Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Legal Spying Via the Cell Phone System

CmdrTaco posted more than 4 years ago | from the totally-legal-yup-right dept.

Communications 139

An anonymous reader writes "Two researchers say they have found a way to exploit weaknesses in the mobile telecom system to legally spy on people by figuring out the private cell phone number of anyone they want, tracking their whereabouts, and listening to their voice mail."

Sorry! There are no comments related to the filter you selected.

Obligatory (1)

OdoylesRule (1765008) | more than 4 years ago | (#31925236)

In Soviet Russia, phone calls you!

You missed something (1, Informative)

Anonymous Coward | more than 4 years ago | (#31927274)

In Soviet Russia, phone calls you!

You missed a small detail. It's supposed to be funny, too.

Nothing new here.. (0)

Anonymous Coward | more than 4 years ago | (#31925246)

Google already does this.

first ! (0, Funny)

Anonymous Coward | more than 4 years ago | (#31925250)

ya ha ahaaaa phone up my asss!

remove battery? (1)

newdsfornerds (899401) | more than 4 years ago | (#31925290)

Is it true that the gubmint can track the location of my cellie even when it's off? Or do I really need to disconnect the battery?

Re:remove battery? (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#31925610)

I believe that is true.

I've had a cell phone "turned off" for about a month one time to find the battery completely drained. Some activity must be going on. Just my personal experience. You don't have to buy my FUD though.

Re:remove battery? (1)

characterZer0 (138196) | more than 4 years ago | (#31925680)

I had a Motorola mobile phone that drained faster while off than it did while on. It could just be poor design or corrosion.

Re:remove battery? (5, Informative)

datapharmer (1099455) | more than 4 years ago | (#31925816)

If you just let a disconnected battery sit in a drawer it will drain itself too. It must be wireless electricity doodads in the battery and phone so the phone can send information on you to the secret police even if the battery is pulled. Quick, run before they find out you know too much!

Or maybe batteries just have a tendency to run dead when not in use due to self-discharge [wikipedia.org] . Now get off my tech site.

Re:remove battery? (1)

alan_dershowitz (586542) | more than 4 years ago | (#31928422)

He may not have been right about suspecting being spied on because of battery discharge, but the government can in fact remotely activate some cell phones and eavesdrop on nearby conversations with them:

FBI taps cell phone mic as eavesdropping tool [cnet.com]

Re:remove battery? (1, Funny)

Anonymous Coward | more than 4 years ago | (#31929408)

Dude, it gets worse, I saw this documentary where this rich guy used all the cell phones in a city to listen to the whole city. It got so bad his friend was, like, made at him and everything. I think the police were in on it cause they had this light thing that signaled him when they wanted him to work for them or something.~

Re:remove battery? (0)

Anonymous Coward | more than 4 years ago | (#31929242)

Or maybe batteries just have a tendency to run dead when not in use due to self-discharge [wikipedia.org] . Now get off my tech site.

That was a little harsh. Even if you're surely right all the time with a wikipedia link to prove it.

Re:remove battery? (1)

datapharmer (1099455) | more than 4 years ago | (#31929628)

I don't usually reply to anonymous cowards, but just to clear the air... I didn't mean to be harsh - many cellphones have a soft off (such as the iphone) and others can be modified for monitoring purposes by law enforcement. I just wanted to make the point that just because the battery drains doesn't mean you need to live in a tin foil fort in the woods. And yes, I know wikipedia isn't always right. I didn't feel like searching any harder for another link - the wikipedia one worked and made my point. And yes, I am surely right all of the time, so there!

Read your own link smartass (1)

thelexx (237096) | more than 4 years ago | (#31929578)

The worst case mentioned on that page was 30% discharge per month.

Re:remove battery? (1)

newdsfornerds (899401) | more than 4 years ago | (#31925838)

Screw the aluminum foil hat. I'm going with a Ti alloy this time.

