Notifications
Clear all

Phone Spoofing

20 Posts
9 Users
0 Likes
1,600 Views
hcso1510
(@hcso1510)
Posts: 303
Reputable Member
Topic starter
 

Previously I was under the impression that in the US you were not allowed to spoof "your" number to a 1-800 or 1-866 number. To me, this meant that I could spoof the targets handset, but their phone company would be able to tell me the true number that originally placed the call.
It is now my understanding that the service provider of the target can be spoofed, virtually making it impossible to trace the origination of the call. Is this true?

I checked with the acounts manager at our department. I told her I was going to spoof my phone next week and she said she could get a printout of my incoming calls to see what number called. I guess I'll find out for myself.

Thanks for any information!

Ed

 
Posted : 20/11/2010 1:05 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

If you are in the US, I woukdn't do it if I were you
http//en.wikipedia.org/wiki/Caller_ID_spoofing

If it has been not already signed, it should be soon
http//arstechnica.com/tech-policy/news/2010/04/congress-outlaws-all-caller-id-spoofing-voip-too.ars

It makes caller ID spoofing illegal, unless you do it on your home number to protect your privacy, but only if you BLOCK the ID, not if you spoof it.

jaclaz

 
Posted : 21/11/2010 12:23 am
(@ebwahlberg)
Posts: 34
Eminent Member
 

Send me a PM if you are LE.

 
Posted : 21/11/2010 12:46 am
(@forensicakb)
Posts: 316
Reputable Member
 

Send me a PM if you are LE.

Wow, really. More of this.

 
Posted : 21/11/2010 1:02 am
(@trewmte)
Posts: 1877
Noble Member
 

It is now my understanding that the service provider of the target can be spoofed, virtually making it impossible to trace the origination of the call. Is this true?

I checked with the acounts manager at our department. I told her I was going to spoof my phone next week and she said she could get a printout of my incoming calls to see what number called. I guess I'll find out for myself.

Did you find out Ed?

 
Posted : 24/11/2010 3:57 pm
hcso1510
(@hcso1510)
Posts: 303
Reputable Member
Topic starter
 

trewmte,
No, I got busy at work this week and didn't have a chance. I took today off and with tomorrow being Thanksgiving on this side of the pond it will be next week before I try

I have received some good information, but I'll ask the question again. Lets say I receive a call from 555-123-4567. For some reason LE has to get involved and they subpoena the records from my cellular provider. If my records reflect a different number than the 555 etc I guess I have somewhere to start. However, If my records do reflect 555-123-4567 then what do I do, or better yet, what could be done? I wonder if the cellular providers have any additional ways to trace the origination of the call? I have a feeling the best way to answer this is to call the various providers and see what they say.

After I do my test I'll report back.

Ed

 
Posted : 24/11/2010 7:02 pm
 kmau
(@kmau)
Posts: 3
New Member
 

A brief overview of how caller id works in the US, this covers the most common scenario. There are some providers that don't implement things properly, and a large subset of different possible scenarios that can affect outcome.

There are essentially two separate forms of caller ID that are in use on a call.

ANI Automatic number identification is used by the phone companies for billing and is transmitted out of band, this is not something you can control. This is how 911 and some other services get your real number even if you block it or spoof it.

CID Caller identification is something that can be transmitted in band on a phone call via Voice over IP, a PRI (Primary rate interface a type of a business connection), or a few other methods. This is something you may be able to control and is typically what is displayed on the receiving end of a call.

As an example if I have a voice over ip service with the number 555-987-6543 that allows me to set my CID to anything i want. I set my CID to 555-123-4567 and make a phone call to someone. When they get receive the call they see 555-123-4567, behind the scenes and beyond my control my ANI 555-987-6543 is transmitted from my phone company to the phone company on the receiving end for billing purposes. In the event there is an issue law enforcement can subpoena the phone companies and find out the real telephone number that was used (note this isn't always the case).

The scenario changes if your calling a toll free number 800, 866, etc. Because they are paying for the phone call they have some additional rights. If they subscribe to a realtime ANI service when the call comes in they can receive your ANI, and frequently also your CID. Frequently its only the larger call centers that subscribe to realtime ani and if you dial the average 800 number they still only get your CID.

Let me know if you have any questions.

 
Posted : 24/11/2010 9:46 pm
hcso1510
(@hcso1510)
Posts: 303
Reputable Member
Topic starter
 

kmau,
Thanks for the reply and yes, I do have questions.

I was under the original impression that a targets cell phone could be spoofed, but you couldn't spoof their service provider. I was recently told that the technology exists to spoof the service provider as well.

Lets say I get a harassing phone call from 555-123-4567. I call the cops and they send a subpoena to Verizon and get a log of my incoming calls. Now if I get the properly obtained numbers back and I see 555-123-4567 on the log, I would a*s/u/me my service provider has been spoofed as well.

To your knowledge does Verizon or any other cellular service provider have additional records, which may contain the ANI or CID numbers you mentioned, or capabilities to track the spoofed number back to where it originated from?

Thanks!

 
Posted : 24/11/2010 10:18 pm
 kmau
(@kmau)
Posts: 3
New Member
 

Correct pretty much any phone number can be spoofed if the originating and terminating service provider allow it. As far as I'm aware you can't specifically spoof the service provider due to the methods by which call routing operates. There have been cases in the past where a telephony switch has been broken into and calls made from within the service providers network and logging disabled, this can prove its own unique set of challenges but is pretty rare.

If you subpoena a service provider for a list of call logs and receive information back this 'should' be the relevant ANI records. I've heard of cases where its taken repeated attempts to receive call records from the service provider before they received the correct or relevant information.

Remember service providers get a lot of requests and the larger ones have automated systems in place so their minimum wage employees can produce reports with little knowledge of how telephony networks actually operate.

Going onto your example; I'm sitting on level 3's network and spoof my caller ID and place a phone call to your cell phone on Verizon network. Verizon should have multiple pieces of data, the CID (spoofed number), the ANI (shouldn't be spoofable), time stamp data, which switches on their network carried the call, which network the call originated from, and which port the call came their network on. Level 3 should also have this same level of detail available for the outbound leg of the call. Some of this information may not be easily accessible by the service provider without getting their engineers involved to pour through data. If the call originates and terminates on the same network they can trace the call path through their network to determine where it came from also. For the average harassment case this level of detail may or may not be provided easily, this is also dependent on log level detail, and data retention policies.

 
Posted : 24/11/2010 11:12 pm
(@ebwahlberg)
Posts: 34
Eminent Member
 

Send me a PM if you are LE.

Wow, really. More of this.

I'm sorry, is this somehow inappropriate?

 
Posted : 25/11/2010 5:28 am
Page 1 / 2
Share: