Slashdot Mirror
Cell Phone Records for Sale
tabdelgawad writes "The Washington Post has a good writeup on how 'data brokers' use various techniques to obtain cell phone records of individuals then offer them for sale to anyone who will pay. The data is obtained by either bribing phone company employees, or 'pretexting', or accessing unregistered customer accounts online. Although phone companies are the only source of this information (unlike, say SSNs which are available from many sources), one Cingular spokesman was quoted as saying that this is 'an infinitesimally small problem'."
Those are like mini-vinyl discs that you can plug into your phone for ringer tunes, right? I bet DJs will love them!
This is basically a candied way of saying "there's only a few ways they can do it, so don't worry about it."
Wrong. Compromise is as easy as one... that's right, one point of failure.
It's still a vulnerability.
This slashdot-related signature is a stub. You can help kihjin by expanding it.
i signed up with net 10 and i never even gave them my name, just pick up the phone at walmart, go online or call from a payphone to actiuvate it. wait 30 minutes to 1 day (varies) and it's active. i can buy refill cards with cash and activate them by phone or internet, all without giving out so much as my name. though it's a bit more expensive than standard cell plans at .10/min and .03/outgoin SMS they give me free incoming sms (Verizon are whores, they give everyone free outgoing sms and charge for incoming sms so you cann't control your spending)
Net 10 runs on the tracphone/cingular GSM network and has a nice quick voicemail system (verison i swear took me over 30 seconds to even start hearing voicemail)
no affiliation just a happy customer
verizon sucks
Snowden and Manning are heroes.
Calling the cell company and pretending to be the owner of the account. Since SSNs are apparently easy to acquire, access via pretexting should not be all that difficult. Of course, it is illegal.
IWARS.
People, in general, disappoint me. Politicians even more so.
It is a tiny problem for them, because it hasn't started to cost them money. They could give half a crap if my info was sold to anyone, it doesn't effect them at all.
There is quite a bit that could be done with this data, from it you can build social webs, For example Bob bought a brand new *foo* Brad is his friend, so perhap we can intrest Brad in a loan to also purchase a *foo*.
I am sure there are dozens of other things that could be found from this info.
I say make the company who releases my personal information pay me a hefty chunk of change, and it will stop being a tiny problem for them.
I used to have a cool sig, back when I cared
If phone companies are the only source, but are selling these records, they won't be the only source for very long, so won't it become a much larger problem pretty quickly?
Yes, for them, it is. Let's make it not so.
It's about time that companies were brought to book for being criminally stupid (not used in the legal sense, although I'd guess it's a grey area...)
Simon.
Physicists get Hadrons!
In certain circles, it is far from unknown that with a little grease to the palm and massage of the ego that you can get the weakest link in IT security, the human personnel, to compromise security and integrity of databases. It's been done for many years. Should it really surprise us that it happens with cell companies full of people who figure themselves underpaid for the work they do and having no real loyalties?
People who purposely reveal any customer personal account information should be punished for it, and given what incentives they need to testify against those who put them to it, and those who did made examples of. We know it's been done for years in IT, we certainly don't need it to spread in the cell world. A solid shout of intolerance for this from the public is needed.
Typically, this means that some politicians will make much, do little on topic, and load it with pork and rights abuses. So I'm not holding my breath.
At the telecom place I work, even without strict rules in place, I have always practiced a challenge based system to get information that the real customer should know about their company account off the top of their head. Until we have two-part authentication, it's the best I can do. Too bad so many others see no problem in farking over other people.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
I've been getting "chocolate bar" spam ever since news came out that almost three quarters of office workers in an impromptu man-on-the-street survey were willing to give up their passwords when offered the bribe of a chocolate bar.. The spam claims to provide 10 pounds of Hershey's chocolate in exchange for who knows what.
Two wrongs don't make a right, but three lefts do.
2) Seriously, are you that retarded?
So, I mail my check to Cox, my internet/cable/phone provider, to their Phoenix address. Cox then takes ONLY the phone payment and sends it to Israel as part of some nefarious zionist plot? And the fact that every phone company in the United States would save a ton of money by NOT sending all this stuff to Israel makes no difference, because it's worth the hit they take to support the evil Juden??
Good handle you have there sparky. Fits you just like your tinfoil hat.
Is the cell phone company guilty for releasing your call history? What was on your cell phone history for last month? Did you call your psychiatrist to reschedule? Did you call an aborition clinic? Did you call your mistress? And do you want anyone knowing this information.
What I can't figure out is, how does a firm keep updating the call history?
Or should the laws punish the people who steal the data? For example, if a private investigator obtains your phone history, should that PI go to jail?
The new world of no privacy anywhere is getting ridiculous. Between having all your private information made public, having cell phones with cameras, websites with upskirt photos, and maps that image your house from space, there is nothing personal anymore. What is next, video cameras in toilet stalls to make sure thieft is not happening?
