![[Home]](/wiki.gif)
How To Beat Caller IDHow To Beat Caller ID
|
Beating Caller ID
by The Fixer
v.1.4 2000/04/30
(C) 1998-2000 Meester Feexer
For free distribution - you may freely repost & distribute this but not for profit without permission of the author.
To start off with - 15 Ways to beat Caller ID
(0) This doesn't count as a way to beat CID, but there's a general principle to consider when contemplating ways to beat CID.
Generally, the CID signal your target sees corresponds to the owner of the dial tone you call him from. If you call direct, you dial from your own dial tone and your line is identified. If you call a third party, and by whatever means manage to acquire his dial tone, and from there dial out, it is the number associated with that second dial tone that your target sees. Some of the ideas following this were developed with this basic idea in mind.
(0.5) This also doesn't count, but remember that beating Caller ID as such is only the first layer of your protection. If your calling is sufficiently annoying or criminal, there is *always* a paper trail (ANI data, billing data, trouble reports, *57 traces, etc) leading back to the phone you first called from. That trail is not always easy or worthwhile to track you down with. Whether or not the trail is followed depends entirely upon how pissed off your target is and how much co-operation he can get from the phone company, law enforcement, etc.
(1) Use *67. It will cause the called party's Caller ID unit to display "Private" or "Blocked" or "Unavailable" depending on the
manufacturer. It is probably already available on your line, and if
it isn't, your local phone company will (most likely - please ask
them) set it up for free. This is the simplest method, it's 100
percent legal, and it works. But just remember you will not be
invisible to business customers with real time ANI (like on
corporate toll free lines), or to 911, or to the mechanism that *57
triggers.
(2) Use a pay phone. Not very convenient, costs 25 or 35 cents
depending, but it cannot be traced back to your house in any way,
not even by *57. Not even if the person who you call has Mulder and
Scully hanging over your shoulder trying to get an FBI trace (sic).
Janet Reno himself couldn't subpoena your identity. It's not your
phone, not your problem, AND it will get past "block the blocker"
services. So it's not a totally useless suggestion, even if you
have already thought of it.
(3) Go through an operator. This is a more expensive way of doing it
($1.25-$2.00 per call), you can still be traced, and the person
you're calling WILL be suspicious when the operator first asks for
them, if you have already tried other Caller ID suppression methods
on them.
(4) Use a prepaid calling card. This costs whatever the per-minute
charge on the card is, as they don't recognize local calls. A lot
of private investigators use these. A *57 trace will fail but you
could still be tracked down with an intensive investigation (read:
subpoena the card company). The Caller ID will show the outdial
number of the Card issuer.
(5) Go through a PBX or WATS extender. Getting a dial tone on a PBX is
fairly easy to social engineer, but beyond the scope of this file.
This is a well-known and well-loved way of charging phone calls to
someone else but it can also be used to hide your identity from a
Caller ID box, since the PBX's number is what appears. You can even
appear to be in a different city if the PBX you are using is! This
isn't very legal at all.
(6) I don't have proof of this, but I *think* that a teleconference
(Alliance teleconferencing, etc.) that lets you call out to the
participants will not send your number in Caller ID. In other
words, I am pretty sure the dial tone is not your own.
(7) Speaking of dial tones which aren't yours, if you are lucky enough
to live in an area with the GTD5 diverter bug, you can use that to
get someone else's dial tone and from thence their identity.
(8) Still on the subject of dial tones which aren't your own, you can
get the same protection as with a payphone, but at greater risk,
if you use someone else's line - either by just asking to use the
phone (if they'll co-operate after they hear what you're calling
about) or by the use of a Beige Box, a hardware diverter or bridge
such as a Gold Box, or some other technical marvel.