Re:remove battery? (5, Informative)

MaskedSlacker (911878) | more than 4 years ago | (#31925918)

I once worked in a secured facility (DOE lab) where security briefings included being told that one of the reasons cellphones are not allowed is that they can be remotely tracked, accessed, and the microphones can be activated--even when the phone is off.

Whether its true or not, at a minimum, the people involved in setting security protocols for the DOE certainly think it is.

Re:remove battery? (0)

Anonymous Coward | more than 4 years ago | (#31926796)

It seems technically possible. This would mean the phone is not actually off and that it turns off only the user controllable parts. If those guys fear the phones, it might be that they know more than we do about how phones are designed.

Re:remove battery? (1)

xeoron (639412) | more than 4 years ago | (#31929106)

There was a article in the Boston Globe a few years back that talked about how the FBI had uploaded a custom software update to a turned off phone that would turn the mic on for them to listen to conversations the person was having while not on the phone, and how the phone company helped them do it. All of this came out about 2 years after the fact when they charged several people for charges related to organized crime.

Re:remove battery? (0)

Anonymous Coward | more than 4 years ago | (#31928392)

I once worked in a secured facility (DOE lab) where security briefings included being told that one of the reasons cellphones are not allowed is that they can be remotely tracked, accessed, and the microphones can be activated--even when the phone is off.

With iphones, yes. Iphones never really turn off. And since Steve Jobs hates you, you can't disconnect the battery.

Re:remove battery? (1)

Buelldozer (713671) | more than 4 years ago | (#31929362)

There is no question that all of those things can be done.

Re:remove battery? (1)

poetmatt (793785) | more than 4 years ago | (#31925988)

no, it's a bunch of crap. All phones have a battery-less location feature but it's only turned on if you dial 911. Otherwise, having the battery in your phone or not doesn't affect whether or not you can be tracked.

Batteries will naturally dissipate on their own, usually to the tune of 3-30% per day depending on the capacity of the battery. Higher %age on smaller batteries. Have you never heard of that?

Re:remove battery? (1)

IndustrialComplex (975015) | more than 4 years ago | (#31926136)

no, it's a bunch of crap. All phones have a battery-less location feature but it's only turned on if you dial 911. Otherwise, having the battery in your phone or not doesn't affect whether or not you can be tracked.

I think you mean service-less emergency dial feature. Battery-less the phone isn't going to dial anything.

Re:remove battery? (0)

Anonymous Coward | more than 4 years ago | (#31929176)

no, it's a bunch of crap. All phones have a battery-less location feature but it's only turned on if you dial 911. Otherwise, having the battery in your phone or not doesn't affect whether or not you can be tracked.

Take the crack pipe out of your mouth and step away from the keyboard...

Re:remove battery? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31925720)

If it's off for the purposes of an airline, (that is, radio off in order prevent interference), then it's off for the purposes of this, since it depends on the phone communicating with the cell tower.

Re:remove battery? (1)

phasm42 (588479) | more than 4 years ago | (#31925784)

Is it true that the gubmint can track the location of my cellie even when it's off? Or do I really need to disconnect the battery?

It's theoretically possible since it's a soft power-off. Hypothetically, the phone could still be operating while giving the appearance of being turned off. By the same token, it could be taking pictures and transmitting audio even when you're not on a call and not using the camera, or even when "off". Whether this is ever actually done, I don't know.

Re:remove battery? (1)

kamochan (883582) | more than 4 years ago | (#31927112)

I have been demonstrated exploit code for the n900 which does that. Haven't heard of it in the wild, though...

Re:remove battery? (1)

azh (1717056) | more than 4 years ago | (#31926690)

What about storing your phone in a Faraday cage?

Re:remove battery? (1)

newdsfornerds (899401) | more than 4 years ago | (#31926808)

Those are expensive. I'll keep it under my lead foil hat for now.

