Here is an article about an attack where the hacker spoofed source numbers and made "millions" of calls to harvest caller ID. Apparently the hacker used an automated system, I presume somethink like Asterisk and public network access through SIP, to make calls with spoofed source numbers, to another number which they had set up. By doing this, the network would deliver, if the number was legitimate, the caller ID associated with the source number.
So to give an example, the caller would automatically generate a call, with say my cell phone number, directed to a number they control, which would deliver/display my caller ID, which I assume they captured. By randomly doing this for millions of numbers, they built a database of source numbers/names, presumably to be used for purposes such as telemarketing.
Not really a new attack, but something made a lot more dangerous with simple call automation, SIP trunks, and caller ID spoofing. Here is a link to the actual article:
http://www.courthousenews.com/2011/08/16/39024.htm
Sounds pretty easy, if you have the software, which is apparently open source. Unfortunately, I can't remember the last time anyone has left me a juicy voicemail. Most people text.
Posted by: Christoph Adams | December 05, 2011 at 06:03 AM
Thanks for the post. I have had a few voice mails left on my phone. They are mostly very crude - don't wait until it is time to leave them - a function of a primitive dialer. I think it is a matter of time though. I am also getting my share of text spam.
Posted by: Mark Collier | April 14, 2012 at 11:10 AM