Ok as a first step, now we need to see a more pro-active approach by both the Telcos and the regulators to overseas companies employing this tactic. there has to be some technical measure that can be implimented to prevent this - I have had several spoofed number calls over the last 12 months.

It is also time the regulators made UK companies responsible for the actions of thier outsourced cold calling operations. Im on do not call lists for a reason, and my wishes should be complied with.

Like I said in a previous thread about this subject: Ofcom are great.

I think that the seething mass of El Reg readers questioning Ofcom's abilities should post an apology.

http://tinyurl.com/49apnd

Malicious Communications Act 1988, section 1.a.iii "Any person who sends to another person ... a[n] ... electronic communication ... which conveys ... information which is false and known or believed to be false by the sender ... is guilty of an offence".

before you are cautioned for withholding your number and speaking in a didgy accent when you call your mates???

"Hi, this is John from the doctors surgery, I am afraid I have some bad news about your recent <Insert dodgy virus name> tests. They were positive.

Paris, cos she knows all the dodgy phrases!!

Yeh, course there is. The bills always go to the right place, after all, don't they? Check the difference between CLI and ANI. One is spoofable, the other is used for billing.

Maybe it wouldn't have been such a bad idea to let this service run, after all - all the muppets who'd use it would be eminently traceable...

For providing services likely to be useful to terrorists?

How come Ofcom can be so fast due to spoofing CLID's, yet still nothing regarding Phorm.....?

Royce Brisbane (great name, incidentally) might have answered a call apparently coming from his wife's mobile number.

I must have missed that party... Who was there? Yvette Fielding and the rest of the ghost hunter crew?

Anyway I digress, CLID spoofing is pretty easy, anyone with direct access to a phone switch or even an asterix/SIP based phone system can set their own caller ID number. Hours of fun can be had with prank phonecalls to mobiles as the phone resolves the incorrect number from its internal directory...

But I wouldn't have thought that a service such as this would have generated much revenue anyway...

If I read the instructions right, you call SpookCall and your access number, then the number you want to appear as and the number you want to call.

Assuming you're happy to pay and their systems allow it, you could call +1 555 spookcall and then the "from" number as whoever you want (i.e. it could look like a UK number it doesn't have to be in US format) and the "to" number as +44...(i.e. a valid UK phone number with international code).

I don't know anything about how international phone calls work, but I'm assuming if the call ID in the US is spoofed, it carries over to the UK. It's probably an expensive method to "have a joke" though.

Suggestions why ofcom has done bugger all about phorm:

1) The telephony infrastructure is a critical service for life in general (for doing business, people calling emergency services etc) so this kind of service would undermine confidence in it and so lead to people cancelling lines and ofcom losing its biggest cash cow, BT and lives being put at risk, an internet connection is not yet viewed as critical.

2) ISPs and phorm have convinced ofcom that the user is in control of whether they want to be tracked (whether its true or not) but the called party has no control over this, that is why Phorm will be allowed to exist.

I would defect to another ISP if mine started to use phorm and that is what people should do, there is nothing more powerful than market democracy, vote with your credit card.

Am glad to see that this service has closed, lets hope the git lost everything.

A company was willing to give the masses the ability to dodge a useless, broken and potentially very invasive system (Caller ID). This would only have been used by pranksters, because real crooks already know perfectly how to spoof CLID. Plus, anything that helps the public understanding that caller ID is not reliable is a good thing.

Ofcom are great really. Next move, imprison security researchers that unveil vulns, because it might be used at some point in illegal activities?

"It's probably an expensive method to "have a joke" though."

a good joke would be worht the expense....

Spookcall died for our sins

http://www.onewhois.com "spookcall.com" Look Up

CLID doesn't work internationally. Display usually just says 'International'

Strangely, so does Skypein on my landline phone..I wish they'd fix that.

Once again the Register triumphs over the forces of evil!

Don't suppose you fancy a go at the Home Office do you?

To spoof caller ID means one has to interfere in the signalling protocols of the telephone system. Whether one does so for the purpose of dialing long-distance without paying, or to affect the results of Caller ID, or for any other purpose whatsoever, since the telephone network is the property of the telephone company, I would have thought that tampering with it in any way has been a criminal offence all along. If it isn't, someone is asleep in Parliament.

