Fake(?) FBI Phone Threat - Day 2

From yesterday's thread (http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=364x1582310):


So I googled the 202 # and up popped an FBI HQ message. Then I dialed star 69 and was informed that the 202 # above was indeed the originating #. Then (as stated on the original thread) I called the local police and they came out and got a statement. They said that

1) They would file a report;

2) Star 69 is hard (and they thought impossible) to spoof; and

3) The single call was not a crime, but a pattern of repeat calls would be;

One thing I noted, and didn't like, was that the police asked me for the originating # (which I read off a piece of paper) but {b]they didn't ask to see it on my caller ID. I had to volunteer to show it.

After the police left, I dialed star *57 which sets up a phone-company trace. Today at around 4 pm I called ATT and talked to Mike, who verified that the call indeed came from FBI HQ.

So I called the Chicago FBI branch and the agent suggested I was confused. When I told him ATT had confirmed the # he strongly suggested I call the original 202 #. He added, "We don't have time to make intimidating calls."

Finally I called the original 202 # and got a switchboard operator. Since I didn't know the name of the original caller, the operator said there was nothing she could tell me.

I got a few things to say to these assholes.

the number of incredible Aholes responding to you, as if you're some sort of a mental defective

I won't comment on that part, heh, but seriously, folks....

you NEED to take it a step further, as far as some sort of IG, or something. there aren't enough phones/staffers for them to NOT be able to narrow down the provenance of that call. ask Scooter Libby.

don't take their BS

ask to speak to somebody besides a switchboard operator, and get back to the Chicago office. Don't let them put you off. You're PAYING for their lack of interest. this is a fricking federal CRIME if it didn't come from the FBI.

If it did......

btw, check your PMs

It's the same snarky-assed people who want to tell you how to feel, how to react, how PC you should be, who you should bitch about and who you shouldn't, and last but not least... they are always the first to pull the tinfoil hat card and beat your ass up with it.


Interesting...



I believe anything is possible.

Amazingly, I had only lurked on that thread yesterday.

The whole BIG DEAL! thing sounded a little bit too much like OH SHUT UP! to me. Given the current climate, I think that any call anyone receives of this nature should be thoroughly investigated. If it's the FBI, we're all in trouble. If it's not the FBI, then you should wonder who is doing this, why they know your name, and why they are tracking you on the internet.

Definitely blaming the victim. It happens here A LOT. The reason is, nobody wants to be a victim. So when they see that somebody is victimized they skew it so that the crime is the victims fault, because if victims are stupider, less alert, or more emotionally unstable then they are, then, theoretically they will always be safe. It is a defensive mechanism.

I think that this needs to be addressed because it is just not productive. We come to this site for comraderie, activism, and to alert ourselves to danger. When we blame the victim, we become isolated, in denial, and incapable of action.

I definitely want to work on this. If I ever blame the victim, I want people to call me on it.

If this happens/happened to many others on this site than it could be valuable information. We know a gazillion people know our personal info from so many different sources that nothing is surprising. Within a year someone had opened a credit card acct. in my name and then someone used my real credit card illegally. Got it straighten out but you feel a bit violated and it takes time and effort to clear those things up.

When I read your post yesterday I thought for sure some friend was just yanking your chain.

Why in the world would they be monitoring your posts on DU??? Did I miss something???

does DU indeed get frequent hits from FBI ip addresses? How many a month?

OP: Do you think any of your previous DU posts could in the slightest way have prompted this call?

thought it would be funny to call you? These anti-American scumbags love to intimidate and harass anyone who disagrees with Bush or the right-wing nazis.

We all know that Freerepublic members frequent DU to snoop around. You are obviously using your real name on DU and it probably wouldn't be hard to get a hold of your phone number.

If they did that, they would be thrown out on their asses.

It's a threatening phone call. I know someone who was actually beat up by phonies saying they were "government agents". They just wanted the guy's property.

Sub-thread removed by moderator. Click here to review the message board rules.

"we're onto you" seems so cartoonish.

Edit to ask others...Is this just a cry for attention?

Seems so

...more like hackers than proper phreaks, but it was in the early 80's so there was a lot of crossover.

In any case, one of the paramount feats of hacking at the time was getting into COSMOS, which was ATT's main switching computer system. I know of at least one person who got into COSMOS and switched a rival's phone number to something else (and they got caught for it, IIRC). If they could do that, they probably could have assumed someone's phone number for awhile, too.

Would any of that still work nowdays? I have no clue. (google 'COSMOS' and 'phrack' to see how it used to be done). I'd be surprised if it still did, but then again, who knows what they're using nowdays. In any case, while it would undoubtedly be VERY hard to spoof caller id, it's ultimately just a little bit of ASCII data between the second and third ring tones.

