============== Introduction ============== 5 minutes We described who we are, We discuss that we will be speaking on a wide range of subjects including VOIP, Caller ID/CPN, ANI, VXML & ASTERISK. ========== Education ========== 10 - 15 minutes Before we start this discussion we will have to educate you on what the hell we are talking about. First off, what is ANI? ANI is Automatic Number Identification. ANI is a method the telephone company uses to deliver your Billing Telephone Number, or BTN, to long distance carriers and toll-free numbers. This is not to be confused with Calling Party Number(CPN) Call an ANAC, explain op-diverting and ANI fails, demonstrate 10-10-288-0. What is Calling Party Number or CPN? Calling Party Number is "your" telephone number. In other words this is the actual telephone number that you are calling from. It is also the same number that is displayed on Caller ID when you place calls. However you can not prevent this number from being sent, only from being displayed on Caller ID devices. Call 800-555-1140. Demonstrate you can not block CPN, just the display of it on Caller ID devices. Note, this ANAC claims it's reading ANI, it's actually only reading CPN and flex ANI II digits before the CPN. What is Caller ID? Caller ID is a service that displays the Calling Party Number, and the Calling Party's Name(CNAM). ======== V.o.I.P ======== 5 minutes (generalization) Voice Over Internet Protocol. This is a service that allows you to place telephone calls over the internet through VoIP providers or place computer-to-computer calls. A lot of calling cards use VOIP to cut down on costs, they route your call from your location over the internet to a central office in the location you are calling that then switches your call to the phone number you are calling. Because the entire call isn't switched across the country, but rather from your location, through the internet and to the location you are calling. There are also many "broadband" phone companies that allow you to use your existing broadband connection in conjunction with a device known as an ATA to place telephone calls through the internet using regular telephones. (Some examples vonage, voicepulse, etc..) Then there are service providers like nuphone and voicepulse connect that allow you to use asterisk for a variety of applications. ========= Spoofing ========= 20 minutes Spoofing Caller ID has been around as long as the service it's self. There are several methods in which it can be spoofed. There are basically 2 methods of spoofing Caller ID. The first, less effective way, is to actually manipulate the signal that is sent to the Caller ID box, a method known as "orange boxing". This method can be done by calling the desired party with your phone number blocked, and then creating a fake Call Waiting Caller ID signal after the party answers their phone. This is obviously not very effective as it relies on the party looking at their Caller ID box after they pick up their phone. This method can also be used in a more complex way if you have physical access to the phone line that you want to place the call to, what one would have to do is break the dialtone on the line so that there is silence, and then generate a ring signal on the line, then splice in the spoofed Caller ID signal and then continue to make ring signals until the party answers. This method is extremely unpracticle and is probably never used. The second method, the more practicle one that is, is to spoof Called Party Number. The way Caller ID works is by default the CPN number will always be displayed as Caller ID. It is only if the customer requests their phone number to be blocked when placing a call that their phone number will be shown as "Private". With this known there are several ways to spoof CPN. The older ways of doing it involved needing an Primary Rate ISDN line. Then there were other ways of doing it by social engineering Operator Service Providers such as Telus. Another way of doing it was released earlier in 2003 using a VXML provider. VXML is the language that tell me uses to understand what you say and provide you with information and direct you to certain things. Using this same language and a VXML provider that could set CPN you could create a script that would allow you to place a call from any phone number you wanted to any number you wanted to call. Another method of spoofing CPN involves using a VOIP service like nufone. Using asterisk you can write a script to spoof CPN to any number you want and nufone will use that number on outgoing calls. And last but not least we will be demonstrating how someone who doesn't have money to buy a PRI line, doesn't have the skill to social engineer an operator or write a script to spoof for him, an average joe like you or me, can spoof at will, with a pay voice over IP service. The VOIP service is called Voicepulse. They have a lot of nifty features and one of them is called Anonymous Call Rejection with Prompting, as you might have guessed Anonymous Call Rejection rejects calls from callers marked Private or Out of Area, now what is prompting though? Prompting gives callers whose numbers do not apear on Caller ID the option of entering the phone number that they are calling from. Now when you receive a call from someone who provided "their" phone number through prompting, the caller ID display will say "Privacy Manager". However, if you have this service enabled and you also have Call Forwarding enabled the call is forwarded with the 10 digit number entered at prompting as the actual CPN for the call. The effect is that Caller ID is spoofed successfully. (we then demonstrate this) ====== Usage ====== 15 minutes Woah, that is so cool, I can make the caller ID say whatever I want when placing calls. But what usage is there for this in the real