Overview

Project Buttdial is designed to facilitate the jamming of phone lines, preferably of phone scammers, as a retaliatory measure.  It is open source.  So when the “IRS” calls you and tells you they’re coming to arrest you – now you have an option to jam their phone lines.

Update

Update #2 – Dockerized ButtDial on GitHub.

Code has been updated to be all python, no bash, and included auto-rotating numbers:

Visit buttdial.py on github and remember I suck as using git, but I’m trying.

Just a regular scam?

At work one day and I get a phone call.  Samsung’s handy screening thing tells me it is a scam number.  Of course, I ignore.  And they leave a voicemail.  I go back to work.

Until they called again 5 minutes later.

And the voicemail, an exasperated voice letting me know that my order was incomplete, was literally identical to the first message.  Weird that they’d call again so quick, probably a quirk in their autodialer.

Then I received upwards of 7 more phone calls from that same number that day.  Well, if you’re going to be like that…

It’s on now, assholes

Inspired by Project Mayhem, I decided to harass these people back and jam up some lines.  Let’s talk about the “how” of doing this attack.

Step 1 – Need a way to make calls

I don’t have a way to make automated phone calls.  So I did some research and signed up for an account with Twilio.  They are a useful service, reasonable rates, and some good info about use various scripting languages to interact with their REST API.  I also suck at Python most days, so it was a chance to practice it a bit.  You gotta pay up a bit, but I tossed in $20 to the account and it was more than enough for my purpose.

Step 2 – Lets make a server to do some stuff

Next I needed a server to host the XML files.  It had to have a public IP address and something like Ubuntu fit my needs perfectly.  I opted to use my Azure credits this month on this project, though if I wanted a more permanent solution, I would probably use Digital Ocean.

Install Apache, make sure Python is good to go, and we have all our tools.

Step 4 – What the hell is TWiML

Twilio uses this thing they call TwiML.  Fancy way of saying a specifically formatted XML document.  They have some tools to generate them, but I found it way easier to just write the files myself directly.  Browse through their stuff to figure out what was going on, or just look at the XML doc I wrote.

When viewing that XML, it is pretty straightforward how it works – It waits 14 seconds, the length of the “thank you for calling us back” automated response, says “Hello” waits a couple of seconds, and then starts harassing them back.  Key note here, you do have the ability to start a never-ending loop by setting loop counts to 0, but then they’ll put you on hold and you’ll have a 10 hour phone call on your bill.  So don’t do that.

Anyways – so the XML is done and hosted.  Now the next part:

Step 5 – God I suck at python

Twilio uses a REST API, so you need to talk to it.  I decided to use Python, and I suck at it.  But using their examples and just kinda tweaking it a bit, I wound up with something that worked.

In that link you’ll find the python script I used.  I’ve removed my identifying info, such as account info, auth token, and the phone number I called from.  I left the scammer’s number in.  Feel free to harass them.

You get all the info you need from your Twilio account, so if you use that script, modify the data accordingly.

Step 6 – Bash Wrapper

I wrote a little BASH script wrapper that run the python script quickly.  Simple one-liner:

#!/bin/bash
while true; do python ./makecall.py; sleep 1; done

Ta-da!  Now we run the bash file and start the fun!

Step 7 – Results

Making rapid phone calls

 

 

 

 

Conclusion

This worked out pretty well.  I’d question how sustainable it is as I am a cheap bastard, but I ran through about $15 worth of credit occupying their phone lines for an hour or so.  However, I did get busy signals when calling the number from a Burnr line, so I’d say it worked.

And it was fun.

Don’t do this to innocent people, everyone.  This was a project to jam some phone lines of scammers.