I wouldn't rule out some low-tech, social-engineering method either. Is it possible that someone got an outside line from the FBI and may not even have worked there? (there's always the 'flower delivery' scam, if nothing else...ie., "Can I use your phone to call the office and check on this order?"). People used to hack corporate PBX's back in the day, too.

Why they would go to all that trouble just to "prank" you (or intimidate you) like that? That's a lot more perplexing, and ultimately, I would find that question more disturbing to contemplate...

Keep us posted.

The police office was wrong on how hard it is to spoof the caller id (*69) service. Reasonably clever hackers can place calls that show any number you want on the caller id. If you aren't a reasonably clever hacker, then there are multiple commercial services that will do it for you (for a fee).

One example: http://www.spoofcard.com/ - but there are at least a half-dozen firms that offer the same service.


Caller ID spoofing gives business professionals the ability to manipulate their identity to their choosing and stay anonymous. Caller ID spoofing is also valuable in defeating popular telephone services such as "*57 Call Trace", "*69 Last Call Return", "Anonymous Call Rejection" and "Detailed Billing". Private Investigators will find Caller ID spoofing valuable for pretext calls.

Ain't those public and available online?

What if he or she is on this thread?

(dramatic music as we all eye one another suspiciously)

It's sent along from the CALLERS phone switch (PBX), and can be anything. That's how you get the switchboard number instead of the DID (aka extension) number.

There are even services that will do this for you...

The phone company could do a real trace and ignore the sent along caller id info and look at the actual switch routing from termination to origination.

Enjoy: http://www.usatoday.com/tech/news/2006-03-01-caller-id_x.htm

Would that mess up a trace?

In any event, no agency showed much interest in pursuing this. That's quite understandable and justifiable since it was just one call. If it recurs, their stance would hopefully change. In that event, your article will be a fine infomational starting point.

I think your info makes it clear it was a sick spoofer on the loose.

Thanks much. :toast:

PS - you might want to start a thread based on that USATODAY article. It's that informative.

An easy way to do it without installing hardware is to purchase an inexpensive loudspeaker phone. Point your mic to the speaker, open your recording software and click record.

is to get a simple device from Radio Shack (I can't remember what it's called) and get a tape recoder and a tape. I did this to a cheating boyfriend a few years ago.

Especially today with IP phones. My friends and I frequently spoof caller ID to make crank calls to each other at work. It alleviates the boredom sometimes.

Google "Phone Trick Page" to see what I mean. You can have a synthesized voice send someone a message from any computter on the internet while spoofing the caller ID. The potential for fun is insane, particularly if you send "HAL 9000 needs a beer. TechHead will accept one in proxy. Don't make me angry, Dave."

Good times, I tell you!

:rofl:

:D

Seriously, though, this could be pretty scary if it's really them. Hopefully it is just someone playing a sick joke.

Of course, I used to think it was flatly impossible. But I guess that's just pre-December 12, 2000 thinking.

just so you know. too many people don't post when creepy stuff happens - and as a result everybody feels alone when it happens to them, even though its pandemic these days - its always good to talk - even if it was a freeper pulling your leg, you just raised the awareness on a fraudulent freeper intimidation tactic by not being silent... :)

That I cannot trace to anywhere... I filed a report with the FBI twice now, and nothing... this guy has sent me maps of where I live, and wonderful statements like:

"SO YOU NEVER ASKED ME ABOUT THAT AHMED HUBER FAKE NAME UH?

THAT MAKES YOU A BIT WEAK!

AND YOU KNOW I WILL INSIST ON THAT

GET IT DEAR ?"


another one:

"She is not dead-but only flying higher,
Higher than she's flown before,
And earthly limitations
Will hinder her no more.


she'll be dead soon and flying underground! hhahahahahahaha like a fucking rat!"

and he sends me sick photos of dead bodies... the address is Chicago, Covad.

Here is the thing though... at the same time I am getting thousands of porn msg a day and you know what? They come from here:

Received: from pswm7.cp.tin.it (192.168.70.27) by vsmtp12.tin.it (7.2.072.1)
id 44ACB5AA001088E7; Thu, 6 Jul 2006 20:21:08 +0200

---


WHOIS results for 7.2.072.1
Generated by www.DNSstuff.com

Location:


NOTE: More information appears to be available at MIL-HSTMST-ARIN.

Using 2 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).