world? Well for one thing many people use CPN for authentication. Remember even though you block your Caller ID, the CPN is always sent. But wait, I thought the ANI was always sent too, why would anyone use CPN for verification when ANI could easily prove that the CPN is false. This is a good question, but ANI does not necessarily prove that the CPN is false. It is true that under normal circumstances, when calling from your home phone line your CPN and your ANI should be the same phone number. However when calling from a cellphone for example your CPN will be your cellphone number and the ANI will be an arbitrary number used by the cellphone company. So many services use CPN for verification and disregard ANI altogether. A lot of voicemail services use CPN to let you right into your mailbox without any passcode, credit card companies tell you you have to call from your own telephone to activate credit cards, and even telephone company 800 numbers such as Verizon's Advance Services number will let you right in as long as you're calling from your 'own telephone.' The problems with using CPN for verification are very obvious, it can be spoofed rather easily, it's almost the same as just asking for your phone number. How would you like it if someone stole your brand new credit card out of the mail and all the theif had to do was call the toll free number and enter your phone number to get it activated, if all the theif has to do is spoof Called Party Number as your phone number it is essentially the exact same effect. Hell, when I call from a DIFFERENT phone number to activate my credit card I was asked all kinds of things like when I first got a credit card account, what my date of birth was, my mother's maiden name, yet aparently the credit card companies seem to think that your phone number is as valuable as all the pieces of information combined. The other problem that is created with CPN being so easily spoofable is what is the point in transmitting the CPN at all? With the ability to spoof CPN you literally can bypass every Call Screening service offered by the phone company, why pay $7/mo for caller ID, another $3-5/mo for services like Call Intercept, Anonymous Call Rejection, etc.. These are all extra services that we pay for, when in actuality anybody can make it look like they are calling from anywhere and it is literally a waste of our money. We are no more better off now than we were before Caller ID was invented, weather or not we look at our little piece of hardware we have no way of knowing who is actually calling us, just because the display flashes a phone number does not mean that is the actual number calling us, so why even bother purchasing Caller ID. Even the services that are offered to reject anonymous callers do not do any good even if CPN was not spoofable. Anonymous Call Rejection can easibly be bypassed by placing a call through the local operator or through a calling card. Call Intercept is almost undoubtedly always set to a default passcode that allows callers from blocked numbers to key in that code and call your house with the caller ID saying "High Priority". And no matter what the Caller ID says, even if they don't know how to bypass these services, your phone will still undoubtably ring, even if they have to say their name. My point is we should not waste away our lives screening our calls, the best way to screen a call is to pick up the phone and if it's someone you don't want to talk to hang up on them. If you don't want to talk to them why worry about hurting their feelings, you obviously don't care about them anyways. ========================= Caller ID Privacy Issues ========================= 15 minutes And there is even ONE more problem with spoofing CPN, and that is that it allows anyone with your phone number to pull up the name that is on your phone bill. This can cause a huge privacy concern. You can have your number unpublished, and never call anyone with your caller ID unblocked, yet anyone who has your number can spoof it as Caller ID and retrieve the name your phone bill is under. In fact if one was so inclined they could set up a script that could spoof a full prefixes of 10,000 numbers and collect the names associated with those phone numbers and compile a directory of everyone in a single areacode. (we demonstrate backspoofing and what not) This isn't the only privacy issue with Caller ID. Even if you block your Caller ID your number is still sent as CPN, there is simply a flag telling the central office that completes the call not to display your phone number to the called party. Unfortunately this flag is not an adequate substitute for privacy. There are many services that will still allow you to capture CPN information even if the flag for privacy is set. The most obvious is toll-free services, as we demonstrated earlier with ANACs that announce your CPN. But just because you are calling a toll number do not assume that the called party can not receive your phone number. Services such as nufone will actually send the called party number information to your asterisk box. Another way of pulling CPN information is to simply call forward your line to a toll free number that captures CPN information such as a UREACH number. The CPN will be passed along the whole call and when the caller leaves a voicemail you will actually receive their CPN information. There are even voicemail services that collect CPN information on toll numbers. K7.net offers Seattle 206 voicemail numbers that when you call one of these numbers your CPN information will be saved and displayed to the voicemail user. =============== Additional Info =============== 5 - 10 minutes ==================== Questions & Answers ==================== 25 minutes remaining Let the audience ask about anything they may not have understood.