Caller ID spoofing is one of the most dangerous cybercrimes related to VoIP numbers. It falsifies the information about who is calling by showing a legit Caller ID, when the real caller is a fraudulent entity. If that alone is not spooky enough, imagine your company number is stolen and someone is using it for their malevolent purposes.
To protect clients and businesses from it, STIR/SHAKEN initiative is put in place.
What is it all about?
STIR/SHAKEN is a number of special protocols and procedures aimed at verifying the information displayed on the Caller ID. This system uses carriers' info to verify the Caller ID as legitimate or not legitimate.
STIR is a globally accepted standard that can be implemented in any country. On the other hand, SHAKEN is specific to the US. But that’s not the only difference.
STIR, Secure Telephony Identity Revisited, gives a special digital signature for a VoIP call.
SHAKEN, Secure Handling of Asserted Information Using Tokens, is a set of standards for the service providers on how to manage STIR-authenticated calls in their networks.
Is this initiative robust or obligatory? It certainly is, as those providers failing to implement STIR/SHAKEN and register in its database will not be able to provide any domestic voice traffic services.
So, how does it work?
To avoid technical language, what STIR/SHAKEN basically does, is that it attributes digital signatures to ensure that the person/organization making the phone call is really who they say they are. There are three types of signature (or Attestation) levels:
Level A: the highest attestation level. The service providers attribute it to indicate that they know the caller and that the caller has the right to use this phone number (the caller ID).
Level B: the middle level, meaning the service providers know the caller but are uncertain if it has the right to use this caller ID.
Level C: none of the above is true, and the caller can’t be verified.
As you can see, though not eliminating the issue of spam and spoofing, STIR/SHAKEN initiative still offers a great security and monitoring system that largely reduces the risk of cybercrimes.
How come the acronym STIR/SHAKEN? As you probably guessed, it is inspired by James Bond, who prefers his Martinis shaken and not stirred. Jim McEachern, a senior technology consultant with the ATIS, commented on that, “We tortured the English language until we came up with an acronym”.