Caller ID Spoofing is the practice of causing the telephone network to display a number on the recipient's caller ID display which is not that of the actual originating station; the term is commonly used to describe situations in which the motivation is considered malicious by the speaker. Just as e-mail spoofing can make it appear that a message came from any e-mail address the sender chooses, caller ID spoofing can make a call appear to have come from any phone number the caller wishes. Because of the high trust people tend to have in the caller ID system, spoofing can call the system's value into question.
Providers
To use a typical spoofing service, customers pay in advance for a personal identification number (PIN), allowing them to make a call for a certain amount of time. To begin, customers dial the number given to them by the company and enter their PIN. Then they enter the number they wish to call and the number they wish to appear as the caller ID. Once the customer selects the options, the call is bridged and the person on the other end receives the customer's call. Assuming caller ID is used on the receiving end, the receiver would normally assume the call was coming from a different phone number — the spoofed number chosen by the caller — thus tricking the receiver into thinking the call was coming from a different individual or organization than the caller's. Most providers work similar to a pre-paid calling card.
Technology and methods
The above method is a bit complex; many Caller ID spoofing service providers also allow customers to initiate spoofed calls from a Web-based interface. Some providers allow entering the name to display along with the spoofed Caller ID number, but in most parts of the United States, for example, whatever name the local phone company has associated with the spoofed Caller ID number is the name that shows up on the Caller ID display.
Using a Web-based spoofing service involves creating an account with a provider, logging in to their website and completing a form. Most companies require the following basic fields:
1.source number
2.destination number
3.Caller ID number
When the user completes this form and clicks a button to initiate the call, the source number is first called. When the source number line is answered, the destination is then called and bridged together.
Some providers also offer the ability to record calls, change the voice and send SMS text messages.
Other popular methods by companies include displaying only a geographical name on the caller ID readout, e.g., "ARIZONA", "CALIFORNIA", "OREGON", or "ONTARIO".
Legislation in the United States
On June 27, 2007, the United States Senate Committee on Commerce, Science and Transportation approved and submitted to the Senate calendar S.704, a bill that would have made caller ID spoofing a crime. Dubbed the "Truth in Caller ID Act of 2007", the bill would have outlawed causing "any caller identification service to transmit misleading or inaccurate caller identification information" via "any telecommunications service or IP-enabled voice service." Law enforcement was exempted from the rule. A similar bill, HR251, was introduced and passed in the House of Representatives. It was referred to the same Senate committee that approved S.704. The bill never became law because the full Senate never voted on it; it was added to the Senate Legislative Calendar under General Orders, but no vote was taken, and at the end of the 110th Congress, the bill expired (all pending legislation not voted into law at the end of the House term, a.k.a. end of a session of Congress, is dead). The bill was reintroduced in the Senate on January 7, 2009, by Senator Bill Nelson (FL) and three co-sponsors as S.30, the Truth in Caller ID Act of 2009, and referred to the same committee.
On April 14, 2010, the House of Representatives passed the "Truth in Caller ID Act of 2010" and will be reconciled with the Senate version passed in February. It is anticipated that this bill will be signed into law by President Obama later this year. Under the bill, which also targets VOIP services, it becomes illegal "to cause any caller ID service to transmit misleading or inaccurate caller ID information, with the intent to defraud or deceive." The bill maintains an exemption for blocking one's own outgoing caller ID information, and law enforcement isn't affected.
History
Caller ID spoofing has been available for years to people with a specialized digital connection to the telephone company, called an ISDN PRI circuit. Collection agencies, law-enforcement officials, and private investigators have used the practice, with varying degrees of legality.
The first mainstream Caller ID spoofing service, Star38.com, was launched in September 2004. Star38.com was the first service to allow spoofed calls to be placed from a web interface. It stopped offering service in 2005, as a handful of similar sites were launched.
In August 2006, Paris Hilton was accused of using caller ID spoofing to break into a voicemail system that used caller ID for authentication. Caller ID spoofing also has been used in purchase scams on web sites such as Craigslist and eBay. The scamming caller claims to be calling from Canada into the U.S. with a legitimate interest in purchasing advertised items. Often the sellers are asked for personal information such as a copy of a registration title, etc., before the (scamming) purchaser invests the time and effort to come see the for-sale items.
Frequently, caller ID spoofing is used for prank calls. For example, someone might call a friend and arrange for "The White House" to appear on the recipient's caller display. In December 2007, a hacker used a Caller ID spoofing service and was arrested for sending a SWAT team to a house of an unsuspecting victim. In February 2008, a Collegeville, Pennsylvania man was arrested for making threatening phone calls to women and having their home numbers appear "on their caller ID to make it look like the call was coming from inside the house."
In March 2008, several residents in Wilmington, Delaware reported receiving telemarketing calls during the early morning hours, when the caller had apparently spoofed the Caller ID to evoke the 1982 Tommy Tutone song 867-5309/Jenny.
There are legitimate reasons for modifying the caller ID sent with a call.
1.Commercial answering-service bureaus which forward calls back out to a subscriber's cell phone, when both parties would prefer the CNID to display the original caller's information.
2.Most calling-card companies display the Caller ID of the calling-card user to the called party.
3.Business owners have been known to use Caller ID spoofing to display their business number on the Caller ID display when calling from outside the office (for example, on a mobile phone).
4.Skype users can assign a Caller ID number in order to prevent their Skype-Out calls being screened by the called party (the default Skype Caller ID in the USA is 000123456).
5.Google Voice displays its users' Google Voice number when they place calls through the service using their landline or cell phone.
SOURCE: WIKIPEDIA
No comments:
Post a Comment