Caller ID Spoofing through TELUS -- This was the prepared speach I had for H2K2 however I got cut off early, there are links at the bottom for the CID spoofing software mentioned during the con.
Read this if you already understand ANI and op diverting
Go to the bottom for caller id spoofing software links

Automatic Number Identification, or ANI, was developed by the telephone companies long before Caller ID and was originally developed for billing purposes only. ANI is a service, similar to Caller ID, that displays your phone number to the called party when you place a call, except that because it is used for billing purposes and emergency services you can not block your phone number. ANI was used by telephone companies to determine what number to bill when you placed a long distance call. This service soon became available to toll free numbers and 911 emergency services.

The reason it is available to toll free numbers is that when you call one of these numbers it's a free call -- to you -- the company or person who owns the toll free number has to pay for the call, and rates can be different depending on the area the call was placed from, so even if you block your caller ID, your ANI is still sent to the toll free number.

ANI, because it supposedly can't be blocked, is used as the premisis for (C)LASS services. What is (C)LASS you ask? well it stands for Custom Local Area Signalling Services. These services are all the overpriced services that the local phone companies are always trying to offer to you, such as *69 Call return, *57 Call trace, Caller ID, etc...

Now ANI sounds like the greatest thing since sliced bread, however it is not full-proof. There are two types of ways ANI can be signaled, the newer way is refered to as ANI II which provides a 2 digit code along with your phone number that identifies the class of service of the phone line calling from, for example a payphone's ANI II code is 27, a regular phone is 00, etc... Before ANI II was implemented, the telephone companie's local operator had no way of re-transmitting the number calling from when placing calls to toll free or local phone numbers, instead your ANI would simply read the area code of the operator center and that was it, so if you called a toll free number from a local operator in areacode 909 all that would show as your ANI is 909, this is known as an ANI fail, and just because the 909 shows up doesn't necissarily mean you were calling from the 909 areacode, that's just where the operator was stationed. You can still cause ANI fails today from most local operators though it is said there are a few that do pass ANI with ANI II equipment.

ANI Fails causes problems for (C)LASS services such as Call Trace or Call Return, if you place a local call through the operator, though you may be billed operator assited charges so there is a record of the call being placed, if the person you are calling trys to *57 Call trace you they will receive a message that the call could not be traced, this is because there was no ANI provided for the call. Here's where it gets fun, because ANI is used for billing purposes, sometimes when you call a toll-free number that offers Collect, third number billing or Calling Card services such as 800-Call-ATT, they also use your ANI to put on the phone bill of the person you call collect or bill third party to, but how can they do this if the call is has an ANI fail? They can't, so generally instead of the automated system you usually get, you will get an operator asking where you are calling from and you can give the operator any phone number you want as where you are calling from. This is where things get interesting. AT&T's operators handle very many calls, they handle calls that come from their 10102880 dial-around, from long distance customers that dial 00 to reach them and of course from calls that come in over the toll-free number. If the operator is not paying close attention she will not notice that you dialed a toll free number to reach her, and you can give her any number you wish as where you are calling from and then say you are a visually impaired customer and need her to dial a toll free number, she will believe that you dialed 00 to reach her, which many visually impaired customers do, and not the toll-free number. In the past AT&T used to use the number you gave them as where you are calling from as ANI and actually passed that ANI along to any toll free number you called, and other telephone company toll-free numbers would allow you to bill long distance calls to the ANI you were calling from, bellsouth was one of these companies, you could simply call 1-800-bellsouth from your home phone and have the operator place a long distance call and bill it to the number you were calling from, When it was possible to spoof ANI through AT&T's 800-Call-ATT service, you could give the AT&T any phone number you wish as where you were calling from, then have her call 800-bellsouth leading her to believe you were a visually impaired customer and needing assistance dialing that number, then you could press 0 for the bellsouth operator and have her place a long distance call and have it billed to the number you gave the AT&T operator because that's the number bellsouth thought you were calling from.

All this has been published in 2600 magazine and is now history, bellsouth has learned from their mistakes and no longer bills to ANI that comes in over their 800 number, and AT&T does not even pass ANI to 800 numbers anymore, you can dial 00 or 10-10-288-0 and touch-tone in an 800 number and it will connect you to that 800 number with a an ANI fail, you don't even have to speak to an operator. The problem with this is it makes it easier to cause ANI fails, sure it solves the ANI spoofing problem but now you can toll-free numbers with an ANI fail more easily.

If you are looking for sex swing sex lines, then you could try using this site to finf girls that want to fuck. They have affair sites a lot of girls near me and you should consider calling them now!!

Inspite of the fact that AT&T and Bellsouth has learned it's lesson, there are still many telephone companies that have not. Telus is one of these companies, and not only do they allow you to spoof ANI, but they allow you to spoof Caller ID too. Telus' toll-free "dial-around" is 800-646-000, by simply calling this number with an ANI-fail you can give the operator any number as where you are calling from. Telus is odd, in that they keep upgrading and downgrading there dial-around call center, you used to be able to call any toll-free number through the Telus operator and it would pass whatever number you gave the operator as ANI to the toll-free number you called, now it apears that they have new toll-free trunks that only pass ANI-fails to toll-free numbers, and you can not call MCI owned toll-free numbers for some reason either. Never-the-less, the ANI is still passed when you call a long distance number through Telus dial-around service and the ANI is also used as Caller ID So by simply causing an ANI-fail to Telus dial-around service you can spoof Caller ID to anyone you want to call, not only that if the person you are calling is in the same area as the number you are spoofing, the NAME and number shows up on the caller ID display. To demonstrate this I will cause an ANI fail to Telus dial-around using AT&T's 10-10-288-0 and then calling 800-646-0000, I will then place a collect call to this phone from a spoofed number, I will use xxx-xxx-xxxx as an example and you will see the name and number show up on the screen. Now I know you're thinking yea that's great, but can you only use it to spoof caller ID on collect calls? NO, you can social engineer the telus operator to place "test calls" for you which is a free call w/ no billing, however I'm not sure if that is considered toll fraud or not so I will not be demonstrating that. Telus is not the only telephone company that has this type of dial-around system, AT&T as stated used this in the past though they didn't use spoofed ANI as Caller ID, and there are a few other phone companies out there besides Telus that you can also use this trick on. The sad thing is that ANI spoofing and Caller ID spoofing is so easy, yet many companies use ANI and Caller ID as a security feature, for example I got a credit card in the mail once that the only verification you needed to activate it was to call from your "home phone". It didn't ask for the last 4 of my SSN or anything else, had the card been mis-delivered to my neighbor or I accidently through it away anyone could have easily spoofed ANI and activated the card without me knowing it. Hopefully this presentation will make everyone more aware that ANI and Caller ID should not be relied on as where you are really calling from.

-- What you saw at H2K2 when it said "Lucky225 Rules" was spoofing by emulating bell 202 FSK signals, near the end of the panel was me social engineering the Telus operator telling her I was calling from 909-661-2600 and having her place a call to the phone next to me, the reason it didn't work the first time is because I tried to make it quick and just have her call the phone collect but the lines had a collect block, so then I tried telling her I'm a tech and the call went through and the caller ID was spoofed but the line I was calling didn't have the Caller ID projector hooked up to it, so I finally switched phones and did a final social engineer through telus to call the phone that had the Caller ID projector hooked up and thats when you saw "California 909-661-2600" flash up on the screen. Spoofing Caller ID through Telus still works, but social engineering them to get a free call is most likely harder now that I have told you all how to do it during the speach, but if you happen to have 2 phone lines and one of them doesn't have a collect block you can call the one next to you collect through the Telus operator, but only to numbers in Canada(op divert to her first and give her the # you wish to spoof as where you are calling from). I suppose you could also do third number billing *wink wink*
Pictures from the panel are now up!

Spoonm's Open Source software wrote in perl, also has a web based cgi that allows you to create and download a wav file w/ the spoofed info you want.

Software Orange Box -- Closed source SHAREWARE Windows version wrote by The Fixer