http://themediadesk.com
Back to the Desk main page.
the the Desk Tech Page

Caller ID can Lie to You

©05 The Media Desk
http://themediadesk.com

For a brief glossary of some of the terms used, and links to other resources see below.

      We're all used to politicians lying. Them, radio ads for weight loss pills, the guy that's trying to sell you a used car, a four year old with chocolate all over her face who's denying that they've been sneaking a bit of leftover Easter candy. Those are simply a fact of life.
      Fast food restaurants lie about how good their latest creation tastes. We accept it. Everybody knows the new thing at that "You want fries with that place" tastes just like the one they were pushing last year, which is no different from any other sandwich at any of a half dozen of their competitors. They all taste like salty cardboard that's covered in grease.
      Even Microsoft lied to us. Windows XP is not the end all be all they promised. Longhorn has more bugs in it than an entomologist convention and its roll out will probably be delayed. Face it, 98 second edition when stripped of a lot of the useless ad-ons the Windows people insist you need is a fairly good Operating System. And there is a growing movement to have Mr. Gates open the source code for it to the Linux people who can really debug it and create something that would be truly awesome.

      But enough of that.

      Now in addition to all the known Liars in the Universe you can add one more.

      Caller ID.

      It used to be if you saw a number and maybe a name in your phone's Caller ID window you knew who was on the other end of the line.
      If the little window on the box said "410-555-9823 Joe's Used Car Deals" you knew somebody from Joe's wanted to lie to you about the new lower price on that middle 80's K-car you were looking at.
      But wait!
      What if the lie has already begun? It might not be Joe's at all.

      Using a computer with a broadband connection and what is known as a 'soft-phone' anybody in the world can place a VoIP (Voice Over Internet Protocol) call and could be posing as that salesman from Joe's and actually be wanting to try to sell you magazine subscriptions, harass you about an overdue bill, or just breathe heavily into the phone at you.

      It's called Caller ID Spoofing, and it is far more common than you would think.
      Several outfits on the web sell the ability to, for a price in most cases, place calls where you can set what appears in the caller ID window of the recipient's phone. Also available are downloadable programs which turn your computer with its microphone and speakers or a headset you plug into the USB or other port into a virtual phone. A window appears on the screen allowing you to program a recorded message like an answering machine, make conference calls, dial multiple numbers in rapid sequence, and, set your outbound name and number for Caller ID.
      The service is widely available through various outlets, some claim to check out those that are using their services, others don't. A web search for 'Caller ID Spoofing' will bring up several results of those that offer either the service or the software for download. Another search for 'Soft Phones' will quickly point out several programs that allow the outbound caller ID information to be programmed by the user.

      The technology to mask Caller ID was supposed to only be used by law enforcement and other entities who have legal reasons to hide their identity.
      It then became popular with collection agencies and private detectives who also had reasons to cover up their real names and numbers.
      Now it is being used by telemarketers to get around the Do Not Call law.
      And it is also now being used by pranksters and others with nothing better to do.

      Verizon and by extension other phone companies claim they pass accurate caller ID information through the system.
      And they do. To a point. What if the information they get is wrong from 'GO'?

warning This gets a bit technical.

      The phone company system that captures and transfers call information from beginning to end, Signaling System 7, is simply a relay service. It CANNOT create information that is not based on the calling and called parties. If you dial a telephone in the real world from a regular telephone (a POTS line Plain Old Telephone Service) or any other Phone Company Central Office based service, your call information is automatically read by the system and passed along to wherever your call is going. Which is why if you call 911 from a standard phone, the emergency services people can have help on the way without you ever saying a word.
      Cel Phones added another layer of complexity to the system, but the technology is in service to allow a great deal of information to be captured from the originating phone and subscriber and be passed through the system. Including, through triangulation, the location of the originating phone.
      And now comes Software Phones that place calls into the Public Network from non-traditional sources and carry all sorts of non-traditional, and even false, information.
      There is even a way to download software to your Celphone to spoof the number on it.
      Through the SS7 system it should be possible, eventually, to capture the IP address of the originating call and pass that information along to the recipient or a CO database. Which would be fine since every device that touches the Internet from your desktop computer to a network printer to a Palm and some Cellular Phones. That way if you report a prank call, or even a telemarketer, you would have some solid evidence of where the call came from no matter what the caller ID said.
      The telemarketers and other crooks will most likely be able to stay one step ahead of whatever technology is put in place to track spoofed softphone calls over broadband. Even now, you can mask your IP address, changing it into random numbers while online.

      As for the legality of the practice, surprisingly enough, as long as it is not used with criminal intent (this is where wire fraud and criminal impersonation come into play), the spoofing isn't illegal in most areas.

