Telecom Informer
by The Prophet
Hello, and greetings from the Central Office!
It's the beginning of my second fall in Beijing. Here, the season is short but spectacular, with hot humid summer days yielding to crisp autumn nights. The weather is dry and seemingly everyone comes out to enjoy the city.
Telephone etiquette and culture is different in China than in the U.S.
Here, seemingly whenever and wherever a phone rings, it is answered, no matter what is going on. I wouldn't be surprised if a surgeon interrupted open heart surgery to answer his cell phone. People tend to pay little heed to the relative importance of the person immediately at hand, even dismissively telling their boss "deng yi xia" (Chinese for "wait a moment") to answer their mobile phone in mid-meeting.
While Caller ID exists here, people don't really put much stock in it. It doesn't always work reliably and people often borrow one another's phones to make calls anyway. This leads to a very high proportion of telemarketing calls being answered in China.
There are also differences in returning missed calls.
In the U.S., people almost always return missed calls based on the Caller ID number. Here, this is never done. There are some devious tricks that unscrupulous individuals play by spoofing the Caller ID of premium rate numbers. These will quickly drain your prepaid account of all funds. Chinese people are suspicious of returning calls from any number they don't recognize, so they'll never return calls.
The one thing that Chinese people do rely on is SMS messages.
If you send an SMS, it's generally from your own phone, and there isn't any apparent risk in returning an SMS message because the scourge of premium rate SMS doesn't seem to have arrived in China yet. Chinese people seem to call at least as much as they text, but text messages are almost always returned.
What a contrast to the U.S.!
When I call my friends from China, I really never know what is going to show up on someone's Caller ID. It could be the full 13-digit number I'm calling from (including country code), or some truncated part of that, or a U.S. number that is sent as the CPN, or the dreaded "Unavailable."
My particular group of friends is largely convinced that a Caller ID they don't recognize (and especially a "Private" or "Unavailable" number) means that there is a monster calling, and they will never answer the phone. Some of them have made an exception for me, knowing that I am in China, but others I can only call from my office (which has a U.S. line). Since I sharply limit my personal calls from work, these people hear from me much less often than they used to.
What a difference from a generation ago, where there was no such thing as Caller ID. Now everyone relies on it, and worse yet, they believe in it! Never once, since the time that CLASS features were invented, has Caller ID ever been impossible to spoof. And yet, if you believe governments everywhere from the U.S. to the U.K., Caller ID spoofing is somehow a horrible malicious problem brought to you by evil hackers that must be stopped with new laws.
You can fix every technology problem with a hastily enacted law, right?
The information that shows up on your Caller ID display is an SS7 field called CPN, for "Calling Party Number."
By design, this can be different from your ANI, which is the billing telephone number you are actually calling from. Consider the case of my office phone, a VoIP solution with a U.S. number. It has a Direct Inward Dial (DID) in the 425 area code. The Direct Outward Dial (DOD, also called DIOD) is also used as the BTN/ANI, and it is in the 206 area code.
Neither of these will appear on your Caller ID, though. You will see the CPN, which is spoofed! This number reaches the main switchboard of my company. And, believe it or not, this arrangement was nearly outlawed by the "Truth in Caller ID Act."
The very name of the law belies the reality: deception is actually a useful feature of Caller ID, and is there by design. Fortunately, the telecommunications lobby managed to water down the law to the point where it won't get in the way of my usual Central Office operations.
Caller ID spoofing has always been common, but wasn't available on-demand or marketed as a service until recently.
Anyone with a T1 or PRI ISDN and a PBX has been able to spoof Caller ID for decades. However, VoIP has made it a lot easier. Many retail and wholesale VoIP networks will send any Caller ID their customer wants them to send.
For example, the wholesale VoIP provider that I use at home accepts my Google Voice number as Caller ID. Using a soft PBX such as Asterisk, this can be configured on-demand.
Some commercial services are specifically designed for Caller ID spoofing. This type of service can be useful for legitimate reasons; for example, when calling the U.S. from overseas, Caller ID is not reliable. However, using a service like SpoofCard, I can reliably send Caller ID with a number the recipient recognizes as important.
After 168 years, News of the World, a London tabloid, ceased publication amid scandal that reached into the upper echelons of British public life. Headlines screamed about phone hacking, and news stories told of "sophisticated attacks" on voicemail systems that allowed eavesdropping editors to spy on celebrities and politicians. The attacks really weren't that sophisticated, though. They just took advantage of systems that considered Caller ID trustworthy. It's not, and it never was.
Until recently - when filthy CLECs and wireless providers who should have known better finally learned their lesson - many voicemail systems were equipped with a "Skip PIN" feature.
If your Caller ID matched the number assigned to the voicemail box, the system would let you right in - no password required!
Some voicemail systems will even let you listen to messages and then tag them as unheard, so, if you can get in this way, it's easily possible to eavesdrop on voice messages with no chance of being discovered. Mind you, it's as easy to spoof Caller ID in the U.K. as it is in the U.S., so this was hardly a sophisticated attack.
Given the levels of government that this scandal reached, I have to wonder why nobody ever talked to a Central Office technician. We've been doing "service monitoring" for years, and we're a lot better than politicians and police chiefs at keeping quiet.
It's not just voicemail systems that rely on Caller ID.
Businesses relying on customer relationship management systems - from banks to pizza delivery - also rely on Caller ID. The most dangerous example is poorly configured 911 centers.
This can result in "Swatting," a practice in which malicious callers to 911 backdoor numbers claim that a dangerous situation (such as a hostage crisis) is taking place at a location associated with a spoofed Caller ID. The police do exactly what you hope they'd do in this sort of situation; they respond with a SWAT team, helicopter, vicious dogs, etc., creating an extremely dangerous situation for all parties concerned.
It'd be irresponsible of me to go into too much detail about how this works, but it's happened on more than one occasion, it's easy to do, it's far too easy to get away with, and it's almost impossible to defend the network against this sort of thing. Now that the VoIP genie is out the bottle, it's next to impossible to put it back.
If you think that the danger of spoofing ends with Caller ID, it doesn't.
Now that so many VoIP companies (often located in countries with weak regulatory environments) have direct access to SS7 networks, ANI can easily be spoofed as well. So, you can't even rely on using a toll-free number and authenticating based on ANI data anymore.
It doesn't stop there: you can even spoof SMS.
Frighteningly enough, one of the banks I use in China has SMS banking. If you set this up (obviously, I haven't), it literally allows you to wire money with a simple SMS command. Fortunately, you can only wire it within China, and RMB is nonconvertible so there might be some hope of getting back a fraudulent transfer, but banking laws here are very different from the U.S.
Most loss situations are the customer's liability (unless you can prove there is a bank error), even if fraud is involved. Nigerian scammers, take note: it's a lot easier to chop RMB than to chop dollars.
Today's Internet is built on the assumption of anonymity where you can't trust anyone unless verified otherwise.
Unfortunately, telephone networks were designed with the opposite philosophy, and marrying the two has occurred at a breakneck pace with barely any thought as to what could go sideways. At this point, you can't trust that any call or SMS is from who you think it's from.
In fact, it may be better to pick up a call that comes from "Private" or "Unavailable." After all, at least then, you know it's probably a monster calling.
References
SpoofCard: www.spoofcard.com - Spoof Caller ID and SMS.
ICBC SMS Banking: www.icbc.com.cn/icbc/e-banking/personalebankingservice/bankinghome/mobilebankingsms
News Of The World: www.newsoftheworld.co.uk
I Go Chop Your Dollar: www.youtube.com/watch?v=f1nKR3gYRY8