It's hard to stop. There are valid products that use a different Presentation number to the real calling number - for instance a call centre that presents the number that a user would need to ring back rather than the real calling number - which could be part of an ISDN-30 DDI range.

Some companies block international CLI because it can't be trusted, but within the UK it gets passed between operators. It only takes one operator to allow spoofed CLIs onto their switches from a user for it to be possible to propagate it nationwide.

I think to stop this it needs Ofcom to rule that it's not allowable or for legislation to be passed.

> CLID doesn't work internationally. Display usually just says 'International'

It can work, just as sometimes 1471 will return an international number.

Just not always.

Such legal advice isn't worth the paper it's printed on. Lawyers are like Japanese garden designers: they give you what they think you want, not what you really need.

Businesses like Spookcall know this. Citing "prior legal advice" is just a smokescreen. The fact that they sought it at all says that they knew they were on shaky legal ground, and just wanted someone to hold their dear little hands and say there, there, 't's all okay, you go right ahead with your dirty business.

nope . Telcos' can be fined for knowing displaying a DID that is not on the account

happened to all that cash people splashed out for their calling credit before the plug was pulled?

Where else ... in Spookcall's pocket of course. Try and get a refund - go on, I dare you!

There's very high chances that some people who work within Ofcom have worked in other parts telecommunications industry.

In turn there are chances that there are people pretty high up in Ofcom that have worked at BT, or its previous incarnations, right back to the GPO.

It is possible that some of those people have a vested interest in BT's business success, as they may have recieved share options when at BT, or have just purchased them anyway.

BT is also a huge organisation that many other telecoms companies rely on, contractors and the like. Former employees of these companies may end up at Ofcom too, still with an interest in how BT does.

Then of course there's the fact that people that have worked in one industry for a long time will have friends who have also worked in the same industry for a long time. Sometimes these friends end up at the top of major players in an industry.... or worse, at an industry major player and the industry regulator.

Spookcall were new into the industry. Even if the old-guard did like the idea of selling forged-CLID to people (which their bean-counters would - it "monetizes" something else the telecoms networks can do), they are not going to let a new whipper-snapper into their industry.

PS Yeah, this comment may have a libelous twist to it... so please double check the title/subject before deploying the attack-lawyers!

PPS Does anyone else just totally ignore a comment where the poster has used the Paris Hilton icon?

At a guess, I would wager because no Labour Party MPs are on the board of SpookCall.

Who needs to pay for caller ID spoofing anyway? Half the calls I get show up as "Private" and all that needs is a switchboard in between caller and receiver. And if you want to really make it wierd, use a Skype divert and it shows up as meaningless number drivel

that the orange envelope with the spoof "spook" files I left on he 6.47 to Waterloo last week ,which didn't contain any "TOP SECRET" information is illegal ?

I suspect the reason Ofcom were a bit more decisive on StalkerCall than Phorm is that the nasty side of SC is an easier sell to Joe Public because a) it's on the phone, not the mystical world of the interweb, b) it doesn't have the whole 'no, we're great, because we're tailoring marketing messages directly to you the punter' message, which 'almost' sounds worth it, and c) SC doesn't appear to have the 'opt-out' that Phorm started desperately bleating about when their pants caught fire.

Also, in my experience of working for a Telco/ISP, Ofcom always seemed to be a bit more decisive on phone services than web services, possibly because it has historically been more well-established, stable ground.

Either way, nice on Ofcom on this occasion!

I had a phone call from someone asking me to confirm my date of birth the other day before she would send me the "mortgage information". I asked what info as I didn't recognize the name of the building (! - Something-or-other House, not even a company name?!?) she was calling from.

Then it turned into "mortgage and investment information", and I must have spoken to them before as they had all my details except my date of birth...

'Funny', I thought, so asked if I could have a number to call back on after I had checked with my wife in case she'd spoken to them?

"Oh no," said the young lady, "But I can call you back later..."

So, a "mortgage and investment" group that wants MY money and confidential (yeah right, never heard of the Electoral Roll, or the Public Records Office?) but can't give me THEIR telephone number?

And their number was unavailable from doing 1471 as well...

Hate to think what could have happened if me missus had answered the ph

I've had those sort of calls in the past Standard reply is,do you know what the telephone prefferance service is? CLUNK In other words you want WHAT if you can't tell me your company's phone number then piss off!

Frankly they deserve to lose their money.

He's probably done a bunk with it.