mailing list archives
Truths in "Truth in Caller ID Act"
From: "J. Oquendo" <sil () infiltrated net>
Date: Sun, 1 Oct 2006 12:28:41 -0500
So the United States government wants to pass the "Truth in Caller ID" act. Humorously it will do little do deter
criminals from spoofing their caller ID and scamming innocent victims. Here is the rule/law followed by why it will
"It shall be unlawful for any person within the United States, in connection with any telecommunications service or
VOIP service, to cause any caller identification service to transmit misleading or inaccurate caller identification
information, with the intent to defraud or cause harm."
Re-read it a few times and let some common sense kick in. "unlawful for any person within the United States, in
connection with any telecommunications service or VOIP service, to cause any caller identification service to transmit
misleading or inaccurate caller identification information" What in this bill exactly deters someone from abroad to
continue their activities? Firstly they're not bound by U.S. laws, secondly if their servers are abroad those servers
are in their lawful means to do what is legally appropriate for their location.
Now argumentatively how will the United States seek to prosecute say a telemarketer from using a service abroad to
traverse back into the U.S.? Let's re-read the letter of the law again shall we? "unlawful for any person within the
United States, etc., etc., to cause any caller identification, etc., etc." So how does caller ID change, is it cause by
the telemarketer, the server sending out the caller ID information, or the provider of that server. Obviously the
telemarketer led the server to change the information, but ultimately the provider dished out the number, hence the
provider being the true culprit.
The more I read about this law/rule/prohibition, the more I scratch my head at it.
So let's now see how the government intends on tracking someone shall we?
CallerIDBusterFoobar.com is a server located in Moscow. They're hosted there, their provider is their, their uplink is
in Russia, etc. Joe Smith is a scumbag thief interested in stealing the credit card information of a "few good men". He
lives in Boondock Arizona and spends much too much time thinking up scams. He signs up for an account at
CallerIDBusterFoobar.com, assigns 800-DISCOVER as his caller ID and proceeds to scam countless people out of their
information. With this information he sets up fradulent drops and pickups somewhere in Moldovia.
How will U.S. authorities track him down? They won't. They don't have access to the servers in Russia for starters,
secondly how many people are reporting these crimes. Alright, let's be fair for a moment, someone at Discover
"discovers" that the call actually originated from Russia. So what? Unless the foreign country is cooperating with U.S.
authorities, there is little the United States government with all their so called legislation would be able to do.
Now let's take it a step further, Joe Smith decided to use Privoxy with a WiFi phone from an open network. He managed
to steal a VoIP account while scanning a class A for port 5060 and leveraged someone's information. He always has used
Tor and Privoxy on his personal distro of Linux on a CD so he knows that there will be no residue from his crimes due
to him using this CD on this machine so he is scott free technologically.
How does the United States intend on stopping him again? I get it now, since the United States government in all of
their mighty wisdom is passing this bill it is only obvious that criminals are going to respect U.S. laws, I mean after
all those in government follow their own laws so why shouldn't a criminal.
sil infiltrated . net http://www.infiltrated.net
"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Truths in "Truth in Caller ID Act" J. Oquendo (Oct 01)