Confessions of a caller-ID spoofer

He spoofed the HR director’s work phone number, then the number of that guy’s boss, before moving up to a vice president, and finally, the CEO. Says he had no choice. He also says "this thing that I did is bad and should be outlawed."

This thing that he did is perfectly legal, you may know already, although efforts have been under way to have that rectified.

Background: The major telecom equipment maker whose employee A.G. Bell had recently left owed him thousands of dollars in unpaid commissions, he says, yet the HR department stopped returning his calls, instead "hiding behind voice mail." Spoofing the HR director’s number got his underlings to pick up the phone, at least until they wised to that ploy, at which point Bell -- a fictitious name I’m affording him to protect his current job at another telecom vendor -- started spoofing numbers right on up to the top of the org chart (not to mention a White House number -- seriously).

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

He spoofed the HR director’s work phone number, then the number of that guy’s boss, before moving up to a vice president, and finally, the CEO. Says he had no choice. He also says "this thing that I did is bad and should be outlawed."

This thing that he did is perfectly legal, you may know already, although efforts have been under way to have that rectified.

Background: The major telecom equipment maker whose employee A.G. Bell had recently left owed him thousands of dollars in unpaid commissions, he says, yet the HR department stopped returning his calls, instead "hiding behind voice mail." Spoofing the HR director’s number got his underlings to pick up the phone, at least until they wised to that ploy, at which point Bell -- a fictitious name I’m affording him to protect his current job at another telecom vendor -- started spoofing numbers right on up to the top of the org chart (not to mention a White House number -- seriously).

"Juvenile? Yes," Bell acknowledges. "Effective at getting past call screeners? Absolutely. Subject to horrible abuse? Totally."

He says he always identified himself honestly once he got a live voice on the line.

We’ve been chatting via e-mail about what he did, his minor ambivalence about having done it, and his major concerns over the ease with which others with more criminal agendas could abuse spoofing services. (Such abuse is already common, experts say.) What follows is an edited transcript:

At what point did the light go on and you thought: "Hey, I’ll use a caller-ID spoofing service so they can’t hide behind voice mail"?

In my mind I was a victim forced to use distasteful means to take care of my family. I worked in the converged voice space, so the mechanics of caller ID were not unfamiliar to me or to the crew of geeks that I call friends. The light went on over beers -- I was complaining about the former employer’s call-dodging to some engineer friends and the suggestion of using a local vendor’s lab to spoof caller ID came up. Another engineer at the table said, "Don’t reinvent the wheel, just Google ‘spoof caller ID service.’" I got 32,000 hits. Spoofcard came up first.

Explain the mechanics of how Spoofcard works.

So, I gave them $20 for an hour of caller ID misrepresentation. Although I hate that it seems to be legal for them to offer this service, I love their implementation. Speaking as an engineer and a salesman, they really built a sweet platform.

You call a toll-free number, enter your Spoofcard account number, enter the 10-digit number you wish to call, and then the 10-digit number you wish to be displayed on the recipient’s caller ID. . . . Prompts go like this: Press one to record the call, two to not record; press one to use your normal voice, two to use a man’s voice, three to use a woman’s voice.

The conversation would be recorded with no beeps, artifacts or notification that recording was taking place, and the recording could be downloaded at leisure from Spoofcard.com. For $20 I had a complete record and recording of every call made, of every voice mail left. Beautiful.