Can anyone explain, using [layman's] terminology, how callers get their phone number to show up as [that of] another subscriber or a non-existent telephone number? What would be the cost of putting an end to this capability? Does anyone know of a cost-effective way of avoiding receiving calls that are falsely numbered?
I often get such calls at the fire house where I volunteer, from bill collectors and sales types. I only learn they are spoofed when I try to call back to get them to take the number off of their database. I get to turn those over to Department of Information Systems Technology (DIST) personnel and they must do something about them because I get very few repeats.
Obviously there has to be some way to put a stop to this nonsense. The real question is how much will it cost and who will pay.
If they have the right type of business service trunk (someone here can explain the technical term) then they are free to deliver their own calling party number identification into the system. This spoofing is on the increase because the FCC's enforcement posture has gone down the tubes over the past several years.
In other words, the FCC just doesn't care and the states usually can't inforce it because they have no jursidiction over interstate antics.
Caller-ID is not trustworthy information. You cannot expect it to be.
When you connect to the telco with a trunk line, you send it the caller-ID information on the line. You can send it anything you want. It's polite to send it correct information, but the telco doesn't check to see if it is valid.
Why would you call them back? They're already violating the law, to expect that they'll be polite and take you off the list is foolish.
Most of that stuff is already illegal anyway. If they were legitimate callers, they wouldn't need to hide behind fake caller-ID. What you need is for the existing laws to start getting enforced.
Years ago I worked on ISDN at Bell Labs. The Primary Rate Interface Specification, TR 41459, allowed PRI subscribers to specify, even on a call-by-call basis, whether on an incoming call they wanted to receive the "Calling Party Number" (CPN) or the "Billing Number" (BN). The CPN is indeed provided by the caller's customer-premises equipment and can be "spoofed" (a playful word that people use instead of "lie").
The purpose of having it provided is so PBX's can deliver the direct-inward-dialing number of a phone connected to the PBX. My 1999 copy of 41459 contains the following: "For domestic calls, the network will not check whether the CPN will be meaningful for the terminating user." Which means that the calling equipment can lie about the number. The Billing Number, however, is network provided and cannot be spoofed.
Digression: The one additional point I also never understood is that in the 41459 description of the Calling Party Number Information Element (section 3.6.5.9 of the 1999 revision) there is a two-bit field called "Screening indicator" whose values are
00 = user provided, not screened
01 = user provided, verified and passed
10 = user provided, verified and not passed
11 = network provided.
Presumably this is delivered to the called party who subscribes to PRI terminating service. I never knew "verified" means in this context. In principle it could mean that the user-provided number falls within the range of numbers assigned to the calling party, and if it failed verification that could mean it was spoofed. End digression.
But the real point I want to make is that at least at a call's terminating toll switch (41459 was for "direct connection" to the AT&T network, which meant a 4ESS), the switch generally received both the CPN and BN. Terminating PRI subscribers could/can choose to receive either number. I'm not very SS7 knowledgeable and don't understand how both these numbers are transmitted on the AT&T network. The Initial Address Message contains a "Calling Party Number" information element. Does AT&T send two of these, marking one as the billing number?
The question now is for calls going to phones on a local switch whether the CPN and BN numbers are both sent (at least by AT&T) to the local exchange network. If so, the LEC would have access to the (unspoofable) billing number and could use it in tracking spoofed CPN's.
I need someone with a bit more expertise here to help me fill in the gaps.
I call back because it is one of my duties. If they answer I try to get them to take the fire station telephone number off of the data base on the grounds that it is unlawful to call a Public Safety answering point using any form of automated equipment. I've never had one I reached fail to comply. If the number was spoofed I turn the matter over to the telephone system management office of the county's Department of Information Systems Technology (DIST). As I said in my original posting they must do something about it because I do not get the same bozos over again like I do at home.
Sure, but how do you know you're getting a call from them?
