This article is not about anything new, but with Caller ID Spoofing being very buzzworthy in the news lately, this is a technique I'd like to shed some light on as it rarely talked about. As many of you know when you dial *67 to block your caller ID the person that you are calling will see "Anonymous" "Private" "Unknown" "Blocked" or another equivelent. However, *67 does not make your call untraceable. The Calling Party Number, or CPN, is still sent over SS7. There are also many ways to obtain the CPN information on a blocked call. When a call is blocked, it is simply marked as private in SS7 with what is known as a privacy bit or 'p-bit' for short. So most people just spoof Caller ID so that a totally different number shows up than the one they are calling from.
Did you know that you can also spoof the privacy bit as well though? Without going into any details, I know with at least one voip provider, with a little reverse engineering you can spoof Caller ID as well as the privacy bit. I've known that the privacy bit was just as spoofable as the CPN or number you want to spoof, but it recently dawned on me how useful this could actually be.
So you're thinking what is the point in spoofing Caller ID if you're just going to mark it as private? What use could this possibly have? The only use I could think of at first would be for harassment purposes, as the called party would just see a bunch of anonymous private calls and after a while they might try to *57 call trace it, and you could get someone else in trouble as the *57 call trace would come back to the spoofed CPN. Or the person would dial *69 and it would return the call to the CPN you were spoofing where an unknowing suspect would get yelled at for thinking they were slick dialing *67. This is just one juvenile use of spoofing the privacy bit.
The second use I thought of however was a useful one that I have tested and was pretty slick. As some of you know spoofing one's cellphone number to their own cellphone often drops you into their voicemail box. Only one problem though, the person you're calling is going to know something is up when they keep getting phone calls from their own cellphone number. So what you do is spoof their cellphone number AND the privacy bit. They'll only see a call from a private phone number. Once the voicemail answers, if they have left it on default, it will drop right into their voicemail! The added benefit is that because it is a private number, most cellphone users send private calls straight to voicemail anyways since they don't know who's calling, in this case they'ed never be the wiser that they just let you in to their own voicemail.
Spoofing the privacy bit can also let you know if they subscribe to services like Anonymous Call Rejection, Call Intercept, Etc.. which will be a pretty good indication that they rely on and trust Caller ID. This will also come in handy if you are trying to call someone's number several times but don't want the person to have any suspicion about who is calling. For example if you're trying to guess their voicemail password, trying to get a specific person to answer but don't want your real number OR a spoofed number to show up as another party that has control of the number may become suspicious. It could also come in handy for wardialing, most of the numbers you are calling won't care about the private number, but if you do find a carrier or another interesting number,at least you haven't left a foot print of where you were calling from so now you can call the number back later.
So remember, just because your spoofing Caller ID doesn't mean you have to let the person you're calling SEE the spoofed number!
Happy spoofing in 08!