Re:remove battery? (2, Funny)

Captain Centropyge (1245886) | more than 4 years ago | (#31927632)

Does a hamster cage count..?

Re:remove battery? (1)

Matheus (586080) | more than 4 years ago | (#31928000)

Why not just live in one [youtube.com] (1:03 in)

Re:remove battery? (1)

natehoy (1608657) | more than 4 years ago | (#31928456)

My house has aluminum siding, and I assure you, it works. I get four bars outside the house, but had to purchase a repeater to get signal inside, or all of my cell phone use at home would have to be while standing next to a window that faces a cell tower.

Re:remove battery? (0)

Anonymous Coward | more than 4 years ago | (#31927164)

I have an iPhone you iNsensitive clod.

Uhm, bad headline. (4, Insightful)

dmgxmichael (1219692) | more than 4 years ago | (#31925300)

Just because it's possible doesn't make it legal.

Re:Uhm, bad headline. (-1, Troll)

BadAnalogyGuy (945258) | more than 4 years ago | (#31925396)

Clearly it ought to be legal though. Technology changes, and sometimes the old rules don't apply and need to be changed to accommodate the new technology.

Case in point: Copyrights

Re:Uhm, bad headline. (2, Insightful)

Anonymous Coward | more than 4 years ago | (#31925908)

Clearly it ought to be legal though.

What the fuck are you smoking that makes you think this should be legal?

Re:Uhm, bad headline. (1)

Captain Centropyge (1245886) | more than 4 years ago | (#31927662)

^^THIS!!

Re:Uhm, bad headline. (1)

tophermeyer (1573841) | more than 4 years ago | (#31927996)

Clearly it ought to be legal though.

What the fuck are you smoking that makes you think this should be legal?

Um. Whoosh! I think? I'm not sure that post was entirely sincere. Or maybe I'm assuming sarcasm where there isn't any. Either way, maybe you should get ahold of some just to curb some of that hostility brah.

Re:Uhm, bad headline. (0)

Anonymous Coward | more than 4 years ago | (#31928110)

You aren't sure yourself, so that shows that at least one other person finds his post questionable at the least.

And sorry "brah", but I'm quite adamant when it comes to people thinking that these kind of major privacy violations should be allowed.

I'll accept a "whoosh" if necessary, but I stand by my "hostility" concerning this subject.

Re:Uhm, bad headline. (1)

crazyvas (853396) | more than 4 years ago | (#31928202)

What the fuck are you smoking that makes you think this should be legal?

Whatever it is, it's not legal.

Re:Uhm, bad headline. (1)

pluther (647209) | more than 4 years ago | (#31928342)

But it ought to be.

Re:Uhm, bad headline. (2, Insightful)

SQLGuru (980662) | more than 4 years ago | (#31926210)

Saw a line about spoofing caller id info. That isn't legal.....now.

Re:Uhm, bad headline. (0)

girlintraining (1395911) | more than 4 years ago | (#31925404)

Just because it's possible doesn't make it legal.

With good enough lawyers, everything is legal.

Re:Uhm, bad headline. (1)

warGod3 (198094) | more than 4 years ago | (#31925766)

It's only illegal if you get caught.

it's not the headline that's bad. (4, Interesting)

fyngyrz (762201) | more than 4 years ago | (#31925814)

With good enough lawyers, everything is legal.

With the ability to read the constitution - and reason above a third grade level - it is 100% clear that spying on a US citizen's communications without probable cause AND a warrant is not an authorized power for the US government or a US state. It is also doubtful that there exists, or can exist with constitution as currently constructed, a justification for a private citizen exercising such a power.

Re:it's not the headline that's bad. (1)

IndustrialComplex (975015) | more than 4 years ago | (#31926328)

With the ability to read the constitution - and reason above a third grade level - it is 100% clear that spying on a US citizen's communications without probable cause AND a warrant is not an authorized power for the US government or a US state. It is also doubtful that there exists, or can exist with constitution as currently constructed, a justification for a private citizen exercising such a power.

