimal) control over. Caller ID is used for the little displays on your phone and can have a flag set to block it, as well as define what number displays usually on outbound or two way trunks for use with DID (Direct Inward Dialing).

    The reason the phone companies allow you to set your outbound caller ID is so when you are using DID, you can have people reach you back directly instead of thru the companies generic number. Now a little bit of background on DID: Mid and large sized companies use DID for everything, it's how everyone has a seperate phone number or fax number on their desk. It would be uneconomical for the businesses to bring in a seperate phone line for everone in the office, so they share them. So say for example a company with 100 employees would have a block of 100 phone numbers, but only 23 incoming phone lines, any number can come in on any one of those phone lines and the company's PBX determines which desk to route the call to. Pretty simple. So when an employee wants to make a call, again he can use any phone line, and the PBX sets the outbound caller ID to his real number so it's easy for people to call him back. Some phone companies limit you to what Caller ID data you can send them, (which makes sense that you can only have outbound Caller ID on numbers that are in your block.)

    ANI always knows the calling trunk, and location. It's what's used for credit card verification, 911, etc. You can't block it and usually can't set it. ANI is transmitted (amongst other things) over SS7, which is basically an out of band protcol (which actually does carry caller ID too) that is used between switches. Few companies have phone systems that speak SS7, or a link into the SS7 network for that matter, it's just not useful. Phone companies would crack down pretty hard on fake SS7 info, because they could loose money on billing.

    So in summary, Caller ID - not secure, ANI - A little more secure.

  • by yetanothermike ( 824215 ) on Thursday October 28, 2004 @11:46AM (#10655039)
    Call the local operator and ask them to place your call to the toll-free number. Obviously this doesn't work with toll calls, but they'll do it for you on toll free calls. It's been a while since I tried it, since I have little reason to hide when placing calls, but it's surprising how often they have no trouble doing it for you. I was never even asked why I wanted them to place the call.
  • by ctime ( 755868 ) on Thursday October 28, 2004 @12:08PM (#10655282)
    Maybe I'm just getting old, but doesn't this seem lame as hell? Sure it's fun calling up your buddies T-Mobile cell phone # and getting into his VM, changing his greeting to something ubscene..but..

    Doesn't this just seem rather weak? It's only fun for about 5 minutes and has been around forever. For me, it's like the equivilent of spoofing smtp headers. MAN, THAT WAS FUN IN 1994...

    I guess I'm just getting old and bitter.
  • by KnightMB ( 823876 ) on Thursday October 28, 2004 @02:56PM (#10656928)
    Ok, I tried the service, basically cost $5.00 Results:

    1) Payment by paypal only (no problem for me)

    2) Service then lets you log in, but it's not secure (no encryption, wth!) so choose a temp password that you wouldn't mind someone stealing

    3) You enter the "target" number, your number then 10 digit caller ID string

    4) As soon as you hit submit, it does call you, calls the other number and bridge them together.

    5) But!! The caller ID string does not work. I've tested this with several land line phones, cell phones, etc. I always show up as "unknown".

    Conclusion:

    Allows bridge calls but does not produce the caller ID string you put in. So this service is a bust in my opinion.

    Case closed

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...