This one I consider scary. Being able to spoof Caller ID completely negates one of the primary security mechanisms that someone is where they say they are, and, to a lesser extent, that they are who they say they are.
If someone steals a new credit card out of my mailbox, they can activate it and go on a spending spree without me knowing anything about it until the first bill arrives. Even the credit card company may not realize there is a problem with the spending pattern.
Another reason to keep the credit limits on your cards low.
I wonder if the credit card company will treat the spending spree as theft? The confirmation came from you home phone number? Presumably the signature on the back of the card matched how whoever stole the card signed it.
How are they spoofing the caller ID? Caller ID (ANI) is generated by the local switch and is passed on through the phone network when a call is made. Presumably the spoofers are acting as a local switch and passing whatever ANI on to one of the main carriers, like the baby Bells or MCI. These carriers just pass the ANI field on without looking at it. I think the main carriers are going to have to start monitoring the ANI coming from outside their systems and drop it if it doesn’t conform to standards. An MCI switch in Colorado Springs wouldn’t pass an ANI from a local switch that didn’t have a 719 or cell-phone area code. And they shouldn’t accept ANI from known Spoofers.
The FCC may need to set up stricter rules on area code conformity. I thinkthat all area codes starting with “9” should be caller pays. All Area Codes starting with “8” should be callee pays. And since they got rid of the ‘”0″ and “1” restriction for second digit, all the residential/landline area codes should be moved to the lower range of numbers and the cell phone, IP and non-land-line area codes should start at 799 and work down. This would give some assurance to the network switches that the ANI they are routing is reasonably accurate. And more importantly that the recieving phone can trust the information provided by the network.
Bad things happen when trust is lost, or is it more appropriate to say that good things don’t happen when trust is lost?