As anybody who has been watching the news already knows, the folks at News Corp are facing quite a bit of trouble these days. Even Rupert Murdoch himself, the normally elusive media mogul and controller of politicians everywhere, has been called on the carpet to answer questions about the dirty dealings that went on at the now-defunct British tabloid newspaper News of the World.
The problems started when it was revealed that a News of the World reporter had hacked into the voice mail of a thirteen-year old murder victim, giving the parents of the girl false hope that she was still alive. When the rock that had been used to cover this transgression was kicked over, a whole nest of nasty critters scurried into the open, and it was soon discovered that the Murdoch empire hacking activity had truly known no bounds. Politicians, celebrities, police officials, crime victims, parents of dead soldiers, even members of the royal family – no one had been safe from the prying ears of News Corp “journalists.” There have even been reports here in the United States that the voice mail accounts of family members of 9-11 victims have been hacked into by zealous News Corp employees looking for any juicy tidbits of information they could find.
As salacious and interesting as this scandal is, the best thing about this story is that it has revealed to the public just how vulnerable we all are to outside intruders who would like to invade our privacy and steal our identities. Even if we are not among the ranks of the rich and famous, we are still vulnerable to the depredations of identity thieves, just plain thieves, and ne’er-do-wells everywhere.
The Vulnerability of Voice Mail
Of the four major cell phone carriers, only Verizon Wireless requires customers to have a password for voice-mail accounts that must be entered each time an account is checked for new messages. AT&T, T-Mobile, and Sprint make passwords optional, and while this gives the consumer more choice, it is this very practice that leave voice-mail accounts wide open for attack.
The risk comes from a technique known as caller ID spoofing. Computer programs have been developed that will allow anyone to call a phone number with a caller ID signature different from their own, and there are online sites available that offer their services to anyone willing to pay for them. In order to use one of these sites, a potential hacker just has to provide their own phone number and the phony or alternative number they’d like to use as their spoof ID, and they can then call any number they’d like from their computer.
Of course, in situations where infiltration of a voice mail account is the goal, the ID spoof number and the number being called will both be the cell number that is being targeted for hacking. Once the connection has been made, if no voice-mail password has been used, accessing the messages in that account will be the proverbial piece of cake. ID spoofing first got a lot of publicity back in 2006 when Paris Hilton was caught using a spoofing service to hack into the voice-mail account of Lindsay Lohan. News Corp was doing it long before that, but it took them a lot longer to get caught.
Adventures in Password Creation
Needless to say, using a passcode for voice mail accounts is a no-brainer. We all like convenience, but it only takes a few seconds to tap in a four-digit passcode, so there really is no excuse to leave such an obvious opening for predators who are always looking for ways to invade people’s lives. Any other applications on a smart phone that might contain sensitive information should have their password options enabled, and the passwords used should all be different. Passwords should also be changed frequently, and extra effort should be taken to ensure that passwords cannot be logically deduced by determined infiltrators.
Some of the traps that must be avoided when selecting passwords are rather obvious. Birthdays, anniversaries, children’s names, pet names, job titles – anything that could be deduced from studying an intended victim’s life and history is a bad choice for a password. When choosing a four-digit passcode, simplistic patterns such as numbers in sequence (1234) and numbers that repeat (1111) should be avoided. These passcodes should be chosen completely at random, so they are totally un-guessable and un-deducible. While most people will need a master password list so they can keep track of all their passwords, this list should never be carried around out in public. Passwords that will be used outside the home should be fixed to memory where they are safe from prying eyes and sticky fingers.
The Truth in Caller ID Act of 2010 has now made it officially a crime to use ID spoofing to access voice mails for nefarious purposes. This law will of course be unenforceable, since sites offering ID spoofing services can always move off-shore if they start getting hassled by the feds.
When it comes to security, no one should expect help from the government or anyone else. Security is everyone’s personal responsibility, and anyone who uses voice mail should make sure it is always password protected. Voice-mail messages in most cases probably seem benign; but for those determined to scam or cheat the vulnerable, even the slightest detail could help them find a way to create mayhem. Anyone who fails to take all necessary precautions to protect themselves could be someone’s next victim.