[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Truths in "Truth in Caller ID Act"

To: full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Truths in "Truth in Caller ID Act"
From: "J. Oquendo" <sil@xxxxxxxxxxxxxxx>
Date: Sun, 1 Oct 2006 12:28:41 -0500

So the United States government wants to pass the "Truth in Caller ID" act. 
Humorously it will do little do deter criminals from spoofing their caller ID 
and scamming innocent victims. Here is the rule/law followed by why it will 
fail:

"It shall be unlawful for any person within the United States, in connection 
with any telecommunications service or VOIP service, to cause any caller 
identification service to transmit misleading or inaccurate caller 
identification information, with the intent to defraud or cause harm."

Re-read it a few times and let some common sense kick in. "unlawful for any 
person within the United States, in connection with any telecommunications 
service or VOIP service, to cause any caller identification service to transmit 
misleading or inaccurate caller identification information" What in this bill 
exactly deters someone from abroad to continue their activities? Firstly 
they're not bound by U.S. laws, secondly if their servers are abroad those 
servers are in their lawful means to do what is legally appropriate for their 
location.

Now argumentatively how will the United States seek to prosecute say a 
telemarketer from using a service abroad to traverse back into the U.S.? Let's 
re-read the letter of the law again shall we? "unlawful for any person within 
the United States, etc., etc., to cause any caller identification, etc., etc." 
So how does caller ID change, is it cause by the telemarketer, the server 
sending out the caller ID information, or the provider of that server. 
Obviously the telemarketer led the server to change the information, but 
ultimately the provider dished out the number, hence the provider being the 
true culprit.

The more I read about this law/rule/prohibition, the more I scratch my head at 
it.

So let's now see how the government intends on tracking someone shall we?

CallerIDBusterFoobar.com is a server located in Moscow. They're hosted there, 
their provider is their, their uplink is in Russia, etc. Joe Smith is a scumbag 
thief interested in stealing the credit card information of a "few good men". 
He lives in Boondock Arizona and spends much too much time thinking up scams. 
He signs up for an account at CallerIDBusterFoobar.com, assigns 800-DISCOVER as 
his caller ID and proceeds to scam countless people out of their information. 
With this information he sets up fradulent drops and pickups somewhere in 
Moldovia.

How will U.S. authorities track him down? They won't. They don't have access to 
the servers in Russia for starters, secondly how many people are reporting 
these crimes. Alright, let's be fair for a moment, someone at Discover 
"discovers" that the call actually originated from Russia. So what? Unless the 
foreign country is cooperating with U.S. authorities, there is little the 
United States government with all their so called legislation would be able to 
do.

Now let's take it a step further, Joe Smith decided to use Privoxy with a WiFi 
phone from an open network. He managed to steal a VoIP account while scanning a 
class A for port 5060 and leveraged someone's information. He always has used 
Tor and Privoxy on his personal distro of Linux on a CD so he knows that there 
will be no residue from his crimes due to him using this CD on this machine so 
he is scott free technologically.

How does the United States intend on stopping him again? I get it now, since 
the United States government in all of their mighty wisdom is passing this bill 
it is only obvious that criminals are going to respect U.S. laws, I mean after 
all those in government follow their own laws so why shouldn't a criminal.

Comments, criticism?

-- 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil infiltrated . net http://www.infiltrated.net

"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Truths in "Truth in Caller ID Act"
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Truths in "Truth in Caller ID Act"
  - From: Joe Barr

Prev by Date: [Full-disclosure] "POC 2006" by Korean hackers
Next by Date: Re: [Full-disclosure] Truths in "Truth in Caller ID Act"
Previous by thread: [Full-disclosure] "POC 2006" by Korean hackers
Next by thread: Re: [Full-disclosure] Truths in "Truth in Caller ID Act"
Index(es):
- Date
- Thread