Why can't we prevent spoofed phone number telemarketers?

[Craig234]

Why is our phone system so insecure that no one but the NSA can find out who calls us, when the caller spoofs their phone number? That we can't block such calls?

I've gone through the 'system' as it exists - press a code to report the number that called you to law enforcement, and it'll report the 'real' number, they say.

Called the police department: they have no idea what I'm talking about or how to get the number supposedly sent to them.

Called the phone company, eventually reached the security team. Put them in touch with police.

First, the police said they have no resources to do anything about phone fraud or crime.

Second, the number the security team had - the same spoofed number as caller id. They explained when the caller spoofs their number, they can't get the real number either.

Before I send a note to my Congressman, there's a technical issue.

Why can't our phone system be better at not allowing this 'spoofing' or better tracking to be able to identify the caller or block spoofed calls?

I have the 'call rejection service' - which seems almost pointless in that you identify specific numbers but the crooks constantly use new numbers; but as bad as that is, the service is limited to only 12 numbers on the list, which is quickly exceeded - but that's another issue.

Is it feasible to ask for the government to demand improvements to the phone system, as far as the technical options for the phone companies?

[shortylickens]

I wanna contribute to this thread but the only points I can bring up are political.

[LCTSI]

The problem has to be significant enough to address. Got any info on that?

[imagoon]

You get the caller ID. You can't fake the ANI information. The phone system itself isn't insecure, it was just a decision that the caller ID system uses data that can be manipulated. The ANI is the raw circuit routing information that if faked would cause the call to not connect. Basically callerID = DNS while ANI = the IP address. The issue is the ANI can't be sent down the analog line while caller ID is a burst of analog sound.

Spoofing also has valid uses. Nearly all business are forced to use it. If you have 2 T1's and use DID, the ANI will be the base number for that PRI + some circuit data. The caller ID however can be the proper number. So the ANI might be AZB..123132 3125551200 5 485 indicating the base number of 312-555-1200 channel 5 DID 485 which would match DID #1212. The caller ID would say 312-555-1212.

[Craig234]

Quote:

Originally Posted by imagoon

You get the caller ID. You can't fake the ANI information. The phone system itself isn't insecure, it was just a decision that the caller ID system uses data that can be manipulated. The ANI is the raw circuit routing information that if faked would cause the call to not connect. Basically callerID = DNS while ANI = the IP address. The issue is the ANI can't be sent down the analog line while caller ID is a burst of analog sound.

Spoofing also has valid uses. Nearly all business are forced to use it. If you have 2 T1's and use DID, the ANI will be the base number for that PRI + some circuit data. The caller ID however can be the proper number. So the ANI might be AZB..123132 3125551200 5 485 indicating the base number of 312-555-1200 channel 5 DID 485 which would match DID #1212. The caller ID would say 312-555-1212.

Thanks for the very informative post - the question remains, how can we improve the system to not allow the abuses while meeting the legitimate needs?

[imagoon]

Quote:

Originally Posted by Craig234

Thanks for the very informative post - the question remains, how can we improve the system to not allow the abuses while meeting the legitimate needs?

We would need to revert the decision to allow the caller ID to be manipulated from the caller switches (pbx) or have some sort of approved list of numbers per trunk. This would require the phone company to actually care about this issue also.

[alkemyst]

Quote:

Originally Posted by Craig234

Thanks for the very informative post - the question remains, how can we improve the system to not allow the abuses while meeting the legitimate needs?

Go back to only POTS.

With VoIP you need to be able to 'set' your own numbering plans.

[alkemyst]

If everyone played by the book, this would be easily handled on the outgoing external calls vs the internal ones. It's an honor system.

[Red Squirrel]

I never understood it either. When you look at an IP network, you cannot spoof an IP (assuming you are establishing a 2 way connection and need data back). The receiver router will tell you the IP that is connected to it, not the IP that the connection says it has.

