Spoofing phone numbers - fraud or legit business practice?

trevellian

The news broke today (or at least, *I* noticed the story today) that a firm who's business revolves around allowing it's customers to spoof their caller ID to make them appear to be calling from any number they wish will be selling their services to the UK.

For me, it's the first time I have heard of such a service and from what I can see it has started of a bit of a flap amongst UK politicians (all of whom want to be the first to get their knee-jerk reactions aired on the local news). Even the official comms watchdog, OfCom, has been forced to write a letter to the company...

The companies website can be found here:

http://www.spookcall.com/

I have to say I am haveing a hard time thinking up a justifiable reason for allowing people to do this kind of thing. Is there anyone here that knows a bit more about this that could give an argument *for* such a service?

I'd kinda like to know how the whole caller ID thing works as well, anecdotal evidence points to the whole thing never really working properly from day 1, but I would like some more technical detail.

Some links: (can only find them on the register at the moment)

http://www.theregister.co.uk/2008/06/10/spookcall_launches_uk_caller_id_fake/

http://www.theregister.co.uk/2008/06/11/ofcom_spookcall_genius/

bowen

I can see it now:

"REAL CALLER ID" for only $20/month more than normal caller id!

To me, complete fraud and it seems like a sleazy business practice. I don't think there should be any "Blocking" of caller id, either, though.

Show me who the fuck you are. Chances are, if you're unavailable I'm not going to answer it either way you stupid telemarketer.

kildy

I can't see anything good coming from this that simply having an unlisted private number wouldn't solve.

That said, I don't know about UK law, but I'm pretty sure this would be mauled in the US simply on the same grounds as phreaking was. No matter how horribly the phone system is built/designed, exploiting weaknesses in it is considered Bad.

edit: Wha? "Caller ID-spoofing systems have been publicly available in the US since 2004, and legislation is currently under consideration in Congress to outlaw their abuse." This is news to me, that seems blatantly illegal under existing laws.

trevellian

kildy wrote: »

I can't see anything good coming from this that simply having an unlisted private number wouldn't solve.

That said, I don't know about UK law, but I'm pretty sure this would be mauled in the US simply on the same grounds as phreaking was. No matter how horribly the phone system is built/designed, exploiting weaknesses in it is considered Bad.

I'll have a look round for some more links when I get home but I am 99% sure this service has been in use in the States for a while now.

In the meantime, there will be a break in my posts as I have to go to a tenants meeting to discuss the plans and budgets for the coming year......so I get to spend 6 hours arguing about plumbing refurbishments and new garbage practices with middle-aged Germans. In German.

Crap.

kildy

Ah, I see. Some companies in the US can do this and have deals setup for it. But say, I can't call them and ask for an account as Joe Sixpack(apparently it's a service for law enforcement and such). You can also do it with a VOIP system and totally fuck with the system, but that's illegal in the US.

nexuscrawler

Isn't misrepresenting yourself in order to get money pretty much the definition of fraud?

chamberlain

I have had the phone company itself set up something of the sort for the company I work for. I work for a title company and the bank we were doing a phone campaign for did not want our name showing up customers caller ID. The phone company worked their magic and the caller ID would display our 800 number, but the name of the bank.

This seems likes a mostly legitimate use.

Fellhand

nexuscrawler wrote: »

Isn't misrepresenting yourself in order to get money pretty much the definition of fraud?

This.

Yar

Well, in one sense this isn't any worse than editing the "from" address in an email. Some people have call locator services, where you call one number and it automagically finds them at a list of office, home, cell numbers, and connects you to them. I can see such a person wanting all of their different numbers to show up as the call locator number, so when people save the number they are saving the one most likely to find them.

Or if a business has a central call center to route incoming calls, but various offices that make outgoing calls. I can see how they might want all outgoing calls to display the main number.

The only time I've seen this used, though, was to harass a business by setting one's self up as that business on caller ID and then calling people and being a jerk or asking for private information.

nexuscrawler

It's the intent that matters. Sppofing an email and stealing private info is also fraud.

Both can have uses that are legit or annoying but not illegal too.

Septus

Caller ID Buster Buster

Drez

bowen wrote: »

I can see it now:

"REAL CALLER ID" for only $20/month more than normal caller id!

To me, complete fraud and it seems like a sleazy business practice. I don't think there should be any "Blocking" of caller id, either, though.

Show me who the fuck you are. Chances are, if you're unavailable I'm not going to answer it either way you stupid telemarketer.

"Yo yo yo, check it: This is a Trace Buster Buster Buster BUSTER."

