Call ID spoofing
Call ID spoofing is the term used to describe the method by which calls can be made using a calling number that is spoofed for the called party. In this case, when the number of the called telephone is displayed, identification information, which is usually freely selectable, is displayed instead of the original number of the caller. This makes it possible to conceal the true identity of the caller from the called party in order to fake a false identity if necessary . This possibility exists in unregulated communication networks such as the Internet, but is also possible in regulated public networks (e.g. VoIP or classic telecommunications networks), albeit forbidden due to telecommunications laws (e.g. the German TKG).
Techniques and functionality
Since the introduction of the Call ID, there have also been ways to manipulate it. The most common variants are based either on Voice-over-IP technologies or the use of ISDN system connections ( DDI ). The technology only found widespread use with the introduction of Internet telephony via Voice over IP (VoIP). There were and still are other ways of falsifying the caller number, such as Orange Boxing or VoiceXML , but the simplest and most widely used methods are based on VoIP.
Call-ID spoofing with ISDN system connections is usually only possible in the respective number volume of the PBX, as the calling number is always checked for permissibility for this connection in a publicly regulated network ("number screening") . In addition, the CLIP -no screening- performance feature can be switched on ISDN system connections , which enables the called subscriber to be given any number (in the sense of spoofing), since this number is not checked for correctness by the exchange. In addition to this user-defined number ("user provided"), the "real" number is also sent ("network provided"). However, this “real” phone number can only be read with special end devices.
The number display for the called subscriber, the so-called CLIP , must be possible in order to be effective. If an unregulated communication network is used for a VoIP call over the Internet, there is always the option of freely choosing the so-called "display information" (i.e. what is shown on the screen of the person being called). This method can be used most easily for manipulation without having to change the calling number. If the calling number is also to be falsified, further changes to the VoIP registration or the selection of a more or less dubious VoIP provider are necessary. The caller selects z. B. First the customer service number of a provider for "Call ID spoofing". This service then offers the option of entering a number to be displayed on the screen of the recipient's VoIP phone. The call is then forwarded through the service provider. A browser-based type of use is possible on the Internet, in which the desired number of the user is entered on the page after registration, whereupon the further connection with the recipient takes place.
In regulated public telecommunications networks, this is generally not possible, even at network boundaries, such as calls from the Internet to the landline network , or is prevented by the locally applicable telecommunications laws, which result from a multitude of regulations for the display of telephone numbers (e.g. . in Germany by § 66k of the TKG ). Well-known spoofing in regulated public networks was mostly based on the non-observance of the telecommunications laws by the respective service provider and usually only existed for a short time, since such cases can be reported to the respective regulatory authority (in Germany the Federal Network Agency ).
Regulated versus unregulated networks
In a completely unregulated network, any subscriber could - with simple software - pretend to be any caller to a VoIP connection and transmit any number. The network operators try to prevent this by using appropriate data filters: VoIP connections are only permitted if the transmitted number matches the IP of the sending connection or the operator himself adds the caller's number to the caller's voice data. This also applies to calls to other providers (e.g. from a Telekom caller to a Vodafone subscriber). Incoming VoIP calls from other domestic or foreign providers, however, cannot be checked here.
This also avoids filtering: If fraudulent providers install their routers (or rent capacities) in countries with lax legislation and unregulated networks, calls can, for example, be routed via such a spoofing router in Tonga, where incorrect caller ID is added to the call data becomes. A fraudulent call, for example from a call center in Turkey, then arrives in Germany via Tonga - with an alleged German caller number. The German network operators can do little here on an ad-hoc basis, because it is quite possible that a domestic call can also be routed via any other country in individual cases. Only when a specific spoofing router becomes known to the authorities, its data traffic can be specifically suppressed.
application areas
In the USA , a procedure for falsifying the “Call ID” was first offered freely on the Internet in 2004. Hacker Kevin Mitnick demonstrated this on the Art Bell Show by changing his call identification to the FBI headquarters number for Los Angeles .
A wide range of applications for a possible Caller ID spoofing is obtained for journalists , detectives , lawyers and collection agencies that could use the technology to investigation and research purposes.
Call ID spoofing also encourages phone phishing . By pretending to be a false identity ("pretext calls"), one tries to obtain confidential information such as passwords, credit card information and the like. There are also increasing cases of SPIT ("spam over internet telephony") in which advertising calls cannot be traced back. In the case of Technical Support Scam , the caller's number is concealed in this way. In the past, this technology could also be used to query the mailbox of unauthorized persons without requiring a PIN to be entered.
In Austria , several people were victims of a fraud case in January 2017 in which the technology of call ID spoofing was used. The perpetrators pretended to be representatives of the National Bank and asked for money over the phone to lift a non-existent account block. In a subsequent call, the request was supported by providing a legal identity. The National Bank published a warning due to the incident. From a legal point of view, in addition to fraud, there is also a violation of telecommunications law.
Since 2017, call ID spoofing has been used on a larger scale in Switzerland to deliberately induce older people to surrender their valuables. The perpetrators pretended to be police officers, warned the victims of break-ins in the neighborhood and offered to collect valuables by a courier and keep them safe. In 2017, the perpetrators captured around 2 million Swiss francs in 19 successful cases, and the number is rising sharply.
Provider
In America , for example, a call ID spoofing service is offered by a company that issues so-called "spoof cards" which, like telephone cards , have credit for a certain duration of the call and can be purchased as part of a subscription by credit card. Functions such as voice adjustment and recording are also available. However, this service is limited to the USA and Canada . The first offer for call ID spoofing via VoIP in the USA appeared in 2004, and there are now a number of providers for this service. In Germany, there was also such a service from the Visukom company for a short time at the beginning of 2008, but this had to be discontinued due to non-compliance with contractual agreements for network operator access to the regulated public network.
See also
swell
- Kevin Mitnick, in: The Art of Deception, 2006, ISBN 3-8266-1569-7
- Dominique Dewitt, Landline, Cell Phone, Internet, 2010, ISBN 3-645-65015-6