Tech Crime Blotter

Re: Tech Crime Blotter

You say end user, but there isn't really a large distinction between the end user line and a commercial line. Possible uses:

• Calls routed through your switch to your cell phone. You'd like to see who's calling, not that it's a routed call. This is especially important if the call is routed multiple times.
• A site with multiple numbers may wish outgoing calls to always present the "public" number.
• Return voicemail calls when calling into your home voice mail should probably present your mobile number that your friends know and not your voicemail number.

As people keep saying, the real problem is the reliance on Caller ID as useful information. Some providers help to limit this problem by limiting the "spoofed" scope to a controlled block of numbers (with the obvious disadvantage that it limits functionality and adds additional complications). The real solution, as has been stated, is ANI data, but the phone system is so antiquated that the data isn't guaranteed to be there.

Another, easier, solution is to call the number back. You can craft a situation in which the operator may be dissuaded from calling back, but it's a very easy method of eliminating most of pranks.

Re: Tech Crime Blotter

I don't see an easy solution at all to this problem, considering most N.I.D's are outside the home these days. How easy is it to get a telephone test set and just sneak up and make a flake phone call right from the N.I.D; no spoofed caller-id. If not there then anywhere else along the circuit that has exposed physical access.

xor

Re: Tech Crime Blotter

Kevin Mitnick, demo'd the call id "hack". (old techtv episode) As I understand it caller Id relies on the other end telling it who it is. If you call using a calling card , say, the company that you're calling card is for doesn't pass on the caller id info to the system your calling. This in turn creates the inherent flaw of calling a system that allows you to pass on phony caller id data. This is how Kevin made a call and the caller id showed it was the white house calling.

http://www.fakecaller.com/

Google turns up tons of hits on it.

My apologies if I'm restating or way off base. Trying to read the forums while on a worthless conference call.

Re: Tech Crime Blotter

Meh... I know I said I'd have details, but man, these people are retarded. I asked around and everyone was looking at me like I had horns and my eyes were on fire including the SWAT commander and the person in charge of dispatch.

So if you want to cause mayhem in my county, they have no idea what they are doing, so mayhem away D:

Re: Tech Crime Blotter

I've heard a few different executions of this attack; the primary being the lack of identification as it relates to signing up for VoIP services. You can apparently sign up someone else's known address for VoIP service and then use that newly created account to place calls that appear to come from their home. I'm not too keen on that one in particular.

As far as spoofing...
You're referring to RTANI, which can still be spoofed as far as my understanding goes.

This solution may sound a bit leftist, but it seems like implementing laws similar to the "if someone commits murder with your gun, you've committed murder" variety in terms of the phone systems would lead to a significant amount of spending by phone companies, which would also create a great deal of labor.

EDIT: Labor(e.g. I'm doubting it can be fixed by a simple protocol change, and I feel like I say this a lot, but my knowledge here is very limited)

Re: Tech Crime Blotter

I checked with the head of dispatch where I used to work. They are aware of swatting, but claim that it won't work within the statewide 911 system itself. Apparently 911 runs off a closed database that is controlled by FairPoint/Verizon, and that if you call 911, the CallerID info is not used, but rather data from the database is set to the PSAP. They did say that the regular POTS lines at the PSAP are susceptible to forged CallerID info.

Frankly, 'm a bit suspicious of the "closed database" answer, as it would seem that some CallerID info has to come through in order for VoIP systems such as Vonnage and Comcast's to work properly with both 911 and the POTS system in general. Is it possible that there is some other signaling going on that ties a "accepted" VoIP phone (e.g. Vonnage) to the 911 database? My phreaking days were a long, long time ago and anything I knew about signals is probably out of date by three decades.

Re: Tech Crime Blotter

This is why I didn't understand what was happening either, because back a few years ago when I was working with our 911 center here, I had heard the same thing, that it wasn't based upon the normal CallerID database.

Could it be that some 911 centers aren't using that service from the BigBell's, because I'm sure they have to pay for it, and are relying solely upon the actual CallerID information?

Re: Tech Crime Blotter

It might be based on Automatic Number Identification (ANI), but I haven't looked at that stuff in years.

That still doesn't explain how ANI might cross from VoIP to POTS, though.

Could be. I wrote a 911 database back in the 1980's that worked by passing the CallerID to a PC. While that was a one-off, I'm sure there are similar commercial products out there.

Re: Tech Crime Blotter

http://www.theregister.co.uk/2009/04...hacker_jailed/

Hmmm, only 11 months in Juvi with no mention of restitution for all the money spent for the SWAT teams to be dispatched? That'll teach him.

Re: Tech Crime Blotter

I propose the following:

Re: Tech Crime Blotter

hahaha that's awesome