Spoofing caller ID

Ooo, now this one’s interesting… Here’s a writup in The Register talking about how some clever folks have figured out how to fiddle with caller-ID strings in the VOIP world — in both directions (inbound and outbound). Here’s a link to the article.

Hardly a “harmless prank” this could have some pretty nasty implications for stalking and identity-theft reasons. Read on for a few thought-provoking quotes…


Callers with life-or-death anonymity concerns might consider spoofing just to get a little privacy. For now, Lucky says pranks among friends are the most common use that he’s seen of VoIP spoofing, but he believes that identity thieves and other swindlers could have a field day. “I’ve used it myself to activate my own credit cards, because I never give credit card companies my real number,” he says. “One simple spoof, and it’s like saying, if you have the guy’s phone number, that piece of information is more important than his mother’s maiden name and date of birth. If you have the phone number, you don’t need anything else.”

How ’bout them apples? This could cause the financial-services crowd a fair amount of heartburn. But what about the implications for people who are tangled up with a stalker? Here’s another quote:

Privacy advocates, who had reservations about Caller ID when it was introduced in the 90s, aren’t happy that it’s becoming easier to subvert. “A worse case scenario is if you have a blocked number, and you’re a victim of stalking, and you’re duped into calling a number the stalker set up that was routed through a VoIP line,” says Jordana Beebe of the San Diego-based Privacy Right’s Clearinghouse. “It could put their life in danger.”

I’m also really interested in the regulatory impacts of VOIP, and this promises to generate a lot of pain on that front as well. Once again, here’s what The Register has to say:

This arrangement relies on telephone equipment at both ends of the call being trusted: the phone switch providing you with dial tone promises not to lie about your number to other switches, and the switch on the receiving end promises not to reveal your number if you’ve asked that it be blocked. In the U.S. that trust is backed by FCC regulations that dictate precisely how telephone carriers handle CPNs, Caller ID and blocking. Most subscribers have come to take Caller ID for granted, and some financial institutions even use Caller ID to authenticate customers over the phone.

Stay tuned, this will be coming up again. Fersure…