[asterisk-biz] ANI

Andreas van dem Helge joakimsen at gmail.com
Tue May 13 23:31:35 CDT 2008 

Or you can just wear gloves and a mask, go steal prepaid SIM cards...
drive off in an unmarked stolen car with fake license tags which you
burn anyways after you leave the vicinity of the store (get rid of all
the DNA evidenc)

Untraceable... ok traceable to a small phone card shop somewhere on
Ferdinand Bolstraat that was robbed at gunpoint by unknown persons.

You get the point. Where there is a will there is a way. There is no
need in burdening 99% of the "good guys" for the 1% of people that are
going to break the laws anyways and do bad things. They are going to
keep on doing them anyways. It's like restricting cold medicines in
the USA to stop illegal drugs. Has that at all affected the illegal
drug market? If anything it reduces the supply... and the rest well
study some basic economics.

What is the entire point of regulation? Honestly the biggest issue I
see with spoofed CID and ANI is the RBOCs being unable to collect
intrastate rates and being forced to settle for interstate rates...
boo-fucking-hoo


On Tue, May 13, 2008 at 12:41 PM, Steve Totaro
<stotaro at totarotechnologies.com> wrote:
> Nitzan,
>
>  Maybe you are unaware that all of this could be done with *absolutely*
>  no way to trace it back to the "Culprit".
>
>  If you cannot trace it back to the culprit AND more importantly, clear
>  the INNOCENT, then more regulation is needed.
>
>  "Culprit -> VoIP carrier who lets set CID/ANI -> ILEC or CLEC ->
>  terminated to PSTN." would be stupid.
>
>  This make more sense:
>  Open WiFi AP (or cracked WEP)  ---->  hacked Asterisk box (who sets the
>  CID/ANI ----> Telco  ------>  terminated to the PSTN
>
>  Be sure to delete appropriate logs on the hacked Asterisk boxen and just
>  to be safe, spoof your laptop's MAC address.  Perform your exploit
>  somewhere inconspicuous and a good distance from "home, then clean your
>  laptop by using DBAN http://dban.sourceforge.net/ which is DoD 5220.22-M
>  compliant, before re-installing your OS"......
>
>  Thanks,
>  Steve Totaro
>
>
>  Nitzan Kon wrote:
>  > Yep. True.
>  >
>  > So the issue is not needing more regulation - but just how to be able to enforce existing regulation. Not something that more regulation by itself will resolve!
>  >
>  > Of course for all these cases, there WILL be records allowing law enforcement officials (***who know what they're doing***) to trace back the calls. Even if you spoof ANI/CID - your call has to come from somewhere.
>  >
>  > Let's take your 3AM campaign suggestion for example: the way the call will go is:
>  >
>  > Culprit -> VoIP carrier who lets set CID/ANI -> ILEC or CLEC -> terminated to PSTN.
>  >
>  > Tracing it back should not be a problem if you have the proper court orders, just find out with the terminating party which ILEC/CLEC they got the call from, then find out with the ILEC/CLEC which VoIP carrier they got the call from - and then finally get the customer records from the VoIP carrier.
>  >
>  > Sure, it's not as easy as it used to be, and I may be over simplifying it - but it is possible and much better than trying to regulate who can and can't set CID. Punish the CRIMINALS - not the PROVIDERS.
>  >
>  > --- On Thu, 5/29/08, Charles Vance <cbvance at msn.com> wrote:
>  >
>  >
>  >> From: Charles Vance <cbvance at msn.com>
>
> >> Subject: Re: [asterisk-biz] ANI
>
> >> To: "Commercial and Business-Oriented Asterisk Discussion" <asterisk-biz at lists.digium.com>
>  >> Date: Thursday, May 29, 2008, 6:40 PM
>
> >> each of those scenario's involve either fraud or intent
>  >> to do harm and are already prohibited
>  >> in FCC regs even absent the "Truth in Caller ID
>  >> Act"
>  >>   ----- Original Message -----
>  >>   From: Steve
>
> >> Totaro<mailto:stotaro at totarotechnologies.com>
>  >>   To:
>  >> trixter at 0xdecafbad.com<mailto:trixter at 0xdecafbad.com>
>  >> ; Commercial and Business-Oriented Asterisk
>
>
> >> Discussion<mailto:asterisk-biz at lists.digium.com>
>  >>   Sent: Monday, May 12, 2008 18:22
>  >>   Subject: Re: [asterisk-biz] ANI
>  >>
>  >>
>  >>   Setting up a drone Asterisk box to take hundreds of
>  >> thousands of FTP
>  >>   .call files at 3AM (by each time zone) and play pro
>  >> Hillary Clinton
>  >>   campaign messages (or whoever you don't like),
>  >> obviously spoofing
>  >>   her/his campaign headquarters caller ID and ANI.
>  >>
>  >>   Obtaining a new credit card from someone's mailbox
>  >> with the sticker to
>  >>   call from your home phone to activate the card.  Spoof
>  >> their Caller ID
>  >>   and ANI, activate, and buy some cool gadgets or whatever
>  >> people do
>  >>   with cards that don't belong to them.
>  >>
>  >>   Setting CallerID/ANI to clients', girlfriends',
>  >> bosses' cell phone and
>  >>   call until voicemail picks up, if no PIN is set, I have
>  >> full control
>  >>   of their voicemail (and could possibly call out, I will
>  >> have to test
>  >>   that with the call back option.  Then someone could
>  >> really have some
>  >>   fun depending on what messages they have saved)
>  >>
>  >>   So many exploits.....
>  >>
>  >>   Thanks,
>  >>   Steve Totaro
>  >>
>  >>
>
>
>  _______________________________________________
>  --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
>  asterisk-biz mailing list
>  To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-biz
>

More information about the asterisk-biz mailing list