Caller ID spoofing
(faking your CallerID) is a very easy thing to do, especially if you have an Asterisk IP-PBX (see Nerd Vittles' how-to
). While CallerID spoofing can be used for harmless pranks, it can also be used to fool customers into giving confidential information, such as their bank account or credit card info. I came across a new website called The Zero Group
(TZG), which claims to offer several "interesting" services, including Caller ID spoofing, telephone "tap" (eavesdropping) detection, "BackSpoof" (*67 killer), and a real time voice changer.
They also have SupaSMS which allows you to sent text message to mobiles through the web - but with a twist. You can configure who the message appears to be from. You can select a sender's name of any character up to 11 characters long or use an 11 digit phone number. I can think of a few good pranks to try with this feature.
Click for Full Image
The "BackSpoof" feature (screenshot above) is interesting feature. It actually "unblocks" restricted calls, i.e. Private Caller. Thus, you can identify any Private Caller that uses *67 to block their CallerID. Apparently, the way it works is that it forwards the call to a nationally hosted toll-free number hosted by TZG. The call is received by TZG and they claim they trap the origin, ANI, and CLID data. The originating caller's CallerID is passed onto your mobile or other phone device and the caller is unaware you can see their "private number".. If memory serves me correctly you cannot block (*67) your CallerID when dialing an 800 number. However, I didn't think if you forwarded your home or cell phone to an 800 number that the ANI and CLID info from the originating
caller is passed on.
I thought the ANI and CLID of your
phone number was passed. I suppose if you are leveraging the carrier's "forwarding" feature, it stays on the network and therefore it does forward the originating CallerID and ANI. Yeah, I guess that does make sense to me now. TZG's BackSpoof feature also lets you know if someone is attemtping to CallerID spoof you. Spoof me??? Spoof you!
You're probably wondering "Hey, isn't this stuff illegal?" Well, it is. As of June of last year, Congress passed H.R 5126
, a legislation to make it a crime to insert false information into the Caller ID system. And yes, even VoIP is covered in this legislation. So how is TZG getting around this? The answer is they're not hosted in the U.S.
Maybe TZG bought some co-location space on Sealand that The Pirate Bay P2P sharing site planned on buying
to avoid various government jurisdictions?
Another service they have is called ZerO-Fone (ZF), which is similar to a regular calling card. ZF is accessed through one of their local telephone numbers where you then enter your PIN, desired Caller ID, and the number you wish to call. They offer 100 min for $10, 230 min for $20, and 350 min for $30, which you pay via Paypal. Interestingly, using ZF you can use their voice changer feature to camouflage your voice.
This certainly seems like the site to go to if you want to do some "black hat" phone stuff or you simply want to know who the hell is callng you and blocking their number. It's my phone number, I want to know who the hell is calling me. It's my right!
Ah yes, reminds me of a great scene from Braveheart.
: [scared] I never did her any harm. It was my right.
: Your right? Well, I'm here to claim the right of a husband! (kills Lord Bottoms)
Finally, I have to say, I really hate their website since it is 100% Flash with some annoying music in the background.