. A Mobile Phone ANI-Diversion Technique . Date: Monday, October 29, 2001 Author: The Clone [ inDEX ] . - Disclaimer . - Introduction . - Explanation . - Conclusion . - Credit . - Contact Information -_- Disclaimer: The content within this file is for informational and entertainment purposes only. Unauthorized access of the systems spoken about in this file using this ANI-spoofing technique may get you in trouble with local and/or national law enforcement. Don't do naughty things... thanks. - Introduction: Several months ago while sitting at home having nothing better to do but mess around with various phone numbers on my cell phone, I discovered something rather interesting. By calling up specific toll-free ANAC systems in the United States belonging to AT&T and other carriers, the Automatic Number Identification (ANI) information that I was read was completely different than the information that actually belongs to me. This got me a bit curious as to why this might be occurring. The rest of this file will delve a little bit into the steps I took in order to conclude the theory of my misread ANI account data. Explanation: With my Pre-Paid FIDO GSM phone calling from the 780 area code in Edmonton, I called up several ANAC systems and on every one of these systems the ANI information read back was: 780-707-0000, which didn't appear to be my phone number. After calling that phone number back, I was suprised that FIDO's "this number is not in service" recording came on. When calling from a Rogers AT&T Pay-As-You-Go TDMA cellphone, the ANI information read back was: 780-965-0000, which didn't appear to be my phone number either. After calling that phone number back, I got a similar message from ROGERS AT&T telling me the number I called was not in service. When calling from a Telus / Clearnet CDMA cellphone, the ANI information read back was: 780-427-5700, which didn't appear to be my phone number either. After calling that number back, I got a message from Telus telling me the number I called wasn't in service. The Potential? By simply using a cell phone without any physical/mode modification whatsoever, one may spoof their ANI information from American Toll-free Carriers such as; AT&T, MCI WORLDCOM, TRACFONE, VERIZON, etc. With your actual phone number information not being registered with the end-carrier, you have the ability to bruteforce a large number of the blocked carriers without fear of being tracked - perfect diversion techniques. If one wanted to call in a bomb threat, they could get away with it. If someone wanted to prank call, harrass, or otherwise piss someone off over the phone without fear of being tracked (through basic means), they could. Want an ANAC # to test your cell phone on? http://groups.google.com/groups?q=ANAC+%23%27s Conclusion: Instead of your phone's MIN (MSISDN in GSM terms) passing through to the end- carrier, the information passing through is that of the mobile switches' aliased phone number - often called "pseudo ANI". Please keep in mind that the MSSC (Mobile Services Switching Center, Home Location Register in GSM terms) do keep records of what customers ESN/MIN called what phone number at any given time. Please be aware of the consequences, and DO USE other diversion techniques in addition to this if you wish to be 100% anonymous in all of your future phreaking escapades! Credit: Thanks to 'TRON' for the additional information. Contact Information: E-MAIL: theclone@hackcanada.com URL: www.nettwerked.net