Feeds

US website offers Caller ID falsification service

Overdue debtors, beware!

  • alert
  • submit to reddit

Intelligent flash storage arrays

Overdue debtors beware: You may not be able to rely on Caller ID to screen out those annoying bill collectors much longer. A California entrepreneur has a plan to bring the hacker technique of Caller ID spoofing to the business world, beginning with collection agencies and private investigators.

Slated for launch this week, Star38.com would offer subscribers a simple Web interface to a Caller ID spoofing system that lets them appear to be calling from any number they choose. "It creates an extra avenue for them to have someone pick up the phone," says founder Jason Jepson.

Caller ID spoofing has for years been within the reach of businesses with certain types of digital connections to their local phone company, and more recently has become the plaything of hackers and pranksters exploiting permissive voice over IP systems. But Star38.com appears to be the first stab at turning Caller ID spoofing into a commercial venture. Jepson claims the service will charge a twenty-five cent connection fee for each call, and seven to fourteen cents per minute.

SecurityFocus took the site for a test drive, and found it worked as advertised. The user fills out a simple Web form with his phone number, the number he wants to call, and the number he wants to appear to be calling from. Within two seconds, the system rings back, and patches the user through to the destination. The recipient sees only the spoofed number displayed on Caller ID. Any number works, from nonsense phone numbers like "123 4567" to the number for the White House switchboard.

Jepson says the backend system doesn't rely on the most common methods of Caller ID spoofing - PRI lines and VoIP - but otherwise declined to comment on how it operates, for fear that competitors will launch copycat sites.

Legal Issues

Star38.com claims it will screen subscribers, and initially make the service available only to licensed private investigators and collection agencies. Jepson and his partners believe that collection agencies in particular will find the service invaluable for getting recalcitrant debtors to answer the phone.

"If [collection agencies] have access to the loan application, they have the references," says Jepson. "Now they can call John Doe, and the number that he used as a reference on his loan application pops up on his or her Caller ID." When debtor answers the call, instead of being greeting by Uncle Joe from back east, he finds himself on the line with a stern gentleman who wants to discuss some missed car payments.

The service does not appear to violate any federal criminal law, says Orin Kerr, a law professor at the George Washington University Law School, and a former Justice Department computer crime lawyer. "It doesn't violate the Wiretap Act or the Computer Fraud and Abuse Act or anything like that," say Kerr.

But Rozanne Andersen, general counsel at the Association of Credit and Collection Professionals, believes collection agencies would be barred from using Star38.com under two federal civil laws: the Fair Debt Collection Practices Act, which prohibits false or misleading representations and unfair practices in collecting debts, and the FTC Act, which outlaws deceptive trade practices in general.

"I would say that the concept would be very attractive to the industry, but the practice would be prohibited," says Andersen. "If that consumer calls that number, and does not reach the collector, that's a very serious problem. Certainly the use of what I'll call a 'dummy number' or a 'substitute number' would be a prohibited practice, because it is deceptive in its nature."

Jepson says his own attorney has advised him that the practice is permissible. He plans on launching Star38.com on 1 September.

Copyright © 2004, 0

Beginner's guide to SSL certificates

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.