lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Mar 10 16:01:20 2006
From: steven at lovebug.org (Steven)
Subject: War Dialing,
	Spoofed(?) Phone Number [area code 786], and calls across the US

I am familiar with how trivial it is to spoof (especially now a day), but 
that wasn't exactly the point.  This activity is far from being limited to a 
few area codes or people -- it's literally thousands of people.  I'd imagine 
people on this list have probably even received the calls or will soon.  It 
is just so strange and I am wondering what the root cause for it is.


----- Original Message ----- 
From: "Michael Holstein" <michael.holstein@...ohio.edu>
To: "Steven" <steven@...ebug.org>
Cc: <full-disclosure@...ts.grok.org.uk>
Sent: Friday, March 10, 2006 9:29 AM
Subject: Re: [Full-disclosure] War Dialing, Spoofed(?) Phone Number [area 
code 786], and calls across the US


> Caller-ID spoofing is trivial if you've got a digital (eg: T-1) line where 
> you can send your own call signaling. It's also made much easier by 
> several (mis)configured VoIP services -- if you have access to the SIP 
> gateway of one, and run something like Asterisk, you can send any number 
> you want along with your call.
>
> Caller-ID is like the return address on an envelope. Totally unimportant 
> for call delivery, and you can write anything you want there.
>
> ~Mike.
>
> Steven wrote:
>> I debated about posting this to FD but it seems about as good of a place 
>> as any to ask about this and perhaps someone can fill in the blanks.  I 
>> got a call the other from the number 786-718-9058 and when I answered, it 
>> was a message in Spanish which I couldn't really hear and didn't 
>> understand.  That was the end of it.  Well then it called again 5 days 
>> later and got my voicemail and left the same message it had the other day 
>> when I answered the phone.  The message says the following:
>>
>> "Usted a agotado todas las opciones. Esta semana sera desconectada. 
>> Gracias".
>>
>>  Which apparently translates to:
>>
>> "You've terminated all the options. You'll be disconnected this weekend. 
>> Thanks"
>>
>>  Now I tried to call the number back only to find that it has been 
>> disconnected or so my cell provider says.  At this point I took to the 
>> Internet and got your standard reverse search of:
>>
>> *The phone number "(786) 718-9058" is based in **Miami**, **FL** and the 
>> registered carrier is Commpartners, Llc - Fl.*
>>
>>
>> I then Googled the phone number to find out that this thing has been 
>> calling all across the US.  Various people have reported that this number 
>> asks them to press one, or is some sort of other scam.  This has lead me 
>> to think the number is spoofed and is perhaps someone's attack on a 
>> person's legitimate cell phone number.  However, the calls have 
>> apparently been going on for months, back to a time when you could call 
>> the number back and get a voicemail belonging to someone named John.  I 
>> am wondering if perhaps a VoIP box somewhere or something to this affect 
>> has been infected and is doing this.  I am wondering if any of you have 
>> any insight on this or have any idea.
>>
>> Here is a page with some more info and testimonials from hundreds of 
>> other people across the country getting these calls:
>>
>> http://blogcritics.org/archives/2005/08/26/153054.php
>>
>>  There does not appear to be any link between areas, phone providers, or 
>> even phone numbers.  A few people have said that their phone number is 
>> one off from their family member's and they have not received a call. 
>> Other's have the same thing and report that their family member got the 
>> same call a few moments later.  No idea what's up with this.
>>
>>  Anyway -- if anyone knows or wants to find out and succeeds - please let 
>> me know what's up.
>>
>>  Thanks
>>
>>  Steven
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