Voicemail spying shows phone network weak spots

Jul 07, 2011 By JORDAN ROBERTSON and RAPHAEL G. SATTER , Associated Press

The voicemail tampering scandal engulfing Rupert Murdoch's News of the World tabloid demonstrates not only the vulnerability of phone networks, but also the fallibility of the people who help maintain them.

The British tabloid is accused of breaking into voicemail accounts of various celebrities and dignitaries -and even crime victims and their families- in a relentless hunt for scoops.

Those accused of hacking on behalf of Murdoch's publication were alleged to have employed a variety of ruses. Glenn Mulcaire, the private investigator at the center of the scandal, once targeted members of Britain's royal household by duping phone operators into handing over their personal codes. Those PIN codes in turn allowed him and tabloid journalist Clive Goodman to listen in on the royal family's voicemails.

Many of the methods that phone hackers use are surprisingly low-tech.

"Pretexting" is a common technique for fooling company representatives into giving up a customer's private account information. A pretexting scheme works like this: A hacker calls up the telephone company pretending to be his victim. An agent asks for personal information, such as mother's maiden name or a pass code, to determine the person's identity. The customer service rep then surrenders call logs or passwords if the information is convincing enough.

Perhaps the most famous example of pretexting emerged in 2006 when it was revealed that Co. was spying on journalists and its own board members by hiring private investigators to retrieve their phone logs. The practice was already illegal in the U.S., but was common in the world of private investigations because prosecutions were rare. After the HP debacle, new federal legislation clarified the penalties. Anyone found guilty of pretexting in the U.S. could face up to 10 years in prison.

Knowing bits of key information -such as a Social Security number, names of family members on the accounts - can help a hacker establish credibility in pretexting attacks. Having access to the target's e-mail account can be valuable as well.

In other cases in Britain, all journalists had to do was dial directly into victims' phones and enter a default or easy-to-remember password, such as "1111," to gain access to their voicemails.

The News of the World fiasco has led to prison terms for an investigator and a former reporter for the tabloid, caused several major companies to pull advertising. It is complicating Murdoch's attempt at a multibillion-pound (dollar) takeover of British Sky Broadcasting, which some in government now insist should be blocked because of the hacking incident.

Authorities say tabloid staffers may have interfered with police investigations by hacking into the cellphone of a 13-year-old girl who was eventually found murdered. The staffers are also being investigated on allegations of tampering with phones of victims of the July 7, 2005, terrorist attacks in London, which killed 52 people.

Just as many people are surprised by how easy it is to hack into someone's Internet e-mail account - the "forgot my password" feature is reviled by many security professionals- it may be surprising as well that phone accounts aren't much safer.

Unlike an ATM withdrawal that requires a bank card and a PIN code, voicemail typically only requires a PIN code.

Today, we simply store too much information and don't take enough advantage of technologies such as voice recognition, for instance, that could better secure voicemail, said Mark Rasch, director of cybersecurity and privacy consulting for Computer Sciences Corp.

"The four-digit PIN will someday die, but I can't tell you when," Rasch said. "Businesses still like it, and people like it because it's easy and easy to remember. But it's only easy and easy to remember if you use the same PIN for everything - and once you do that, if you've compromised it one place, you've compromised everywhere."

If all else fails, hackers can sometimes purchase phone information. Britain's Guardian newspaper has reported allegations that other investigators paid bribes to obtain information from Britain's police database, the drivers' licensing agency, and cell phone companies.

The phone numbers and passwords were obtained in industrial quantities. Last year Scotland Yard said that some 4,000 names, 3,000 cell phone numbers and nearly 100 passwords had been found in Mulcaire's notes when he was arrested.

Explore further: Privacy groups take 2nd hit on license plate data

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

New arrest in UK phone hacking scandal

Jun 27, 2011

(AP) -- Britain's Press Association news agency said Monday one of its reporters was arrested by detectives investigating a widening phone hacking scandal.

Thousands to be contacted in UK hacking case

Feb 09, 2011

(AP) -- British police revealed Wednesday it would contact thousands of people whose cell phones may have been targeted by the News of The World tabloid, an indication of the scale of the scandal at the heart of Rupert Murdoch's ...

Britain shocked by hacking into slain girl's phone

Jul 05, 2011

(AP) -- Britain's long-running phone hacking scandal has taken a sickening twist, with claims that a tabloid newspaper hacked into the phone mail of an abducted teenage girl and may have hampered the police ...

UK phone-hacking 'targeted ex-premier Brown'

Jan 23, 2011

Britain's opposition Labour party called Sunday for a fresh police probe into phone-hacking by journalists, amid reports that former prime minister Gordon Brown was among the high-profile figures targeted.

Researchers show how to use mobiles to spy on people

Apr 22, 2010

(PhysOrg.com) -- Researchers have demonstrated how it is possible to use GSM (Global System for Mobile communications) data along with a few tools to track down a person’s mobile phone number and their location, ...

Recommended for you

Privacy groups take 2nd hit on license plate data

Sep 19, 2014

A California judge's ruling against a tech entrepreneur seeking access to records kept secret in government databases detailing the comings and goings of millions of cars in the San Diego area via license plate scans was ...

Scots' inventions are fuel for independence debate

Sep 17, 2014

What has Scotland ever done for us? Plenty, it turns out. The land that gave the world haggis and tartan has produced so much more, from golf and television to Dolly the Sheep and "Grand Theft Auto."

White House backs use of body cameras by police

Sep 16, 2014

Requiring police officers to wear body cameras is one potential solution for bridging deep mistrust between law enforcement and the public, the White House said, weighing in on a national debate sparked by the shooting of ...

Chinese city creates cellphone sidewalk lane

Sep 15, 2014

Taking a cue from an American TV program, the Chinese city of Chongqing has created a smartphone sidewalk lane, offering a path for those too engrossed in messaging and tweeting to watch where they're going.

Coroner: Bitcoin exchange CEO committed suicide

Sep 15, 2014

A Singapore Coroner's Court has found that the American CEO of a virtual currency exchange committed suicide earlier this year in Singapore because of work and personal issues.

User comments : 0