Thursday, July 09, 2009

Thousands have voicemail and data hacked

Today's Guardian leads with the news that Rupert Murdoch's UK newspaper group has paid out over £1m in an attempt to cover-up a crime wave by its journalists:
The payments secured secrecy over out-of-court settlements in three cases that threatened to expose evidence of Murdoch journalists using private investigators who illegally hacked into the mobile phone messages of numerous public figures to gain unlawful access to confidential personal data, including tax records, social security files, bank statements and itemised phone bills. Cabinet ministers, MPs, actors and sports stars were all targets of the private investigators… officers found evidence of News Group staff using private investigators who hacked into "thousands" of mobile phones.

There are two particularly troubling aspects to this story. The Metropolitan Police, Crown Prosecution Service and Information Commissioner's Office all had prima facie evidence of these crimes, but have declined to take action against News Group. And, mobile phone companies continue to allow access to messages using voicemail PINs set to defaults that are apparently known throughout the media.

Perhaps in future:
  1. Law enforcement agencies will take action against those discovered to be breaking the law, whether or not they work for powerful newspaper groups?
  2. Mobile phone companies will not leave their customers' communications wide open to abuse?
  3. Government agencies and companies will think a little more carefully before building up large collections of sensitive personal data that will inevitably be sold to the highest bidder?


Andrew Oakley said...

For values of "hacked" that include "reading the manual that comes with the SIM card that everyone owns and noting that people are too lazy to change their default PIN codes".

If locksmiths fitted every door with a lock that could be opened by the same key, and then sent each homeowner a letter telling them how to change their key, would the police investigate the burglars, the homeowners or the locksmiths?

Ian Brown said...

In that scenario, the locksmiths absolutely should have some liability.

John said...

Every mobile I have owned has clear warnings about the default PIN and equally clear instructions about how to change it. I don't have Voicemail or answer phone and this is ultimate protection. Why blame the makers and distributors of phones - fixed and mobile?

Ian Brown said...

Because most mobile users aren't as attentive as you, and it would be trivial to either disable remote voicemail access until a user has set a PIN, or set random default PINs that were notified inside the phone packaging?