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Using such emphatic language only makes me skeptical.
Under Sarbanes-Oxley, they should be required to inform the likely victims. Besides, if the telco has a breach of security, doesn't that also constitute a breach of contract by violating their privacy statement?
Surely there's a mom-and-pop outfit who still does things in-house.
Besides, customers with local, unmetered service don't require "processing" of local-call records, just storage of that information for law-enforcement purposes. OK, I take that back, companies may process the info for quality control and statistics-gathering purposes, and that may be done overseas, but they don't have any financial requirement to do so.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Read: infinitesimally small
Should read: infinite spam allies' mall
The Cingular spokesman who was quoted as saying that this is 'an infinitesimally small problem' has raised the small problem alert to red after he was p4wn3d by a European 15 year old identity fraudster.
YMMV
(what a nice way that would have been to end the article...)
Not all are processed through them. The second Link I got on goolgle had a nice list of all the players in the buisness listed by a former telecom employee. http://www.rense.com/general18/isr2.htmlhere is a link to the Fox News(Unfortunately) transcript/article i read if your so inclined to read it.
w00t
Until somebody gets Britney's Spears' calling list. That would be just about as good as her directory was.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
You can do the equivalent of google page ranking for people. People who make many calls or are frequently called are well connected nodes in the graph of all phonecalls. These are likely to be influential people. So if you're trying to market something, say, then these are the people to call.
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
VoIP allows anonymizer services that delete the records of the middleware proxy upon call completion, before they can be read by anyone. Callers still have to trust that the anonymizer will delete the records. But callers can also put another proxy at their endpoint, connecting to yet another endpoint somewhere else. And end-to-end public-key encryption is also available.
Will this "infinitesimal problem" explode into distrust of telcos, destroying their brands' tremendous value in "privacy"? That would really drive a lot of people into VoIP.
--
make install -not war
This is a security hole, as TFA sort of mentions in passing, that makes it easy for domestic-violence perpetrators and stalkers to victimize people...
... and what do we get from those responsible? "Infinitesimal problem."
Think maybe it's time to stop trusting these companies to regulate themselves?
The new world of no privacy anywhere is getting ridiculous.
That depends on the society you live in. It doesn't bother me, but I'm in the process of moving to a very remote place where people don't even own cars (they still exist!). This is one of the unexpected consequences of living in massively overcrowded societies. You just become a number. It's only going to get worse as long as people keep breeding like fucking rabbits.
I don't respond to AC's.
I've seen it quoted, but never seen anyone link to it. I wonder if they actually checked. I mean I would most certianly give up a password for a chocolate bar. Wouldn't be a password that would get you anywhere, but you'd easily get a password out of me for free candy. By the time you'd found out it didn't work, I'd have eaten your candy :).
Social Engineering will always be a security issue no matter how secure we get with hardware and software. Someone will always have access to all the records and keeping his mouth shut is not something computer geeks can do.
What does your Credit Report look like?
Check out these guys
http://www.datatraceusa.com/products.asp/
You can get pretty much anything related to cell phones. Expensive, but available.
AND, they're not hiding at all. They must think it's legal.
If you forget about the future, the future will forget about you.
By coincidence, today's paper had an article on the Do Not Call Registry, in which your cell phone stays on record for five years.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
flamebait?? Since when is documented fact flamebait?
Jeez....
Since your documented fact is in fact untrue. You really need to start taking your medication.
I recently got my cell phone bill and it had arrived opened and stamped by the post office as being received in this condition. Another curiosity was that my payment due date was handwritten on the outside of the envelope by someone and then badly whited out (which is why I could read it). So this was obviously opened by someone at the phone company or the company that prints the monthly billings or possibly the post office itself. I contacted the phone company and they said there was nothing for this person to gain from this information. Really?...
Republicans are jackballs...there, I said it!
Perhaps if you had offered something a little more specific than "Google for it and see for yourself", or, if the location in question had been a bit less at the center of controversy than is Israel, or both, you would have been modded differently.
Also
Your search - "israel phone records" - did not match any documents.
The word "Israel" has to be moved outside of the quotes to get any hits.
I see even classic Slashdot is now pretty much unusable on dial up anymore.
one Cingular spokesman was quoted as saying that this is 'an infinitesimally small problem'.
Right. Just get her phone records and let's see what she thinks then...
The telecom industry, selling our info for their profit?? Is anyone suprised at all by this?? My wife, who has a verizon phone, received a spam text message from verizon, asking her to upgrade her plan. We called to tell them never to do this again (or they would no longer have us as customers), and their reply was "tough luck." I wonder at what point the telecom industry will alienate their client base, to the point that people stop using their service?
Are you talking about Amdocs? If so, they don't process the phone records. They write software that does billing and processing, but the companies themselves run the software and store phone records.
Yes, world headquarters is in Israel, but U.S. headquarters (with over 1,000 employees) is in St. Louis, Missouri.
