Index Home About Blog
Date: Tue, 09 May 2000 18:42:24 -0700
Subject: Re: FAKED CALLER ID INFO
From: John Higdon <no-spam@netninny.org>
Newsgroups: alt.dcom.telecom

in article 8faaj1$f1q$1@nnrp1.deja.com, chrislebeck@usa.net  wrote:

> i'd be interested in knowing as well....

Normally, the CNID field is set by the originating central office, based
upon the number of the calling line. With primary rate ISDN, since the
calling number can actually be any of hundreds or thousands of directly
dialable extensions, the Caller ID is determined by the originating PBX
switch. That switch, which is under the control of the customer who owns it,
can be programmed to send any number on God's Green Earth as the Caller ID.

As I mentioned in another post, Sprint, the local exchange company in Las
Vegas, takes that Caller ID info and goes one step further in setting the
ANI on the call to that which the customer specifies. ANI is used by long
distance companies (IXCs) for billing purposes because it is SUPPOSEDLY not
spoofable by the customer. Thanks to Sprint, the customer, using a PRI can
literally write his own ANI by simply setting the Caller ID to whatever
suits his fancy, causing to call to appear to come from any telephone in the
United States or Canada.

And that is just exactly how the call will appear on the bill.

--
John Higdon     |         P.O. Box 7648         | http://www.anntec.com/
+1 415 428 2697 | Silicon Valley, CA 95150-7648 | FAX: +1 408 264 4407
                |      Email Address Valid      |



Date: Tue, 09 May 2000 17:04:11 -0700
Subject: Re: FAKED CALLER ID INFO
From: John Higdon <no-spam@netninny.org>
Newsgroups: alt.dcom.telecom

in article 39188781.71248346@mediaone.net, Rich Campbell  wrote:

> Quite easilly if you have a PRI circuit.  You just override the out going ANI.

If you are served by Sprint as your LEC (e.g. in Las Vegas), you can use
this technique to spoof an ANI. The usual practice with PRI is to send the
billing number for the PRI as the ANI to IXCs. Sprint (unlike most LECs
around the country) takes the orig. number field from the PRIs CNID field
and sets the ANI to that number. The beauty of this is that ANI is
considered sacrosanct when it comes to "unspoofability".

This means that you could make up a number, place calls through AT&T, and
the made up number would not only get the bill, but AT&T would INSIST that
there was no error because the calls were dialed. If you use an unbillable
number (such as something from the middle of a DID group), the calls would
stop going through after the first billing cycle. AT&T would block further
calls as "uncollectable".

This is not conjecture; we have played with this at great length. I figure
by now that organized crime has figured out that it can send the law
enforcement agencies on wild goose chases, since it can now cause totally
bogus phone records to be made. Law enforcement relies heavily on toll
records in its surveillance.

--
John Higdon     |         P.O. Box 7648         | http://www.anntec.com/
+1 415 428 2697 | Silicon Valley, CA 95150-7648 | FAX: +1 408 264 4407
                |      Email Address Valid      |


Index Home About Blog