Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Truths in "Truth in Caller ID Act"
From: "J. Oquendo" <sil () infiltrated net>
Date: Sun, 1 Oct 2006 12:28:41 -0500

So the United States government wants to pass the "Truth in Caller ID" act. Humorously it will do little do deter 
criminals from spoofing their caller ID and scamming innocent victims. Here is the rule/law followed by why it will 
fail:

"It shall be unlawful for any person within the United States, in connection with any telecommunications service or 
VOIP service, to cause any caller identification service to transmit misleading or inaccurate caller identification 
information, with the intent to defraud or cause harm."

Re-read it a few times and let some common sense kick in. "unlawful for any person within the United States, in 
connection with any telecommunications service or VOIP service, to cause any caller identification service to transmit 
misleading or inaccurate caller identification information" What in this bill exactly deters someone from abroad to 
continue their activities? Firstly they're not bound by U.S. laws, secondly if their servers are abroad those servers 
are in their lawful means to do what is legally appropriate for their location.

Now argumentatively how will the United States seek to prosecute say a telemarketer from using a service abroad to 
traverse back into the U.S.? Let's re-read the letter of the law again shall we? "unlawful for any person within the 
United States, etc., etc., to cause any caller identification, etc., etc." So how does caller ID change, is it cause by 
the telemarketer, the server sending out the caller ID information, or the provider of that server. Obviously the 
telemarketer led the server to change the information, but ultimately the provider dished out the number, hence the 
provider being the true culprit.

The more I read about this law/rule/prohibition, the more I scratch my head at it.

So let's now see how the government intends on tracking someone shall we?

CallerIDBusterFoobar.com is a server located in Moscow. They're hosted there, their provider is their, their uplink is 
in Russia, etc. Joe Smith is a scumbag thief interested in stealing the credit card information of a "few good men". He 
lives in Boondock Arizona and spends much too much time thinking up scams. He signs up for an account at 
CallerIDBusterFoobar.com, assigns 800-DISCOVER as his caller ID and proceeds to scam countless people out of their 
information. With this information he sets up fradulent drops and pickups somewhere in Moldovia.

How will U.S. authorities track him down? They won't. They don't have access to the servers in Russia for starters, 
secondly how many people are reporting these crimes. Alright, let's be fair for a moment, someone at Discover 
"discovers" that the call actually originated from Russia. So what? Unless the foreign country is cooperating with U.S. 
authorities, there is little the United States government with all their so called legislation would be able to do.

Now let's take it a step further, Joe Smith decided to use Privoxy with a WiFi phone from an open network. He managed 
to steal a VoIP account while scanning a class A for port 5060 and leveraged someone's information. He always has used 
Tor and Privoxy on his personal distro of Linux on a CD so he knows that there will be no residue from his crimes due 
to him using this CD on this machine so he is scott free technologically.

How does the United States intend on stopping him again? I get it now, since the United States government in all of 
their mighty wisdom is passing this bill it is only obvious that criminals are going to respect U.S. laws, I mean after 
all those in government follow their own laws so why shouldn't a criminal.

Comments, criticism?

-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil infiltrated . net http://www.infiltrated.net

"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault