Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: War Dialing, Spoofed(?) Phone Number [area code 786], and calls across the US

From: "Steven" <steven () lovebug org>
Date: Fri, 10 Mar 2006 11:01:07 -0500
I am familiar with how trivial it is to spoof (especially now a day), but that wasn't exactly the point. This activity is far from being limited to a few area codes or people -- it's literally thousands of people. I'd imagine people on this list have probably even received the calls or will soon. It is just so strange and I am wondering what the root cause for it is.
----- Original Message ----- From: "Michael Holstein" <michael.holstein () csuohio edu> 
To: "Steven" <steven () lovebug org>
Cc: <full-disclosure () lists grok org uk>
Sent: Friday, March 10, 2006 9:29 AM
Subject: Re: [Full-disclosure] War Dialing, Spoofed(?) Phone Number [area code 786], and calls across the US
Caller-ID spoofing is trivial if you've got a digital (eg: T-1) line where you can send your own call signaling. It's also made much easier by several (mis)configured VoIP services -- if you have access to the SIP gateway of one, and run something like Asterisk, you can send any number you want along with your call.
Caller-ID is like the return address on an envelope. Totally unimportant for call delivery, and you can write anything you want there. 

~Mike.

Steven wrote:
I debated about posting this to FD but it seems about as good of a place as any to ask about this and perhaps someone can fill in the blanks. I got a call the other from the number 786-718-9058 and when I answered, it was a message in Spanish which I couldn't really hear and didn't understand. That was the end of it. Well then it called again 5 days later and got my voicemail and left the same message it had the other day when I answered the phone. The message says the following:
"Usted a agotado todas las opciones. Esta semana sera desconectada. Gracias". 

 Which apparently translates to:
"You've terminated all the options. You'll be disconnected this weekend. Thanks"
Now I tried to call the number back only to find that it has been disconnected or so my cell provider says. At this point I took to the Internet and got your standard reverse search of:
*The phone number "(786) 718-9058" is based in **Miami**, **FL** and the registered carrier is Commpartners, Llc - Fl.*
I then Googled the phone number to find out that this thing has been calling all across the US. Various people have reported that this number asks them to press one, or is some sort of other scam. This has lead me to think the number is spoofed and is perhaps someone's attack on a person's legitimate cell phone number. However, the calls have apparently been going on for months, back to a time when you could call the number back and get a voicemail belonging to someone named John. I am wondering if perhaps a VoIP box somewhere or something to this affect has been infected and is doing this. I am wondering if any of you have any insight on this or have any idea.
Here is a page with some more info and testimonials from hundreds of other people across the country getting these calls: 

http://blogcritics.org/archives/2005/08/26/153054.php
There does not appear to be any link between areas, phone providers, or even phone numbers. A few people have said that their phone number is one off from their family member's and they have not received a call. Other's have the same thing and report that their family member got the same call a few moments later. No idea what's up with this.
Anyway -- if anyone knows or wants to find out and succeeds - please let me know what's up. 

 Thanks

 Steven


------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: