[asterisk-biz] ANI

Trixter aka Bret McDanel trixter at 0xdecafbad.com
Tue May 13 12:06:31 CDT 2008 

On Tue, 2008-05-13 at 12:41 -0400, Steve Totaro wrote:
> Nitzan,
> 
> Maybe you are unaware that all of this could be done with *absolutely* 
> no way to trace it back to the "Culprit". 
> 
> If you cannot trace it back to the culprit AND more importantly, clear 
> the INNOCENT, then more regulation is needed. 
> 

I agree to a point, I dont think more regulation is needed, I think a
fairer approach of not charging people out of suspicion but rather facts
would clear more innocent even if it lets some guilty get away.  The
feds have a 96% plea rate give or take.  This is because they threaten
people with really long sentences and offer pleas of minimal sentences,
many who have given up on fighting accept the plea out of desperation
and not because they believe they are guilty.  Of those that go to trial
75% loose in the federal system, often because of dirty tricks used and
a bunch of retired postal employees as jurors.  One of the first tactics
that the feds use is to dry up your income so you cant afford a real
lawyer and end up with a public defender.  Seizing funds (or at least
freezing them), ensuring you get fired, etc are all standard tactics.  

If there is regulation it needs to be that the government will play fair
in prosecution, if this happens you will see many more people walk when
the evidence just isnt there, rather than conviction because the
government says so.

Generally more regulation only leads to more "criminals" some of whom
are unintended consequences of a poorly written law.  It generally does
little to actually stop innocent convictions, or halt an undesirable
action.

> This make more sense:
> Open WiFi AP (or cracked WEP)  ---->  hacked Asterisk box (who sets the 
> CID/ANI ----> Telco  ------>  terminated to the PSTN
> 

open/cracked wifi device using voip device -> itsp that takes paypal or
credit cards and does instant activation -> pstn

paypal and credit cards are stolen all the time, and are probably more
plentiful than vulnerable voip systems (asterisk or not) so the attack
vector is larger than in your example.


> Be sure to delete appropriate logs on the hacked Asterisk boxen and just 
> to be safe, spoof your laptop's MAC address.  Perform your exploit 
> somewhere inconspicuous and a good distance from "home, then clean your 
> laptop by using DBAN http://dban.sourceforge.net/ which is DoD 5220.22-M 
> compliant, before re-installing your OS"......

this step also could be removed, certain the clean up, but if you can
really get in and out without anyone noticing, bounce around to
different locations, use proxies, etc tracing it back to the user of the
access point becomes difficult and unless you enter the US or UK where
they can search the contents of your laptop "because they feel like it"
wiping it isnt always required.  

fyi eteraser does DoD compliant wipes of free and slack space on windows
boxes, and if you use a wifi phone or ATA or something that way there
generally arent logs to even require this step.  And many of the wifi
phones look like mobiles so it wouldnt look as odd, but you may not have
as much ability to set clid/ani to said itsp provider.

-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
Belfast +44 28 9099 6461        US +1 516 687 5200
http://www.trxtel.com the phone company that pays you!

More information about the asterisk-biz mailing list