Confessions of a caller-ID spoofer

A look at one man's motives behind caller-ID spoofing his former employer, and why he thinks it should be outlawed

He spoofed the HR director's work phone number, then the number of that guy's boss, before moving up to a vice president, and finally, the CEO. Says he had no choice, and that "this thing that I did is bad and should be outlawed."

This thing that he did is perfectly legal, you may know already, although efforts have been under way to have that rectified.

Background: The major telecom equipment maker whose employee A.G. Bell had recently left owed him thousands of dollars in unpaid commissions, he says, yet the HR department stopped returning his calls, instead "hiding behind voice mail." Spoofing the HR director's number got his underlings to pick up the phone, at least until they wised to that ploy, at which point Bell -- a fictitious name I'm affording him to protect his current job at another telecom vendor -- started spoofing numbers right on up to the top of the org chart (not to mention a White House number -- seriously).

"Juvenile? Yes," Bell acknowledges. "Effective at getting past call screeners? Absolutely. Subject to horrible abuse? Totally."

He says he always identified himself honestly once he got a live voice on the line.

We've been chatting via e-mail about what he did, his minor ambivalence about having done it, and his major concerns over the ease with which others with more criminal agendas could abuse spoofing services. (Such abuse is already common, experts say.) What follows is an edited transcript:

At what point did the light go on and you thought: "Hey, I'll use a caller-ID spoofing service so they can't hide behind voice mail"?

In my mind I was a victim forced to use distasteful means to take care of my family. I worked in the converged voice space, so the mechanics of caller ID were not unfamiliar to me or to the crew of geeks that I call friends. The light went on over beers -- I was complaining about the former employer's call-dodging to some engineer friends and the suggestion of using a local vendor's lab to spoof caller ID came up. Another engineer at the table said, "Don't reinvent the wheel, just Google 'spoof caller ID service.'" I got 32,000 hits. Spoofcard came up first.

Explain the mechanics of how Spoofcard works.

So, I gave them [US]$20 for an hour of caller ID misrepresentation. Although I hate that it seems to be legal for them to offer this service, I love their implementation. Speaking as an engineer and a salesman, they really built a sweet platform.

You call a toll-free number, enter your Spoofcard account number, enter the 10-digit number you wish to call, and then the 10-digit number you wish to be displayed on the recipient's caller ID. . . . Prompts go like this: Press one to record the call, two to not record; press one to use your normal voice, two to use a man's voice, three to use a woman's voice.

The conversation would be recorded with no beeps, artifacts or notification that recording was taking place, and the recording could be downloaded at leisure from Spoofcard.com. For US$20 I had a complete record and recording of every call made, of every voice mail left. Beautiful.

Did you have qualms about doing it? Any concerns about legality? Ethical? Moral?

I honestly had more concern with the way it would be perceived if my claim had gone to court (perception of the judge) than over the legality or ethics of the spoofing itself. Had my former employer not been in breach of contract, been acting immorally (in my opinion) or been refusing to take or return my calls, then there is no way that I would have been able to rationalize spoofing other people's ID. To be clear - I always identified myself when the call was picked up; it was the calling party line ID that was misrepresented, not the caller (me).

Did it work for you? Did it get you what you wanted?

It worked great. Certainly it took a tactic (ignore calls, do not engage) away from my former employer, and I know that it directly generated internal dialogue (Why is caller ID not working right for my phone. How did he do that? Is he allowed to do that?) which was the objective of the exercise. . . . I got 100 per cent of what I was owed.

Having used the service yourself, how could you see it being abused?

Say you receive a call from your bank telling you that your card is suspected of having had fraudulent use. The caller ID says it's your bank and the toll-free number is the real number of their fraud department. You trust the caller ID displayed and provide all the information needed for Boris in Estonia to rob you blind.

Telemarketers could use this mercilessly. Collections agencies (kind of the role I was forced into) could avoid creditor call screening. Stalkers could use this to harass their victims. . . . The truth is caller ID is near ubiquitous, it is trusted info by most people, and the abuse or fraudulent usage of such a service should be very severely punished.

Yet you went ahead and used it anyway? How can you reconcile that contradiction?

Yep, sure could appear to be hypocrisy and I'm not sure that it isn't. I'm not convinced that we do have tough enough (or clear enough) laws to penalize misrepresentation of caller ID for criminal purposes, and there is nothing that Spoofcard did that I can see that would prevent its misuse (like announcing "Spoofcard, this call is purely for entertainment purposes" when the call connected; callback with "Spoofcard, the last call your received was a joke", etc.). I feel like a farmer that once used fertilizer and diesel to blow up a tree stump: Sure was easy, worked great, cheap, didn't hurt anyone. . . but what could a bad guy do with this?

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul McNamara

Network World
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?