The British tabloid is accused of breaking into voicemail accounts of various celebrities and dignitaries — and even crime victims and their families— in a relentless hunt for scoops.
Many of the methods that phone hackers use are surprisingly low-tech.
“Pretexting” is a common technique for fooling company representatives into giving up a customer’s private account information. A pretexting scheme works like this: A hacker calls up the telephone company pretending to be his victim. An agent asks for personal information, such as mother’s maiden name or a pass code, to determine the person’s identity. Knowing bits of key information — such as a Social Security number, names of family members on the accounts — can help a hacker establish credibility in pretexting attacks. Having access to the target’s email account can be valuable as well. If the responses to the questions are convincing enough, the rep will surrender call logs or passwords.
Anyone found guilty of pretexting in the U.S. could face up to 10 years in prison.
In other cases in Britain, all journalists had to do was dial directly into victims’ phones and enter a default or easy-to-remember password, such as “1111,” to gain access to their voicemails.
Just as many people are surprised by how easy it is to hack into someone’s Internet email account — the “forgot my password” feature is reviled by many security professionals — it may be surprising as well that phone accounts aren’t much safer.
Unlike an ATM withdrawal that requires a bank card and a PIN code, voicemail typically only requires a PIN code.
“The four-digit PIN will someday die, but I can’t tell you when,” said Mark Rasch, director of cybersecurity and privacy consulting for Computer Sciences Corp.. “Businesses still like it, and people like it because it’s easy and easy to remember. But it’s only easy and easy to remember if you use the same PIN for everything — and once you do that, if you’ve compromised it one place, you’ve compromised everywhere.”
If all else fails, hackers can sometimes purchase phone information. Britain’s Guardian newspaper has reported allegations that other investigators paid bribes to obtain information from Britain’s police database, the drivers’ licensing agency, and cell phone companies.
Read More @ MSNBC