(9) This won't work with an intelligent human on the other end, it
leaves you exposed if the called party has a regular Caller ID box
with memory, and has many other technical problems which make it
tricky at best and unworkable for all but experts. A second Caller
ID data stream, transmitted from your line after the audio circuit
is complete, will overwrite the true data stream sent by the telco
during the ringing. If the line you are calling is a BBS, a VMB, or
some other automated system using a serial port Caller ID and
software, then you can place your call using *67 first, and then
immediately after the other end picks up, send the fake stream. The
second stream is what the Caller ID software processes, and you are
allowed in. See the technical FAQs below for an idea of the
problems behind this method; many can be solved. Since the first
version of this file was published, a concept called the Orange Box
was published. It exploits Call Waiting Caller ID boxes and has
some of the same problems as just sending a fake stream after
pickup, plus the added problem of only working against Call Waiting
Caller ID boxes. I suspect that eventually all new Caller ID phones
and adjunct boxes will be sold with the Call Waiting Caller ID
feature, so that problem will probably go away.
(10) Someone in alt.2600 (using a stolen AOL account, so I can't credit
him or her properly) suggested going through 10321 (now 10-10-321)
or 10288. Apparently using a 10xxx even for a local call causes
"Out of Area" to show up on the Caller ID display. I live in Canada
where we don't have 10xxx dialing so I can't verify nor disprove
this.
(11) There are 1-900 lines you can call that are designed to circumvent
Caller ID, ANI, traces, everything. These services are *very*
expensive, some as high as $5.00 a minute, but they include long
distance charges. This was first published in 1990 in 2600
magazine, and in 1993 the IIRG reported that 1-900-STOPPER still
works. Beware - even if you get a busy signal or no answer, you
will get charged at 1-900 rates! Another one published in 2600 in
1990: 1-900-RUN-WELL. That one supposedly allows international
calls. I'm not about to call either one to find out. Note that you
could still be caught if the operators of these services were to be
subpoenaed.
(12) Use an analog cellular phone. Most providers of plain old analog
service show up on Caller ID as "Private" or "Out of Area" or a main
switchboard number for the cell network. This is becoming less and
less true as cellular providers move to digital cellular and PCS,
which pass the phone's number on Caller ID. Corollary: Rent a
cellphone by the day. This might even be cheaper than using a
prepaid phone card.
(13) Get the co-operation of a third party with Three Way Calling. You
call your friend (who might be at work, school, or anywhere else
where there is a phone with either 3-Way Calling or a 2-line
conference mode) and he then places the call for you. You're then
connected to whoever you really want to talk to, but you're not
physically at the location the call is traced to. If you're doing
it this way because you expect a SWAT team to descend on the traced
location, then it should be a phone in a place where your friend can
get away and leave you and your target talking (which rules out
school and work but not, say, a courtesy phone in a store somewhere.)
(14) Voice mail! If your target has the voice mail service provided by
his local telephone company, you can leave a message on it directly
without having to call his line (thus avoiding Caller ID). Look
in his local phone book for the direct dial-in number.
(15) If you ever reach an intercept operator who asks you what number
you are calling from, oftentimes whatever you tell her will appear
on your target's Caller ID box! According to Rufus T. Firefly in
alt.phreaking, OCI/Wiltel?Create and likely several other companies don't
pass ANI, so if you call their main 800 number through an operator,
and ask to place a card or collect call, you will sometimes be asked
for your phone number. Tell her some phony number, the number of
the White House, another number in the same building, a nearby
payphone, whatever.
Caller ID can be worked around in so many ways that it really offers no value to its subscribers. I am not against the existence of Caller ID, as I have been on the receiving end of harassing phone calls and slimy telemarketers, all of whom I've been able to put in their place thanks to this technology. There's no doubt that Caller ID can help bring those who deserve it to justice. But at the same time, we all have the right to privacy, and the option to not share your identity with someone you're calling is, and always should be, available.
For this reason, I think that Caller ID should be available free on every line as part of the basic service. It's worth nothing anyway!
That's it. This file may be updated as I receive more information. Look for updates on my web site at
http://phreaking.iscool.net
This file is a freely-distributable copyrighted work. You may repost this file free of charge without modifications, but no for-profit distribution is allowed without prior arrangement with the author.
(C) Copyright 2000 The Fixer
Do you have a favorite electronics topic that you can write about? Please add a link, and then add your article... Is there a topic you would like to know more about? Post your answer here! Or email us at [our contact page] with your story, and we'll put it online here!
Check out [Facts About Trees]
Search for books about:
|
Interested in Leftover Scalloped Potatoes And Ham?