I don't know exactly how caller ID works (I probably should given I work for the phone company) but from my understanding it's the call display protocol actually saying "I'm so and so, and this is my number" so someone with the right equipment can easily spoof it.

A coworker as a joke used prank dialer on one of our non pbx lines at work, another coworker not knowing where it was coming from actually logged into the phone switch, not a PBX, but the actual phone switch for the whole region to post the number and see who the caller is, and even in the switch the number was showing up as like "5" or something, it was not even a valid number. You'd think the call display protocol would be more secure than that and not allow spoofing like this. Kinda like email, where you can go through the headers, the IP will be real, you can't really spoof that, unless it passes through a server that's malicious and it modifies the previous headers or something. But the end email server will tell you the actual IP that communicated with it, not an IP that was put in by the user or another system.

[alkemyst]

There are ways to hide the original IP though...

If you understand the methods behind VoIP and how it works internally vs externally you will understand the reasons better.

In the end from anyone that would truly need the ANI, it's available. Unfortunately the bell carriers don't extend that ANI ability to the customer. ANI also works when you block your number.

[stevech]

If the telephone industry was still a regulated monopoly, there wouldn't be nefarious VOIPers and the like enabling faked caller ID.

Deregulation in the US - as an ideology: nice.
Reality: we pay more post-deregulation.
But the flaws in telephone industry deregulation pale by comparison to those of electricity and somewhat analogous, natural gas.

[imagoon]

Quote:

Originally Posted by stevech

If the telephone industry was still a regulated monopoly, there wouldn't be nefarious VOIPers and the like enabling faked caller ID.

Deregulation in the US - as an ideology: nice.
Reality: we pay more post-deregulation.
But the flaws in telephone industry deregulation pale by comparison to those of electricity and somewhat analogous, natural gas.

Nice try to spin this as political, but you could do this even when "Ma Bell" was still running the show. DID's require this feature to map the number from the PRI channel data.

[notposting]

Are you getting the effin "you are eligible to lower your credit card rates" calls. MF'ers. I get them on my cell (we have been cell only for years), they don't respect cell numbers, the do not call list, or asking to be removed from their list (why they instead waste time calling me over and over is beyond me). Most of the time the calls just die before getting to a person. Been hoping to get one for awhile to string them along for 20 minutes and totally waste their time. Maybe they will take me off their list then

[imagoon]

Quote:

Originally Posted by notposting

Are you getting the effin "you are eligible to lower your credit card rates" calls. MF'ers. I get them on my cell (we have been cell only for years), they don't respect cell numbers, the do not call list, or asking to be removed from their list (why they instead waste time calling me over and over is beyond me). Most of the time the calls just die before getting to a person. Been hoping to get one for awhile to string them along for 20 minutes and totally waste their time. Maybe they will take me off their list then

Google voice takes care of that issue. Soon as I get those calls I block them with the "this number has been disconnected" message.

[PsiStar]

Quote:

Originally Posted by imagoon

Google voice takes care of that issue. Soon as I get those calls I block them with the "this number has been disconnected" message.

I use Google voice the same way

[alkemyst]

Quote:

Originally Posted by notposting

Are you getting the effin "you are eligible to lower your credit card rates" calls. MF'ers. I get them on my cell (we have been cell only for years), they don't respect cell numbers, the do not call list, or asking to be removed from their list (why they instead waste time calling me over and over is beyond me). Most of the time the calls just die before getting to a person. Been hoping to get one for awhile to string them along for 20 minutes and totally waste their time. Maybe they will take me off their list then

you spent 20 mins with them, they will call back.

[wirednuts]

Quote:

Originally Posted by PsiStar

I use Google voice the same way

wow, that sounds like a killer feature. im getting close to the bandwagon... i havent changed my phone number in 12 years though

[imagoon]

Quote:

Originally Posted by wirednuts

wow, that sounds like a killer feature. im getting close to the bandwagon... i havent changed my phone number in 12 years though

I just imported my existing one. I know I have given my life to google but yeah....