I've honestly wondered how "investigators" and skip trace businesses are able to turn info out almost instantly on anything phone related for a small fee. I used it once when I had a cell number. I got the guys real address within 24 hours of submitting my order (his cell number) for $80. How do these companies like http://www.usaskiptrace.com/ and other's pull off accessing this data?
And don't forget, it was might have been an "infinitesimally" small problem BEFORE it was posted to slashdot. :)
How do workers hook up with data brokers to sell call records?
Remember, the customer service employees in the US could be making less than $10/hr to hear customers complain all day...not because they aspire to provide the highest quality customer service, but because its the only employer left in town besides Walmart. Dont mess with CSRs unless you want them to email your automatic-payment bank account details in response to the next Nigerian scam email.
They may not even be employed by the cell phone company, but working a temp job for an outsourced customer service provider, assuming they are even in the US. How much employee or customer loyalty can be expected in such a situation? Back in the day employees of the Bell System could expect decent pay, bennnies, job security, & retirement; selling info to make a few dollars was a stupid risk to take.
Wireless company mergers = disgruntled employees + database operations. Might as well dump the records of all customers in Greenwich, CT ($$$$$$$$) to USB flash drive while merging old & new company records.
How about indirect cell phone dealers, they may have some access to the providers systems, many already do shady stuff just to make sales.
If your carrier uses the last 4 digits of your SSN for identity verification, request they change this to a password. Want any semblance of privacy, the answer is prepaid in anon name.
Outsource, cut salaries & benefits while cost of living increases, what else can be expected to happen to customer data?
In 1999, I had an account with Sprint PCS.
... them changing it the first time was definately a bad thing, though).
My company went and merged with another one, and the new company contacted Sprint, and had my personal cell phone bill redirected to them -- without my giving them permission to do so.
Needless to say, I was pissed. (It was one of many reasons that I got pissed off at the new management, and quit shortly after). And when I called up Sprint PCS to bitch, they wanted me to give them my pin, and a whole bunch of other identifying info, which to the best of my knowledge, my company didn't have... I bitched them out, and told them they changed it once without it, and they were damned well going to change it back without me giving it this time.
(I'm not sure if their willingness to change it back just from my bitching them out, without proving who I was is a good thing, or a bad thing
Build it, and they will come^Hplain.
There's no conspiracy theory so wacky Rense won't give it a favorable writeup.
-- Old Man Kensey
I do not think that word means what you think it means...
Loading...
wow dumb mods night or what? either that or an EMP fried everyones sarcasm detectors
Snowden and Manning are heroes.
this just goes on to say - security lapse can happen anywhere. and that greed is the driver everywhere.
and then uses outsourced, foreign based service reps. Great privacy.
sorry :) But that is one on-going joke I just love.
There are moments when I wish they'd sell me mine. I don't telephone to myself all that often, and so have trouble remembering it. Of course I'm quite old myself .... so maybe I should do like the Koreans.
(I thought it was old Japanese people who would sell you your telphone number so that you might telephone ..... yourself. But excuse me, I'm just confused)
How many beans make five, anyhow ?
You're right, I was. Britney was on the thoughts because of the fallout of her reported trist with Fred Durst, and as a result I mixed up my bimbos.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
At the same Slashdot posted the cellular records story I received a query to my blog (The Mobile Technology Weblog) by a reader of the AdRants Forum asking about getting spammed by sms marketing messages. In response I authored two posts, an excerpt of each is here:
here's another scenario that could drive you bonkers...imagine that your personal phone records are being sold to be mined for data...they create a "consumer profile" for you based upon the kinds of goods and services you obtain with phone calls; call Dominos, it's on your record, reserve an airline ticket by calling United's 800#, same deal.
Now imagine getting calls or text messages offering you discounts on competing services. Think it's far fetched? Pay attention to Google AdSense and how sensitive the advertisements are to the context of the pages on which they appear. Now imagine the same kind of system, only driven off the calls you made or the calls others have made to you. It's pretty ugly, isn't it?
At it's worst this could degenerate to the point that:
Out of control unsolicited messages to the consumer could render the phone a useless physical "pop-up" buzzing mindlessly in your purse or pocket, interrupting your calls, your thoughts, and your conversations to attempt to hawk goods and services that you don't want, don't need and probably will find offensive.
I think it is critical that groups such as Slashdot readers take immediate initiaive and decry this practice as loudly as possible before it's too late. We can put a stop to this but not if we're hesitant, or lazy.
As a forum that I understand is read frequently by mobile marketing minded people, I'd be very pleased if folks that read this post and have ideas, opinions or suggestions would post comments in the related topic on the blog (stats indicate we get around 2500 hits a day, a fraction of here, but the concentration of readers focused on mobile marketing is significant.
Posts referenced are HERE
and HERE
There is no "I" in B-O-R-G.
There are lots of good places to get cell phone records if you need them.