

                     . A Mobile Phone ANI-Diversion Technique .


  Date: Monday, October 29, 2001
  Author: The Clone


    [ inDEX ]

    . - Disclaimer

    . - Introduction

    . - Explanation

    . - Conclusion

    . - Credit

    . - Contact Information


  -_-


 Disclaimer: The content within this file is for informational and
             entertainment purposes only. Unauthorized access of the
             systems spoken about in this file using this ANI-spoofing
             technique may get you in trouble with local and/or national
             law enforcement. Don't do naughty things... thanks.

 -

  Introduction:

   Several months ago while sitting at home having nothing better to do but
   mess around with various phone numbers on my cell phone, I discovered
   something rather interesting. By calling up specific toll-free ANAC systems
   in the United States belonging to AT&T and other carriers, the Automatic
   Number Identification (ANI) information that I was read was completely
   different than the information that actually belongs to me. This got me a
   bit curious as to why this might be occurring. The rest of this file will
   delve a little bit into the steps I took in order to conclude the theory of
   my misread ANI account data.


  Explanation:

   With my Pre-Paid FIDO GSM phone calling from the 780 area code in Edmonton,
   I called up several ANAC systems and on every one of these systems the ANI
   information read back was: 780-707-0000, which didn't appear to be my phone
   number. After calling that phone number back, I was suprised that FIDO's
   "this number is not in service" recording came on.

   When calling from a Rogers AT&T Pay-As-You-Go TDMA cellphone, the ANI
   information read back was: 780-965-0000, which didn't appear to be my phone
   number either. After calling that phone number back, I got a similar
   message from ROGERS AT&T telling me the number I called was not in service.

   When calling from a Telus / Clearnet CDMA cellphone, the ANI information
   read back was: 780-427-5700, which didn't appear to be my phone number
   either. After calling that number back, I got a message from Telus telling
   me the number I called wasn't in service.

   The Potential? By simply using a cell phone without any physical/mode
   modification whatsoever, one may spoof their ANI information from American
   Toll-free Carriers such as; AT&T, MCI WORLDCOM, TRACFONE, VERIZON, etc.
   With your actual phone number information not being registered with the
   end-carrier, you have the ability to bruteforce a large number of the
   blocked carriers without fear of being tracked - perfect diversion
   techniques. If one wanted to call in a bomb threat, they could get away
   with it. If someone wanted to prank call, harrass, or otherwise piss
   someone off over the phone without fear of being tracked (through basic means),
   they could.

   Want an ANAC # to test your cell phone on?
   http://groups.google.com/groups?q=ANAC+%23%27s


  Conclusion:

  Instead of your phone's MIN (MSISDN in GSM terms) passing through to the end-
  carrier, the information passing through is that of the mobile switches' 
  aliased phone number - often called "pseudo ANI". Please keep in mind that the
  MSSC (Mobile Services Switching Center, Home Location Register in GSM terms)
  do keep records of what customers ESN/MIN called what phone number at any given
  time. Please be aware of the consequences, and DO USE other diversion techniques
  in addition to this if you wish to be 100% anonymous in all of your future
  phreaking escapades!
  

  Credit: 
   
   Thanks to 'TRON' for the additional information.


  Contact Information:

   E-MAIL: theclone@hackcanada.com
      URL: www.nettwerked.net


