Caller ID spoofing

The term Call ID spoofing refers to the method that can be performed with the calls to a calling for the callee fake number. Here, at a number display on the called phone instead of the original caller's number one usually arbitrary identification information is displayed. This makes it possible to conceal the true identity of the caller to the called party to possibly simulate a false identity. This possibility exists in principle in unregulated communication networks ( eg the Internet), but is in regulated public networks, whether VoIP or traditional telecommunications networks, subject to the relevant telecommunications laws ( eg the German Telecommunications Act ) prohibited, or by a wealth of limitations made ​​impossible.

Techniques and Operation

Since the introduction of the Call ID there are also ways to manipulate these. The most common variants are either based on Voice over IP techniques or the use of ISDN - to-point interfaces (DDI ). A proliferation was the only technology with the introduction of Internet telephony via Voice over IP ( VoIP). While there are and were there any other ways to distort the Call ID ( eg orange boxing or VoiceXML ), but today the most used and simplest methods based on VoIP.

The Call- ID spoofing ISDN system terminals is usually possible only in the respective volume number of the PBX as the calling number is always checked in a publicly regulated network on admissibility for this connection (number screening). In addition, the CLIP feature -no can be screening connected to ISDN system terminals, which allows the called party to submit to an x any number ( within the meaning of spoofing ), since this number is not checked by the exchange on their accuracy. In addition to these user-defined number ( userprovided ) the "real" number is also sent ( networkprovided ). This " real" number, however, can only read with special devices.

The possibility of calling line to the called subscriber, the so-called CLIP must be possible in order to become effective. If in a VoIP call via the Internet an unregulated communication network used is always the possibility to freely choose the so-called display information and to display the caller. This method can be most easily used for manipulating, without having to change the calling number. If the calling number be falsified, any further changes to the VoIP registration or the selection of a more or less questionable VoIP provider is required. In this case, the caller dials, for example, first the customer service number of a provider for " Call ID spoofing ". This service then provides the option to enter a number that will be displayed on the VoIP phone screen of the receiver. The call is then routed through the service provider. On the Internet, a browser-based type of use is possible in the after registering the desired number of the user is registered on the page on which the further connection to the receiver is performed.

In regulated public telecommunications networks, this is also at the network boundaries ( ie, for example, for calls from Internet to landline ) is usually not possible or prohibited by the applicable local legislation which result from a plethora of regulations for the calling number ( for example, in Germany by § 66k of the Act). Spoofing has become known in regulated public networks based mostly on the non-observance of the legislation by the service provider and are usually only a short time, since such cases in the relevant regulatory authority ( the Federal Network Agency in Germany ) can be displayed.

Areas of application

In the USA, vehemently disputed technology was first offered in 2004 will be free on the Internet. The hacker Kevin Mitnick demonstrated the Call ID spoofing in the Art Bell show, in which he by amending its caller ID in the FBI headquarters number of Los Angeles. Since the risk of abuse confirmed, the American government is trying to design with the Caller ID Act is a legal basis for the restriction of the service. However, no legislation has entered into force.

A wide range of applications for a possible call ID spoofing is obtained for journalists, detectives, lawyers and collection agencies that could use the technology to investigative and research purposes.

However, Call ID spoofing allows telephonic phishing - the following principle: By posing (so-called pre-text calls) with a false identity, one tries to obtain sensitive information (passwords etc.). Occurring with increasing frequency, cases of SPIT ( Spam over Internet Telephony ), where telemarketing calls are not traceable. Previously, you could be made with this technique, a mailbox query by unauthorized persons that do not require PIN entry. A popular example of this type of abuse in 2006 was known as Paris Hilton herself gave access to the mailbox of her rival Lindsay Lohan using the Call ID spoofing provider SpoofCard.

Provider

In America, a call ID spoofing service, for example, offered by a company, the so-called " Spoofcards " outputs that are similar to phone cards have a credit for a certain call duration and on a subscription can be purchased by credit card. Addition, there are still features like voice recording and adjustment available. This service is, however, limited to the U.S. and Canada. Currently available in the U.S. for 5-10 additional services available; first provider of call ID spoofing via VoIP in 2004 was the company star38.com. In Germany there was a short period at the beginning of 2008, such a service from the company Visukom, but this had to be adjusted due to non-compliance with contractual agreements for carrier access to the regulated public network again.