The Constitution's prohibitions against search and seizure do not apply to private citizens at all. There are supplimental laws that may prohibit certain acts, but it is not unconstitutional.

Re:it's not the headline that's bad. (2, Informative)

JesseMcDonald (536341) | more than 4 years ago | (#31926910)

You started out so well...

With the ability to read the constitution - and reason above a third grade level - it is 100% clear that spying on a US citizen's communications without probable cause AND a warrant is not an authorized power for the US government or a US state.

But then you had to go and ruin it:

It is also doubtful that there exists, or can exist with constitution as currently constructed, a justification for a private citizen exercising such a power.

The Constitution does not apply to private citizens. It is a document which enumerates the powers granted (or explicitly withheld from) the federal government and the states. It may be argued (though I would disagree) that the Constitution permits the federal government to prohibit private citizens from sending or receiving the radio signals required to eavesdrop on the cell phone system. If so, this would be in the domain of the FCC. However, nothing in the Constitution requires the federal government to prohibit such actions.

Unauthorized interception of someone's physical mail, or tapping into a wired communication system, is prohibited under common law as a violation of another party's property rights (in the mail or the wires, not the content--note that it is up to the owner of the wires to guarantee communications privacy to the end-users). Transmitting radio signals so as to alter the behavior of the cell system could be argued to fall under the same heading. However, nothing in the common law would prevent anyone from passively receiving and decoding the signals that system transmits over the air. If that is a problem, either (a) encrypt your over-the-air communications, or (b) communicate through a channel over which—unlike free-space radio—one can legitimately claim property-rights.

Re:it's not the headline that's bad. (1)

m.ducharme (1082683) | more than 4 years ago | (#31927222)

Of course, US presidents have been wiping their asses with the Constitution for 10 (30? 100?) years now, so...yeah.

Re:Uhm, bad headline. (1)

BhaKi (1316335) | more than 4 years ago | (#31925832)

With complicated enough law, everything is illegal.

Re:Uhm, bad headline. (0)

Anonymous Coward | more than 4 years ago | (#31925772)

Just because it's possible doesn't make it legal.

Indeed. I see various forms of fraud going on here. I am interested to know that it is possible, however.

Re:Uhm, bad headline. (1)

EdIII (1114411) | more than 4 years ago | (#31927036)

Just because it's possible doesn't make it right.

Unfortunately, everything that they are doing short of the voicemail hacking is currently legal in 49 states, and possibly 50 states.

They are exposing the extremely weak security of the overall telecom industry. What they did was considered normal operations. Maybe not something that an average person would be doing, but not against any TOS or laws.

It boils down to Caller ID spoofing. Create strong laws, stronger than the ones currently in Congress, and you will make stuff like this illegal.

Legal? What about the new caller ID law... (4, Interesting)

Orga (1720130) | more than 4 years ago | (#31925354)

From TFA: DePetrillo used open-source PBX software to spoof the outgoing caller ID and then automated phone calls to himself, triggering the system to force a name lookup. I thought spoofing caller ID was now illegal...

Re:Legal? What about the new caller ID law... (2, Insightful)

Qwell (684661) | more than 4 years ago | (#31925424)

Plus the whole breaking into voicemail boxes thing.

Re:Legal? What about the new caller ID law... (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#31925442)

It is. And yes, they are doing it on a massive scale to pull thousands of records. So how long before a lawsuit?

Re:Legal? What about the new caller ID law... (3, Informative)

russotto (537200) | more than 4 years ago | (#31925454)

He's calling himself, so he'd certainly lack any intent to deceive (which is an element of the new caller ID law). Do most people's cell phones work with caller ID with name? Neither mine (ATT) nor my wife's (Verizon) comes up with a name.

Re:Legal? What about the new caller ID law... (1)

nextekcarl (1402899) | more than 4 years ago | (#31925980)

What if he has multiple personality disorder? Or maybe like many car salesmen I know, he openly lies to himself so he can sleep at night? I wouldn't be so quick to assume there's no deception here.

