Let’s explain what makes the new Bitphone VoIP service, a perfect tool to perform some social engineering calls.
Bitphone is a new VoIP service, a perfect tool to perform some social engineering calls, but why?
Bitphone is like a Payphone, the only difference is that in this case you need to pay it with bitcoins (it accepts around 40 types of bitcoins), what helps the anonymity part.
To be able to use the service, there is no need to register, and you can pay your call by transferring bitcoins from your wallet, all this using a QR code transfer, and when you deal it will show up as an Arizona number.
If you register (not mandatory), there will be one major advantage, you can make show up whatever CLI you want when calling, meaning that you can call yourself and the CLI can even be your own number. You can also do conference calls with 2 people.
Yet about the registration part, there are no email checks about the owner of the email.
The calls are cheap (as many services now).
Bitphone is owned by Solidcloud.io and they say in their terms and conditions, that you must not use this service unlawfully.
There were cases in the past in the UK where regulators closed services that spoof CLI, but since this one is in the US there is no problem (let’s see until when).
Think like a crook and imagine the possibilities behind a service like this one.
About the Author Elsio Pinto
Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.