OrgName: DoD Network Information Center
OrgID: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US

NetRange: 7.0.0.0 - 7.255.255.255
CIDR: 7.0.0.0/8
NetName: DISANET7
NetHandle: NET-7-0-0-0-1
Parent:
NetType: Direct Allocation
Comment:
RegDate: 1997-11-24
Updated: 2006-04-28

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-800-365-3642
OrgTechEmail: **********@nic.mil

# ARIN WHOIS database, last updated 2006-07-04 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

tin.it is Telecom Italia in Rome. Could be anything from a machine on their network that is compromised and is sending these emails to a spammer who stole an account. If the next hop isn't your mail server, it would be interesting to see. The 7.2.72.1 could be used internally and not actually be that .mil IP block you found.

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-16

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org

# ARIN WHOIS database, last updated 2006-07-07 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

It's for non-routed private networks, like the wireless inside your house behind a router.

There are other non-routables, the most common is the 10.x.x.x class A, next is the 172.16to31.x.x class B

free for use to anyone. It's like saying "this message came from a house or building of some sort". The whole range is reserved for private networks, so you'll see that number pop up a lot on any home or private work network.

That DSL modem or Cable modem or wireless router you bought at Best Buy? It's going to put your computer on a 192.168 network.

Might want to run a spyware/etc sweep on your machine.

Like someone walked in and walked out without ever have been there if that makes sense...

I know PCs are easily hijacked to send p0rno spam; I know you're getting stuff from an Italian ISP that traces to a California server.

so you are getting death threats and the military is relayng porn spam to you? Talk about things being dizzy fucked up.

The maps thing is scariest....so presumably this person got your name/address from a website or whois lookup on a site you own. If its just the general area though, that could be harvested off DU or any other site through embedded images which record your IP, (unless you use a proxy.)

I am GLAD when people talk about harassment. I was getting creepy calls from the caller ID "guardian" that said things like "hurry up and die"...then I looked up the number online and saw people had the same experience...probably those who post are the tip of the iceberg...so thanks fer sharing...It helps other people out.

One of the emails with one of the threats... he says to graphic to post at DU. Here is the problem I see... this is not isolated and it is not isolated, then it can only be coordinated, but to coordinate spoofing an IP off DIA server is not that easily done... something is wrong here and I don't like what I think it may be.

One more item of note... google that Ohio address and words like "vote" or "election" or, well you get the idea... an interesting pattern develops.

geeze, that's the real thing. And no, I don't think its spoofed at all. probably a "hacked" server...hacked intentionally by corrupt fuckers in Ohio.

These assclowns operate extra-legally like that, and they thrive on a diet of bullshit ...I think if the holocaust denier you were supposed to ask about has no meaning to you, its probably because the harasser has been told that you are a secret nazi or the like. The lowest level ones are told things like this under the pretenses that they are privvy to secret intelligence, when actually its just somebody shitting in their mouth to get them to do dirty little jobs.

regardless, whatever intrigue lies behind, nothing can hide the 2+2=4 fact that its all extremely retarded, thats what it comes down to in the end. The little boy trying to scare other kids on the playground, emotional at its core. best to be intellectual in handling it, that's my two cents! :)

PM me if I can do anything to help!

Please, watch your ass.

I know that sounds lame, but ISPs are becoming more and more helpful in tracking cases of harassment and threats online, and they can help document cases to file with the local authorities, and can help escalate to the feds.

I'm so sorry this is happening to you, lala_rawraw... That's really annoying and creepy. :(

If they are stalking you because of DU posts, how would someone get that info off DU? --- likewise with the dear lady getting death threats and maps to her house. How would they even get her address off DU?

And should I be concerned about my private IPS information that DU servers undoubtedly record but doesn't show on my posts??

I myself had a hacker from Florida who gave out the information about all of the boards I was on.

I'd bet money on it, assuming Jim Sagle is your real name.

If that's the FBI's phone number. I thought I read that in this thread.

The only thing I can say is that if someone is using the fbi's number, you have a clear cut case against them. I would file a complaint with the fbi that they are being impersonated.


I would bet anything that you won't get an answer on this. And given we're now being wiretapped, it would be pretty revealing if you weren't able to get their attention.

I find this most disturbing. This is the act of someone who is deeply troubled. And it's quite ironic that here we are wanting to "wiretap", and I will guarantee that you won't get the time of day.


Then again, I personally would probably be too afraid of my own country's fbi to go near them. What a joke.

The local police said it wasn't a crime, because the caller didn't SAY he was FBI.

call them and ask for their security office. I am sure they have a sophisticated PBX system that logs outgoing calls.

Sounds like a prank call. There are plenty of web sited that allow for spoofing caller id information.

From Security Focus New Caller I.D. spoofing site opens.

This was from Oct '04 and a quick google shows there are now several more. I suspect someone is playing you since having a number in caller id is in no way proof positive about the origin of the call.

MZr7

n/t