On a more serious note, I was wondering something along those lines myself. I have T-Mobile and I could have sworn that mine used to do caller ID with name years ago. Now it only does it if the number's in my address book, and I was trying to figure out when that changed, or if I'm just insane (strong possibility some days).

Re:Legal? What about the new caller ID law... (1)

Cougar Town (1669754) | more than 4 years ago | (#31926080)

My phone (Rogers) shows the name.

Re:Legal? What about the new caller ID law... (0)

Anonymous Coward | more than 4 years ago | (#31925518)

What about it? It hasn't been signed yet (at least as of yesterday) and the FCC has to put it in place 6 months after it's signed. So, I guess for this particular research it was fine and will continue to be fine.

Re:Legal? What about the new caller ID law... (1)

Ungrounded Lightning (62228) | more than 4 years ago | (#31927972)

And once it IS signed it's still legal if you're in one of a number of other countries when you do it. (I wonder if the EU laws on personal information apply to the caller-ID info retrieval step if it's done there?)

As far as I can see (IANAL) the only step that's currently illegal in the US is cracking past the voicemail password. That's illegal under the Computer Fraud and Abuse act (accessing a protected computer) and occurs at the server location even if it's initiated from outside the US so there's jurisdiction.

Re:Legal? What about the new caller ID law... (1)

Eponymous Coward (6097) | more than 4 years ago | (#31925990)

I believe it depends on the intent.

You can still spoof as long as you aren't doing so to deceive or defraud.

Re:Legal? What about the new caller ID law... (1)

Ungrounded Lightning (62228) | more than 4 years ago | (#31928520)

You can still spoof as long as you aren't doing so to deceive or defraud.

Seems to me that spoofing caller ID in order to trick the database into delivering information on some other phone user constitutes intent to defraud.

Re:Legal? What about the new caller ID law... (1)

theY4Kman (1519023) | more than 4 years ago | (#31926680)

It hasn't been signed into law yet: http://www.govtrack.us/congress/bill.xpd?bill=s111-30 [govtrack.us]

Re:Legal? What about the new caller ID law... (1)

theY4Kman (1519023) | more than 4 years ago | (#31926720)

Sorry, that's the 2009 bill. The 2010 version -- the one relevant now -- is here: http://www.opencongress.org/bill/111-h1258/show [opencongress.org]

In Germany? (1)

DABANSHEE (154661) | more than 4 years ago | (#31927114)

Anyway unless the software he's using is illegal or the order of key strokes he's typing is illegal then nothing he's doing is illegal, well unless the result of using that software with those keystrokes is illegal, but then according to common-law it's up to the law enforcement body to prove he knew what the result would be.

Re:Legal? What about the new caller ID law... (0)

Anonymous Coward | more than 4 years ago | (#31928920)

From TFA: DePetrillo used open-source PBX software to spoof the outgoing caller ID and then automated phone calls to himself, triggering the system to force a name lookup.

Name lookup? What is that?

The article claims that by calling someone with spoofed callerID, the phone system will look up the corresponding name to the spoofed callerID and pass along the corresponding name.

I've never heard of that functionality, but now I've got something to try with the office PBX!

Re:Legal? What about the new caller ID law... (1)

J053 (673094) | more than 4 years ago | (#31929536)

From TFA:

I thought spoofing caller ID was now illegal...

Not yet. The bill passed the US House of Representatives, but not the Senate.

Foot meet bullet. (3, Interesting)

cosm (1072588) | more than 4 years ago | (#31925406)

FTA: ""It's not illegal, nor is it a breach of terms of service," Bailey said."

I get mailed revised TOS and privacy policies from companies on a weekly basis. Now that this is publicized, how long will it stay 'legal'? Usually, loudly exclaiming "nener-nener-boo-boo you can't catch me" to one of the largest, consumer unfriendly, profit motivated industries gets their attention.

