Spoofed sms/text me...
 
Notifications
Clear all

Spoofed sms/text messages

grj2000
(@grj2000)
New Member

An investigation that i am working on requires the tracing of spoofed/anonymous SMS/text messages and e-mail messages.

Since I am new to this field, though not at all new to investigations, I could use some advice on how to perform this tracing task.

I am aware of the online spoofing services for SMS and e-mail, and assume that viewing the anon e-mail header details may disclose the sending IP address, and perhaps the originator's IP address. Fortunately, the recipients have retained the e-mail messages and I will have them forwarded to me. Would that be the correct protocol, do you think?

I was going to concentrate on examination of the e-mails since they are more likely to show IP details that could be traced depending on the spoofing service.

Any other thoughts on how I should proceed with the SMS messages and/or e-mails?

Please feel free to contact me directly on this.

Gil

Quote
Topic starter Posted : 20/03/2011 8:47 pm
trewmte
(@trewmte)
Community Legend

An investigation that i am working on requires the tracing of spoofed/anonymous SMS/text messages and e-mail messages.

Since I am new to this field, though not at all new to investigations, I could use some advice on how to perform this tracing task.

I am aware of the online spoofing services for SMS and e-mail, and assume that viewing the anon e-mail header details may disclose the sending IP address, and perhaps the originator's IP address. Fortunately, the recipients have retained the e-mail messages and I will have them forwarded to me. Would that be the correct protocol, do you think?

I was going to concentrate on examination of the e-mails since they are more likely to show IP details that could be traced depending on the spoofing service.

Any other thoughts on how I should proceed with the SMS messages and/or e-mails?

Please feel free to contact me directly on this.

Gil

Gil

Sort out if you are actually examining SMS messages, emails converted to text messages or emails

Here are some background details
http//en.wikipedia.org/wiki/SMS

(Number of characters per message)
http//www.3gpp.org/ftp/Specs/html-info/0338.htm
http//www.3gpp.org/ftp/Specs/html-info/23038.htm

(Header details)
http//www.3gpp.org/ftp/Specs/html-info/0340.htm
http//www.3gpp.org/ftp/Specs/html-info/23040.htm

(Where US is concerned)
http//www.3gpp2.org/Public_html/specs/X.S0004-641-E_v1.0_051003.pdf
http//www.3gpp2.org/Public_html/specs/X.S0004-641-E_v2.0_070723.pdf

ReplyQuote
Posted : 21/03/2011 12:17 am
hcso1510
(@hcso1510)
Active Member

Gil,
The first thing I would do is contact the provider that services your victims’ handset. You will want to get a copy of their CDR’s (Call detail records) with a text log. You want incoming and outgoing. (Always rule out the possibility that your victim is “spoofing” themselves!)

Depending on the provider of your victim you may be able to capture the sms content. In my area Verizon and US Cellular maintain content, but it is only for a short period of time. Depending on your victims carrier you may need to call them. (AT&T, T-Mobile, Sprint, Cricket do not retain sms content.) Now to obtain the content you will need a search warrant, but the content can show if you have a victim that may have been “playing along” and is now crying wolf.

Now, what type of case are you working? Harassment or is this a violation of an Order of Protection? While the SMS may not say who is doing the texting your victim may know exactly is doing it. Or at least have a pretty good idea. You can obtain some records fairly easily with “reasonable and articulable facts.” Depending on the facts of your case you may be able to subpoena the records of the individual that you believe is “spoofing” your victim.

Let us know how you make out.

ReplyQuote
Posted : 21/03/2011 5:46 am
Dndschultz
(@dndschultz)
New Member

I hope someone weighs in on this. There is starting to be a lot more spoofing and swatting and it would sure be nice to be able to track down the source.

ReplyQuote
Posted : 21/03/2011 10:30 am
trewmte
(@trewmte)
Community Legend

Ed
Are you able to say whether these operators have the header file for text message, email-converted-to-text etc for each message?

ReplyQuote
Posted : 21/03/2011 11:16 am
bigjon
(@bigjon)
Active Member

anonymous sms could also be flash messages,without the other party you wont be able to trace these

ReplyQuote
Posted : 21/03/2011 12:16 pm
Share: