Politech mailing list archives
FC: How ISPs know your phone number even if you block caller ID
From: Declan McCullagh <declan () well com>
Date: Wed, 11 Jun 2003 23:50:26 -0400
Previous Politech message: "AT&T offers prepaid (anonymous?) Internet service" http://www.politechbot.com/p-04833.html --- Subject: RE: AT&T offers prepaid (anonymous?) Internet service Date: Wed, 11 Jun 2003 16:37:30 -0400 From: "Boothby, Colleen" <cboothby () lb3law com> To: <declan () well com>CPN ("Calling Party Number," formerly ANI) is passed to an IXC even if the calling party blocks her caller ID. Caller ID blocking adds a privacy indicator to the signalling information (or "Initial Address Message" packet) associated with a call. Both the CPN and the privacy indicator are passed along the chain of carriers to the last carrier on the terminating end of a call. That carrier blocks the CPN from passing to the called party.
I seem to be having a Declan festival lately. :-) --- Date: Wed, 11 Jun 2003 08:05:08 -0500 From: Nathan Neulinger <nneul () umr edu> To: Declan McCullagh <declan () well com> Subject: Re: FC: AT&T offers prepaid (anonymous?) Internet serviceIf you use t1/isdn-pri at the dialup end, you have access to EVERY callers info, since it is part of the signalling data - regardless of whether they have blocked
cid or not. -- Nathan --- Date: Wed, 11 Jun 2003 09:07:40 -0400 Subject: Re: FC: AT&T offers prepaid (anonymous?) Internet service From: George Ellenburg <george () ellenburg org> To: declan () well com Declan,When I worked for an ISP in Orlando (1994 - 1999), our US Robotics/ 3Com "Total Control Hubs" (which used ISDN PRI Lines to provide v.90 access to end-users); both ANI & DNIS information was routinely passed to the RADIUS servers (actually a part of the RADIUS accounting logs) by default.
I doubt things have changed in that area in 4 years. -- George Ellenburg --- Date: Wed, 11 Jun 2003 09:10:56 -0400 From: Robbie Honerkamp <robbie () shorty com> To: declan () well com Subject: Re: FC: AT&T offers prepaid (anonymous?) Internet service Declan McCullagh wrote:
[Any reason to think AT&T would *not* be recording caller ID information from their prepaid-dialup users? Even in the absence of possible government pressure, it might be useful as an anti-fraud move.
Many ISPs already do this. In addition to fraud, being able to record ANI information makes it easier to pinpoint net.abusers (spammers and the ilk) and block them from using the service again under a differentcredit card, etc. I would say it is almost certain that AT&T would record ANI information if for no other reason than as another way to help make spammers' lives more difficult- I think spammers would like the idea of using prepaid Internet cards.
There's also the secondary issue of a prepaid ISP possibly recording URLs you visit and the identities of your email correspondents and preserving those logs in case the FBI or a subpoena-happy divorce lawyer comes visiting...
Anonymous browsing proxies and using SSL to relay your email to a server that supports TLS gets around this for tech-savvy users (though they probably block port 25, you could use port 465 (SMTP over SSL) or another port if you ran the mail server). Obviously not for the casual user, but if you're going out of your way to be anonymous these are not unusual precautions. Robbie --- Subject: Re: FC: AT&T offers prepaid (anonymous?) Internet service From: Marian Szczepkowski <marian () mail jozep com au> In-Reply-To: <5.2.1.1.0.20030610232849.04650eb0 () mail well com> Organization: JOZEP Pty/Ltd Date: 11 Jun 2003 23:43:42 +1000 In an ericsson exchange the number is available to all exchanges through the call. For ISDN the calling party number IE is generated at the source even if you put in a dummy number blocking of presentation is done in the exchange itself. You want to know who's calling, enable MCT(Malicious Call Trace) in the exchange and leave the handset off for 90 seconds, they get a printout. So yes they have your number, and not after some weird hollywood 30 seconds. So dumb... --- From: "Chet Uber (SP)" <chet.uber () securityposture com> To: <declan () well com> References: <5.2.1.1.0.20030610232849.04650eb0 () mail well com> Subject: Re: AT&T offers prepaid (anonymous?) Internet service Date: Wed, 11 Jun 2003 16:46:13 -0500 Organization: SecurityPosture, Inc. Declan, Barring the use of a "digital diverter" or existence on an ancient segment of the PSTN (rare - but in rural and some wireless), the ANI information is available. It is sometimes knocked down/off when crossing LATA's but this is more a local loop issue. Chet --- Date: Wed, 11 Jun 2003 08:47:43 -0700 (PDT) From: Joseph Lorenzo Hall <jhall () astron Berkeley EDU> To: Declan McCullagh <declan () well com> Subject: Re: FC: AT&T offers prepaid (anonymous?) Internet service In-Reply-To: <5.2.1.1.0.20030610232849.04650eb0 () mail well com> > There's also the secondary issue of a prepaid ISP possibly recording > URLs you visit and the identities of your email correspondents and > preserving those logs in case the FBI or a subpoena-happy divorce > lawyer comes visiting... The Bro intrusion detection system [1] here at UC Berkeley records and stores every URL visited by anyone on campus for six months... [1] http://www.rescomp.berkeley.edu/resources/monitoring/ --- Date: Wed, 11 Jun 2003 08:55:12 -0400 To: declan () well com From: Tracy <tracy () arisiasoft com> Subject: Re: FC: AT&T offers prepaid (anonymous?) Internet service At 08:25 6/11/2003, Declan McCullagh wrote:
[Any reason to think AT&T would *not* be recording caller ID information from their prepaid-dialup users? Even in the absence of possible government pressure, it might be useful as an anti-fraud move. I don't know enough about the phone system to know whether AT&T would have access to ANI (which would give them your number even if you block caller ID). There's also the secondary issue of a prepaid ISP possibly recording URLs you visit and the identities of your email correspondents and preserving those logs in case the FBI or a subpoena-happy divorce lawyer comes visiting... Like other solutions for anonymity, there are many ways your identity can leak. See AT&T's site at: http://www.consumer.att.com/prepaidcard/prepaidinternet/ --Declan]
(I am not a telecommunications engineer.)My understanding of ANI is that any switch or PBX system can be configured to capture ANI data, so long as the telco hasn't stripped it from the call. This would include dial-up routers, such as those used by ISPs to accept dial-up connections, such as the Ascend call routers (I think Ascend is now owned by Lucent, but the technology is there).
So, the question is not whether or not they can capture it (odds are they can), but whether the telco has stripped it from the line on the way in. That varies depending on the contract they have with the servicing telco (there's usually a fee to receive the ANI data, but it's certainly not a prohibitive fee - look at all the toll-free numbers that receive ANI data as a part of their service).
Might be well to verify this with an actual telco technician or engineer, though - I've been known to be wrong a time or two in my life. (I did verify with a friend who worked for an ISP that the router equipment they were using for dial-up callers was able to capture the ANI data, so I know that part is correct.)
--- Date: Wed, 11 Jun 2003 07:04:19 -0700 (PDT) From: John Bartley <johnbartley3 () yahoo com> Reply-To: k7aay () arrl net Subject: Re: FC: AT&T offers prepaid (anonymous?) Internet service To: declan () well com In-Reply-To: <5.2.1.1.0.20030610232849.04650eb0 () mail well com> --- Declan McCullagh <declan () well com> wrote: > [Any reason to think AT&T would *not* be recording caller ID > information from their prepaid-dialup users? Yes. ATT will not record Caller ID data. They will, instead, use ANI data, which is more accurate and cannot be blocked. Any time a toll-fre number is called, the company with the toll free number is provided ANI data. <snip> -- John Bartley K7AAY Telecommunications Administrator, Portland OR --- Date: 11 Jun 2003 11:44:49 -0400 Message-ID: <Pine.BSI.4.40.0306111141490.25433-100000 () tom iecc com> From: "John R Levine" <johnl () iecc com> To: "Declan McCullagh" <declan () well com> Subject: Re: FC: AT&T offers prepaid (anonymous?) Internet service In-Reply-To: <5.2.1.1.0.20030610232849.04650eb0 () mail well com> > [Any reason to think AT&T would *not* be recording caller ID information > from their prepaid-dialup users? Even in the absence of possible government > pressure, it might be useful as an anti-fraud move. Right you are. ISPs routinely log CLID info (even if the blocked flag is set) for anti-fraud purposes. Spammers routinely sign up for large numbers of accounts using large numbers of stolen credit cards, and the phone numbers they're using are often the only way to tell what's going on. > I don't know enough about the phone system to know whether AT&T would > have access to ANI Depends on the way it's connected, they might get ANI but they'll definitely get CLID. Regards, John Levine, johnl () iecc com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner "I dropped the toothpaste", said Tom, crestfallenly. --- From: "S.F." <declan () 7b9 com> To: <declan () well com> Subject: RE: AT&T offers prepaid (anonymous?) Internet service Date: Wed, 11 Jun 2003 11:56:18 -0400 > I don't know enough about the phone system to know whether > AT&T would have access to ANI (which would give them your > number even if you block caller ID). Apparently there are even simple ways to block the almightly ANI, at least according to the latest 2600 Magazine's article "ANI and Caller ID spoofing": http://store.2600.com/spring2003.html ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
Current thread:
- FC: How ISPs know your phone number even if you block caller ID Declan McCullagh (Jun 11)