Because I said so (0)

Anonymous Coward | more than 4 years ago | (#31925560)

""It's not illegal, nor is it a breach of terms of service," Bailey said."

Yeah, right. Don't bend over in the shower.

What makes them think this is legal....? (5, Insightful)

sampson7 (536545) | more than 4 years ago | (#31925562)

As far as I can tell, they assert that it is legal, therefore they think it is legal. Come on folks -- just because you aren't breaking or entering, or murdering someone does not make what you are doing "legal." There are all sorts of privacy laws that come into play here -- and I strongly suspect that I can find at least one prosecutor/judge/jury combo in this country that disagrees. I can't even begin to describe how many laws could be implicated by breaking into someone's voice mail!

Yes, IAAL, but IANYL.

Re:What makes them think this is legal....? (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#31925992)

Yes, IAAL, but IANYL.

Thats pretty pre-emptive of you, you don't even know how much they'd be willing to pay you should you win the case or not!

Re:What makes them think this is legal....? (1)

idontgno (624372) | more than 4 years ago | (#31926022)

As far as I can tell, they assert that it is legal, therefore they think it is legal.

That's a good point. They forgot their "IANAL" disclaimer, just so people understand exactly how much their "legal opinion" is worth.

This means that the average Slashdotter is more legally savvy then these two "researchers".

Re:What makes them think this is legal....? (1)

steelfood (895457) | more than 4 years ago | (#31926388)

You're right. This sounds like this'll easily run afoul of stalking laws.

Re:What makes them think this is legal....? (1)

captaindomon (870655) | more than 4 years ago | (#31926972)

Legality, for the most part, is based on intent, not methods. That seems to be often misunderstood by technical audiences. This is most definitely still very illegal.

well going by your logic (1)

DABANSHEE (154661) | more than 4 years ago | (#31927500)

Every civilian in the US can be found guilty of cocaine dealing & have all their property forfeitured, just through the uncorroborated testimony of a paid snitch with a dubious past, & no other evidence what so ever - Ever heard of Mobile, Alabama & Union, Texas? Or look at all the prosecutor/judge/jury combos that have put innocent people to death.

Re:What makes them think this is legal....? (1)

mjwalshe (1680392) | more than 4 years ago | (#31928852)

yes try doing this to Obamas mobile and see what happens.

This is the definition of illegal (1)

Montezumaa (1674080) | more than 4 years ago | (#31925578)

These people are smoking crack if they actually believe that taking advantage of a flaw in the system is not illegal. Accessing any information that is believed to be protected is against most all of the state laws in the United States and the federal statues in place for actions like this. Yeah, it might seem cool, but it is a serious felony.

Anyone can try and reason their actions to be legal and/or moral/ethical, but they are not in this case. If I were them, I would quit talking and hope that state governments and/or the Federal Government do not come after them.

Not quite (2, Insightful)

Itninja (937614) | more than 4 years ago | (#31925580)

They say it's legal, and cite no sources (i.e.'we asked our lawyer"). They seem to indicate that since EU telco 'offer it for free', then it must be legal. I would love to see someone defend this in court; especially if they are using the system to track someone covertly.

Re:Not quite (1)

Amouth (879122) | more than 4 years ago | (#31926276)

just use the same argument the police use for why they don't need a warrant..

we aren't tracking the person - we are tracking the phone, they aren't required to carry it.

Re:Not quite (2, Insightful)

PolygamousRanchKid (1290638) | more than 4 years ago | (#31926552)

Nelson Rockefeller said of his grandfather, John D. Rockefeller, "He didn't break any laws. But a lot of laws were passed because of what he did."

Re:Not quite (1)

AlexBirch (1137019) | more than 4 years ago | (#31929626)

1) Hire them to spy on a friend
2) Tell friend they're spying on him
3) Friend sues them
4) Profit!!!!