      If you receive a harassing phone call and the Caller ID says 773-404-2827 (the Chicago Cubs Ticket Office) and you call the CUBS back and they've never heard of you or your number what can you, or the CUBS do?
      Well, the Chicago Major League Affiliate ticket office probably can't do anything. If they did not make the call, and their outbound call records show they never made the call, they are not the aggrieved party, even though their name and number were taken in vain. Whether or not they even have grounds for a complaint is a bit shaky unless fraud was committed (for instance: the caller was trying to get your credit card number out of you to sell you tickets they did not have) then perhaps they have a case.
      You the citizen who received the call can file a criminal complaint with your local police agency (for harassment even if there was no other crime committed), which will then enable a subpoena of the Phone Company's records as most telephone companies will not otherwise release the records. Through the call records the company can trace the individual call back to wherever it came from. If it came from a regular telephone which has had its ANI number (the originating phone number) hacked, there is other information in the SS7 record to indicate where the call originated. If the call came into the system from a VoIP application, the information in the ANI might be totally worthless.
      On the other hand, if the records have captured the IP address, and it is a real number that some ISP recognizes, the authorities might be able to track somebody down and the legal process, whatever that might be depending on where you are and what actually happened, can begin.

      But short of criminal prosecution, which can take months and cost real dollars for attorneys and copies of records, there isn't a lot the party who received the crank call with the Spoofed Caller ID can do except- Hang Up. Repeatedly if necessary.

      Legislation is pending in several locations to make use of the technology for Spoofing Caller ID, Email From Lines, and other masking techniques and their use illegal as a form of 'Victimless Identity Theft' even if no other crime is committed. However, as with Pandora, the evil spirits are out of the box.

end of article

GLOSSARY
  • ANI: Automatic Number Identification. The part of the phone call's signal which Spoofing falsifies. In most cases SS7 requires there to be some information in that field in the call data, the spoofed data is then passed along and recorded.

  • Caller ID: most usually the name and number of the calling party displayed on most phones with the feature and on the majority of Cel Phones. For 911 call center use and other official needs, Caller ID can display several more lines of information including complete address.

  • CO: phone company Central Office. The guts and brains of the local telephone system.

  • IP Address: Internet Protocol Address. The address assigned to the Network Interface Card (NIC) inside the device that accesses the Internet. Can be assigned by the Internet Service Provider behind their system or an address on a private network.

  • POTS: Plain Old Telephone Service. Copper two wire (or in some older phones four wire) phone service. This analog service feeds home phones, most fax machines, computer modems, and other common applications.

  • PSTN: Public Switched Telephone Network. The telephone system managed by the various carriers. Also called the GSTN, Global Switched Telephone Network.

  • SoftPhone: A telephone that is run by software. May not be a traditional telephone at all as on a computer. Could be a traditional telephone set that is plugged into a computer or network that operates through the system as a VoIP phone.

  • SPOOFING: The faking of electronic information. Whether it is the From line displayed across the top of a FAXed document (generated by the same information used by Caller ID), the originating email address of a SPAM message, or an incorrect caller ID message. It is called 'spoofing'. Since the legal system is somewhat behind the times and the technology, the legality of the practice is dependent on the local jurisdiction. However, wire fraud, using inaccurate information for criminal purposes IS illegal.

  • SS7: Signaling System 7. Technically- out of band signaling for PSTN use. More generally, SS7 is how the phone company does its housekeeping for who you are calling, when they answer, and when the call is ended. Controls call routing and feeds information to phone company billing. Basic Caller ID is the only information commonly available to the public that runs across the system.

  • VoIP: Voice Over Internet Protocol. Making person to person, or fax to fax (FoIP) or whatever, calls over the Internet. Usually requires a broadband connection such as cable modem, DSL, or over a LAN (Local Area Network). May be used through a computer or other Web enabled device or a separate telephone that is run through a computer or network.

RELATED ARTICLES on the Desk

Why the Federal Do Not Call List probably won't work.

Broadband articles-
BPL: Broadband over Power Lines

DSL: Digital Subscriber Line a Not Ready for Prime Time Technology

OUTSIDE LINKS will open in new window.

Caller ID Spoofing article on Engadget.com

From a UK source called http://www.theregister.co.uk

-30-

[NOTE: Verizon, the Chicago Cubs, SS7,and all other, associated names and identifying marks are registered trademarks of their respective owners. The Desk is not affiliated in any way with any of them. As far as it knows, the Desk has never spoofed anything.
Thank you]

back to the Desk's Main page

http://themediadesk.com