Probably about half the calls we get at my house are from politicians, people selling car warranties, skip tracers looking for the (decade-gone) former owner of the house and churches and the FOP begging for money. Perhaps half of those calls have spoofed caller ID. So I'd say about 25%. We're in the DNC list too... it might be higher if we were not.
--scott -- "C'est un Nagra. C'est suisse, et tres, tres precis."
***** Moderator's Note *****
Scott,
I suggest that you take one for the team, and keep track of the spoofed numbers, the organizations which are calling, and the contact number(s) they give out. Please send us a list.
We sure don't have that problem here. The few that might be phony never get answered anyway. In fact, we don't answer any calls except those from known IDs.
Interesting. I rarely see calls that are obviously spoofed (impossible or clearly false number). I just scrolled back my CID, and there weren't any in the last 100 calls, but I don't remember any in months (and I do look at the CID before answering, so I do notice). A fair number of CID-blocked calls (usually the sleaziest scams are CID-blocked), and some with no name lookup (mostly cellphones, I think), and an occasional call where the number showing is an 800 number (those calls may be irritating, but I wouldn't call them "spoofed"). Political calls sometimes have odd CIDs, but that's mostly because companies with multiple phone lines sometimes lend their offices to pols for phone banking.
I don't think it's a Democrat versus Republican issue and I think it infects more than just the FCC. [In] everything from regulating Wall Street to patroling Main Street, it seems we, as a nation, have lost the will to hold people accountable for their actions and [to] tell them they cannot do something (sex offenders excepted of course).
As long as people continue to point fingers at the other party nothing is really going to change. Remember, much of the deregulation that took place during the 1980s had its genesis during the Carter administration and had bipartisan support.
Caller ID had its exhaustive hearings (circa 1995) during the Clinton Administration. The initial order of the FCC was quite good in that it got the ball rolling by exercising federal supremacy. But, the FCC reserved the "PBX" paradox for later consideration, which never happened. That opened the door for spoofing.
Both Bushes and Mr. Clinton just made the problems worse, for the most part.
The current president isn't doing much, but at least he has appointed a head of the FCC who has some basic technical competence. When the upper agency management doesn't understand the technology they are regulating, it's impossible for them to make decisions competently.
There are still far fewer field offices today and most field offices only have one or two real engineers on staff. Until this changes, I don't think real enforcement of anything is going to happen.
--scott
-- "C'est un Nagra. C'est suisse, et tres, tres precis."
***** Moderator's Note *****
The FCC's Enforcement Division has been missing in action for as long as I can remember: the civil servants we entrust with the job of putting teeth into the rulemaking process have been content to issue citations to broadcast networks for trivial swear words, while ignoring their duties in every other part of the spectrum.
The sewer which used to be the Citizens Band is just one example: fishermen have taken to using amateur radio transceivers to talk with their homes, so little concerned about the FCC that they are willing to risk the title to their boats to save the cost of ship-to-shore calls. I'm ashamed to admit it, but many ham operators have using patently offensive language for years, behaving like spoiled children who seek a spanking because it's the only way anyone will pay attention to them anymore. Many businessmen, claiming the privilege of having a private radio channel instead of training their employees to share, have reprogrammed their fleet radios to usurp amateur, government, or other frequencies, secure in the knowlege that the FCC is a paper tiger intent only on looking good instead of doing well.
Not very useful, since most of them are 000-000-0000 or 123-456-7890 or various spurious 800 numbers which cannot be dialed back. I don't even pick up the phone any more.
However, if you are curious about the organizations that use the invalid (or even valid) 800 numbers, do a google search on the number and you'll usually turn up all kinds of useful information.
Slight different note: Remember a couple of month's ago the FCC dismissed my informal complaint against Vonage for failure to honor the FCC-mandated (and codified into federal regulation) per call blocking (*67)? They dismissed the complaint twice, asserting lack of jurisdiction.
I referred it to my Congressman who sent my complaint along with the form on his letterhead I had to fill out for his office. Gee, now the complaint is being worked the third time around. Plus, the feature now works.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.