Not quite true (0)

Anonymous Coward | more than 4 years ago | (#31925590)

Breaking into voice mail systems is not legal.

What's new? (1)

Senzo (1793254) | more than 4 years ago | (#31925732)

We already do that, it's called the Homeland Security Act.

Re:What's new? (1)

Itninja (937614) | more than 4 years ago | (#31926108)

I think it's called the Patriot Act:
Oliver Queenan: All cell phone signals are under surveillance, due to the courtesy of our Federal friends over there.
Ellerby: Patriot Act, Patriot Act! I love it, I love it, I love it!

Re:What's new? (1)

Senzo (1793254) | more than 4 years ago | (#31926588)

Oh yeah, that was the one I was going for. They are both pretty similar in description though :)

Umm unless there employeess (0, Redundant)

Stan92057 (737634) | more than 4 years ago | (#31925824)

Umm unless there employeess, they have no business taking any data or spy on anyone in any network. Just because they found a way in doenst mean they have any right to be there. Man that kinda thinking is scary

It's nearly illegal (and will be soon). (1)

Anonymous Psychopath (18031) | more than 4 years ago | (#31925946)

From TFA: "DePetrillo used open-source PBX software to spoof the outgoing caller ID..."

Last week Congress passed the Truth in Caller ID Act of 2010 [gpo.gov] which will make it illegal "to cause any caller ID service to transmit misleading or inaccurate caller ID information, with the intent to defraud or deceive."

Once that's signed into law they will be on very thin ice arguing that they did not intend to defraud or deceive when they spoof their caller ID to obtain information that they normally would not be able to access.

Re:It's nearly illegal (and will be soon). (0)

Anonymous Coward | more than 4 years ago | (#31926012)

luckily no criminals would use this approach.

Maybe not (4, Insightful)

laing (303349) | more than 4 years ago | (#31926548)

They may successfully argue that it is still legal. Their method is to call themselves with spoofed caller-id. The network fills in the name associated with the phone number and they build their database. Since they are only calling themselves and they know they are spoofing, they are not "intending to defraud or deceive" anyone.

Re:Maybe not (1)

Anonymous Psychopath (18031) | more than 4 years ago | (#31927868)

They may successfully argue that it is still legal. Their method is to call themselves with spoofed caller-id. The network fills in the name associated with the phone number and they build their database. Since they are only calling themselves and they know they are spoofing, they are not "intending to defraud or deceive" anyone.

Possibly, but I think most reasonable people would agree that using spoofing to trick the phone company into providing database information you shouldn't have falls under the "deceive" label.

Anonymous Coward (0)

Anonymous Coward | more than 4 years ago | (#31926068)

If they "[use an] open-source PBX software to spoof the outgoing caller ID and then automated phone calls to himself, triggering the system to force a name lookup" in the US, it looks like they'll be in violation of Truth in Caller ID Act of 2010, which added a subsection e to Section 227 of the Communications Act of 1934 (47 U.S.C. 227):
‘‘(e) PROHIBITION ON PROVISION OF DECEPTIVE CALLER ID INFORMATION.—
‘‘(1) IN GENERAL.—It shall be unlawful for any person within the United States, in connection with any real time voice communications service, regardless of the technology or network utilized, to cause any caller ID service to transmit misleading or inaccurate caller ID information, with the intent to defraud or deceive."

But Can You ? (0)

Anonymous Coward | more than 4 years ago | (#31926096)

publish another brain-dead academic paper on spoofing?

This is another example of ( to quote Rob Pike ) irrelevant systems software research [herpolhode.com] .

Yours In Akademgorodok,
Kilgore Trout.

Not "perfectly legal" for much longer (1)

laing (303349) | more than 4 years ago | (#31926466)

The US House recently passed a bill [google.com] to make caller ID spoofing illegal. Hopefully the Senate will soon follow suit.

