Voicemail spying shows phone network weak spots

Jul 07, 2011 By JORDAN ROBERTSON and RAPHAEL G. SATTER , Associated Press

The voicemail tampering scandal engulfing Rupert Murdoch's News of the World tabloid demonstrates not only the vulnerability of phone networks, but also the fallibility of the people who help maintain them.

The British tabloid is accused of breaking into voicemail accounts of various celebrities and dignitaries -and even crime victims and their families- in a relentless hunt for scoops.

Those accused of hacking on behalf of Murdoch's publication were alleged to have employed a variety of ruses. Glenn Mulcaire, the private investigator at the center of the scandal, once targeted members of Britain's royal household by duping phone operators into handing over their personal codes. Those PIN codes in turn allowed him and tabloid journalist Clive Goodman to listen in on the royal family's voicemails.

Many of the methods that phone hackers use are surprisingly low-tech.

"Pretexting" is a common technique for fooling company representatives into giving up a customer's private account information. A pretexting scheme works like this: A hacker calls up the telephone company pretending to be his victim. An agent asks for personal information, such as mother's maiden name or a pass code, to determine the person's identity. The customer service rep then surrenders call logs or passwords if the information is convincing enough.

Perhaps the most famous example of pretexting emerged in 2006 when it was revealed that Co. was spying on journalists and its own board members by hiring private investigators to retrieve their phone logs. The practice was already illegal in the U.S., but was common in the world of private investigations because prosecutions were rare. After the HP debacle, new federal legislation clarified the penalties. Anyone found guilty of pretexting in the U.S. could face up to 10 years in prison.

Knowing bits of key information -such as a Social Security number, names of family members on the accounts - can help a hacker establish credibility in pretexting attacks. Having access to the target's e-mail account can be valuable as well.

In other cases in Britain, all journalists had to do was dial directly into victims' phones and enter a default or easy-to-remember password, such as "1111," to gain access to their voicemails.

The News of the World fiasco has led to prison terms for an investigator and a former reporter for the tabloid, caused several major companies to pull advertising. It is complicating Murdoch's attempt at a multibillion-pound (dollar) takeover of British Sky Broadcasting, which some in government now insist should be blocked because of the hacking incident.

Authorities say tabloid staffers may have interfered with police investigations by hacking into the cellphone of a 13-year-old girl who was eventually found murdered. The staffers are also being investigated on allegations of tampering with phones of victims of the July 7, 2005, terrorist attacks in London, which killed 52 people.

Just as many people are surprised by how easy it is to hack into someone's Internet e-mail account - the "forgot my password" feature is reviled by many security professionals- it may be surprising as well that phone accounts aren't much safer.

Unlike an ATM withdrawal that requires a bank card and a PIN code, voicemail typically only requires a PIN code.

Today, we simply store too much information and don't take enough advantage of technologies such as voice recognition, for instance, that could better secure voicemail, said Mark Rasch, director of cybersecurity and privacy consulting for Computer Sciences Corp.

"The four-digit PIN will someday die, but I can't tell you when," Rasch said. "Businesses still like it, and people like it because it's easy and easy to remember. But it's only easy and easy to remember if you use the same PIN for everything - and once you do that, if you've compromised it one place, you've compromised everywhere."

If all else fails, hackers can sometimes purchase phone information. Britain's Guardian newspaper has reported allegations that other investigators paid bribes to obtain information from Britain's police database, the drivers' licensing agency, and cell phone companies.

The phone numbers and passwords were obtained in industrial quantities. Last year Scotland Yard said that some 4,000 names, 3,000 cell phone numbers and nearly 100 passwords had been found in Mulcaire's notes when he was arrested.

Explore further: Researchers create global road maps showing potential economic and ecological consequences of new roads

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

New arrest in UK phone hacking scandal

Jun 27, 2011

(AP) -- Britain's Press Association news agency said Monday one of its reporters was arrested by detectives investigating a widening phone hacking scandal.

Thousands to be contacted in UK hacking case

Feb 09, 2011

(AP) -- British police revealed Wednesday it would contact thousands of people whose cell phones may have been targeted by the News of The World tabloid, an indication of the scale of the scandal at the heart of Rupert Murdoch's ...

Britain shocked by hacking into slain girl's phone

Jul 05, 2011

(AP) -- Britain's long-running phone hacking scandal has taken a sickening twist, with claims that a tabloid newspaper hacked into the phone mail of an abducted teenage girl and may have hampered the police ...

UK phone-hacking 'targeted ex-premier Brown'

Jan 23, 2011

Britain's opposition Labour party called Sunday for a fresh police probe into phone-hacking by journalists, amid reports that former prime minister Gordon Brown was among the high-profile figures targeted.

Researchers show how to use mobiles to spy on people

Apr 22, 2010

(PhysOrg.com) -- Researchers have demonstrated how it is possible to use GSM (Global System for Mobile communications) data along with a few tools to track down a person’s mobile phone number and their location, ...

Recommended for you

China's Alibaba plans IPO for week of September 8

10 hours ago

Chinese e-commerce giant Alibaba plans to hold its initial public offering on the US stock market the week of September 8, the Wall Street Journal reported Saturday, citing a person familiar with the matter.

Tablet sales slow as PCs find footing

11 hours ago

Tablets won't eclipse personal computers as fast as once thought, according to studies by market tracker International Data Corporation (IDC).

Startups offer banking for smartphone users

11 hours ago

The latest banks are small enough to fit in the palm of your hand. Startups, such as Moven and Simple, offer banking that's designed specifically for smartphones, enabling users to track their spending on the go. Some things ...

FIXD tells car drivers via smartphone what is wrong

Aug 29, 2014

A key source of anxiety while driving solo, when even a bothersome back-seat driver's comments would have made you listen: the "check engine" light is on but you do not feel, smell or see anything wrong. ...

User comments : 0