Medopine

This is happening in the US. I get random calls from numbers I don't know so I don't pick them up (and they don't leave messages, so I assume they are telemarketers). When I reverse phone number look them up, they usually are some random number from the midwest. The other day my reverse phone number site informed me that the number I put in was a spoof number someone had used to mask their real location.

Feral

I personally believe that phone companies should make ANI available to all subscribers.

Fuck this caller ID bullshit. They sell you caller ID. Then they sell somebody else caller ID blocking. Then they sell you blocked number rejection. All for a service that's stupidly easily spoofed. It's a privacy arms race and the phone companies profit off of it.

Just let everybody have ANI. We can all see each other's numbers. All the time.

Unknown

This content has been removed.

redx

Feral wrote: »

I personally believe that phone companies should make ANI available to all subscribers.

Fuck this caller ID bullshit. They sell you caller ID. Then they sell somebody else caller ID blocking. Then they sell you blocked number rejection. All for a service that's stupidly easily spoofed. It's a privacy arms race and the phone companies profit off of it.

Just let everybody have ANI. We can all see each other's numbers. All the time.

this.

Caller ID is bullshit. It's almost as bad as the sending number information in a fax.

not that you can't get around ani, it's just not worth it unless you are going to have a swat team show up at someone's house.

There are quite a few caller ID spoofing services in the states. They are pretty useful for social engineering(fraud), and for small call centers who want customers to think they are the business they are calling(not necessarily malicious).

Feral

electricitylikesme wrote: »

Get rid of analog lines, move the entire system over to QoS guaranteed VoIP and let the internet sort it out.

That would be good for completely different reasons, but doesn't really have anything to do with caller ID, since most VOIP systems have user/admin-configurable caller ID anyway.

Unknown

This content has been removed.

Feral

electricitylikesme wrote: »

Feral wrote: »

electricitylikesme wrote: »

Get rid of analog lines, move the entire system over to QoS guaranteed VoIP and let the internet sort it out.

That would be good for completely different reasons, but doesn't really have anything to do with caller ID, since most VOIP systems have user/admin-configurable caller ID anyway.

True, but it's more or less impossible to mask the true origin of IP packets unless someone is deliberately deleting server logs.

As far as the end user (somebody receiving annoying phone calls) is concerned, it's actually really easy to mask/block/spoof origin IPs, but that's a conversation I've been specifically asked by the mods not to have here.

Apothe0sis

Feral wrote: »

electricitylikesme wrote: »

Feral wrote: »

electricitylikesme wrote: »

Get rid of analog lines, move the entire system over to QoS guaranteed VoIP and let the internet sort it out.

That would be good for completely different reasons, but doesn't really have anything to do with caller ID, since most VOIP systems have user/admin-configurable caller ID anyway.

True, but it's more or less impossible to mask the true origin of IP packets unless someone is deliberately deleting server logs.

As far as the end user (somebody receiving annoying phone calls) is concerned, it's actually really easy to mask/block/spoof origin IPs, but that's a conversation I've been specifically asked by the mods not to have here.

For an amusing demonstration see : http://dmca.cs.washington.edu/

LewieP's Mummy

Mmm, we have Call Blocking if you withhold your phone number when you call our house, cos the wonderful BT decided people could withhold their numbers (cue perverts), but it only works on calls that originate within the UK.
So, a while ago, a lovely American man rang me to tell me about this fantastic opportunity to buy into something, that I'd be really silly to miss out on (time-share in Florida). I let him booble on for a while, thinking hey, its your companies phone bill, and I wasn't busy. He was shocked when I turned the offer down. When I rang BT to complain, they told me Call Blocking only worked with UK based phone calls. Now I tell people I've just got to turn the heat down under a pan, and I'll be right back. They hang up after about 5 minutes or so.

japan

LewiePs Mummy wrote: »

Mmm, we have Call Blocking if you withhold your phone number when you call our house, cos the wonderful BT decided people could withhold their numbers (cue perverts), but it only works on calls that originate within the UK.

You can get around that, I do it all the time at work*. All you need to do is call the operator and tell them what number should show as the caller ID number and they'll connect you manually. I'm not able to not withhold the number, since it comes off a switchboard that can't accept incoming calls, meaning (as far as I understand it) there is no number associated with it.

*(I do it because I've either told them I'll call them back, or they've specifically asked me to. Given that I'm generally trying to arrange repairs to their home, they'd likely be more irate if I didn't do this.)

trevellian

Well it looks like the business was a short lived one in the UK at least:

http://www.theregister.co.uk/2008/06/13/spookcall_shutdown/

5 days after its grand opening, the not-so-grand-closing.

Would love to know what was in the OfCom letter.