Re:Not "perfectly legal" for much longer (1)

SleazyRidr (1563649) | more than 4 years ago | (#31928966)

While I agree that this won't be legal for much longer (assuming it is now), that bill won't make it illegal. the bill makes it illegal to spoof caller ID with intent to deceive. The intent here is not to deceive so they aren't covered.

minus 3, bTrolol) (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#31926506)

achievements that get tough. I hope 6o find something

Someone who RTF, please explain... (0)

Anonymous Coward | more than 4 years ago | (#31926514)

If privacy is protected by law (at least in some countries), how can you say you found a legal way of not respecting someone's privacy ?

Who cares about legality? (0)

Anonymous Coward | more than 4 years ago | (#31926558)

Regardless of the legality of this, the fact that anyone can do it means that someone will do it.

I guess if you're fortunate enough to be fairly unknown, the likelihood that someone would really care enough to do something like this for you in particular is pretty small. However the fact that someone can do it means that someone probably is compiling this information and storing it away to be used at some point in the future.

I guess it gives a whole new feeling to the concept of calling my cell phone a leash.

Old news... (1)

Beave (519067) | more than 4 years ago | (#31926746)

I'll be interested to read the details, but 2 out of the 3 things have been known for quite some time. The 'caller ID' spoofing trick has been known for _years_. The concept they are touting is known as "back spoofing". I've had friends doing this for a long time. However - there's one problem. No call cell phone associate caller ID with a phone. Yes, back spoofing works great - with _land lines_, but it's always that accurate with cell phones. So, "finding" the cell number that way isn't very reliable. If I have a boost mobile number, bought in cash, under a fake name you'll be out of luck. That is, the caller ID name (CNAM) won't be associated with it in the first place _and_ I gave all fake information to begin with. About the voice mail. Not a big deal. This was reported 6 or more years ago. The idea is that you spoof your targets number with their cell number. The Telco side "sees" this as a call from the cell and drops you into their voicemail system. Some telco's have fixed this, other haven't. It's been a known flaw for years and years. You don't use CID for authentication exactly for this reason. If possible, PIN protect your voicemail will stop these types of attacks (if possible). Anyways, the article is interesting, but several factors must fall into place or this attack won't work.

And how do you define "legal"? (1)

mea37 (1201159) | more than 4 years ago | (#31927466)

I find it interesting that they claim this is "legal"; I suspect they mean "we don't know of or haven't thought of the laws that one would be breaking by donig this".

Sure, they point out specific steps of the process that don't break specific laws even though you might think they would; but in the end, a series of actions that would each be legal on its own can add up to a crime. Spying on another individual, tracking their whereabouts and spying on their phone calls, is in and of itself illegal no matter how clever your approach to doing it.

"Why, I'm just driving around and sometimes looking through this telescope. Neither of those things is illegal, is it?" Grow up.

Re:And how do you define "legal"? (1)

DavidTC (10147) | more than 4 years ago | (#31928390)

Yeah, they don't seem to grasp the concept that laws can prohibit any and all actions that lead to specific results.

<sarcasm>Because we all know it's not really 'murder' that's illegal, it's every single action that can result in someone else's death that's illegal. If you invent a new way of killing someone, that's legal until they plug up that loophole.</sarcasm>

Gaining access to voice mail you're not supposed to have access to is illegal no matter how you do it, on top of any crimes you might have committed.

Legal - where? (1)

flyingfsck (986395) | more than 4 years ago | (#31928870)

Maybe legal in the USA where there are no privacy laws. As for the rest of the world, you should probably not try it.

Obviously Illegal - check the CFAA (1)

randalotto (1206870) | more than 4 years ago | (#31929086)

This is quite obviously illegal under the Computer Fraud and Abuse Act.

Title 18, Part 1, Chapter 47, Section 1030(a)(2).

It's a crime if someone:

"intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains ... information from any protected computer."

Given the scale of their activities, it's almost certainly a felony too.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?