Slashdot Mirror

← Back to Stories (view on slashdot.org)

Verizon Technician Is Accused of Selling Customers' Call Records and Location Data To Private Investigator (ap.org)

Posted by BeauHD on from the undercover-operative dept.

A former Verizon technician who worked in Alabama is being accused of selling customers' private call records and location data to an unnamed private investigator. Authorities said the data was sold for more than four years, from 2009 to 2014. The Associated Press reports: [Daniel Eugene Traeger] logged into one Verizon computer system to gain access to customers' call records, authorities said. He used another company system known as Real Time Tool to "ping" cellphones on Verizon's network to get locations of the devices, according to the plea agreement. He then compiled the data in spreadsheets, which he sent to the private investigator for years, the court records show. "Between April 2009 and January 2014, the defendant was paid more than $10,000 in exchange for his provision of confidential customer information and cellular location data to the PL, an unauthorized third party," court records state. Though Traeger was based in the Birmingham area, the court records do not indicate whether the information that was sold involved Verizon Wireless customers in Alabama or elsewhere. He faces up to five years in prison, but prosecutors are recommending a lesser sentence since he accepted responsibility, according to terms of the plea agreement.

50 comments

  1. Once again... by WolfgangVL · · Score: 0

    Government hates competition.

    --
    You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
    1. Re:Once again... by hey! · · Score: 2

      Of course they do. The pioneering sociologist Max Weber defined the government as the group of people that enjoys a monopoly on force.

      The question is how accountable you want the people who are licensed to use force (including powers of intrusion) to be.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    2. Re:Once again... by Anonymous Coward · · Score: 0

      Well if you can't account for the unaccountable, then how shall you ever account for yourself?

    3. Re:Once again... by Anonymous Coward · · Score: 0

      First, the quote is "a monopoly of the legitimate use of physical force."

      Second, physical force has nothing to do with tracking your location and call records.

      Did you think that a random quote from someone smarter than yourself would make you seem smart even though it wasn't related to the topic at all? Surprise! It didn't.

    4. Re:Once again... by AK+Marc · · Score: 3, Interesting

      I had a friend in the FBI. I asked her to look me up. She said it was a crime to look up someone that isn't under investigation (even yourself). So nobody ever does. Every lookup must be linked to a case, and the case manager will see the request. You *will* be caught, fired, and possibly prosecuted for looking up information you don't have reason to. Such a scheme should be used where customer data is used. Including the private sector.

      --
      Learn to love Alaska
    5. Re:Once again... by Anonymous Coward · · Score: 1

      The quote was certainly related to the mention of competition with government, and your sad attempt to make yourself feel smarter by dissing someone else, probably does, but that speaks not to the merits of that someone else. Sucks to be you still.

    6. Re:Once again... by Hognoxious · · Score: 1

      Second, physical force has nothing to do with tracking your location and call records.

      Of course it does. How can you beat people up if you don't know where they are?

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    7. Re:Once again... by WolfgangVL · · Score: 0

      Wow. Tool.

      You will know when I'm trying to (sic) "quote from someone smarter than yourself", because that's when I will use "italics and/or bold font in quotation marks"

      We are not discussing "physical force" See how I used the quotes there, tool? Its not in bold or italic because I'm not actually quoting your stupid ass, but instead I've just called attention to a phrase that is being discussed. I've still not quoted somebody "smarter than me"

      Since we are learning the difference between a statement and a quotation, I have one for you, from somebody likely way smarter than me, and its even got your name in it!

      "A coward is much more exposed to quarrels than a man of spirit." - Thomas Jefferson

      Do I think it makes me feels smart? Nope. You know what does make me feel smart? You.

      --
      You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
  2. Now I know by invictusvoyd · · Score: 1

    Why Richard Stallman refuses to use a phone i.e. surveillance device .

    1. Re:Now I know by Anonymous Coward · · Score: 0

      Which is why the fear around privacy on phones and computers is almost always ignorant attempts to direct people at solutions of security theater. Even if you run fully open source software that you understand all of it and have vetted atop fully open source hardware and firmware that you also understand and vet to make sure it is secure and not exploitable with no possiblity of backdoors you are still going to be using it on a public network that can track you and intercept your data.

      People understand that going to all that effort is not only infeasible but largely pointless because it is completely undermined in the end anyway. If you value security and privacy rather than just an ignorant false sense of it then you do need to live like RMS.

    2. Re:Now I know by AK+Marc · · Score: 1

      If you didn't write the compiler yourself, you can't be confident in the executable, even with the source code of the executable.

      --
      Learn to love Alaska
    3. Re:Now I know by Anonymous Coward · · Score: 0

      No, the code could be perfectly reviewed, and you're still compromised. If you didn't cast the silicon die of the chips yourself, and supervise the firmware uploads, you can't be safe either.

  3. Along with the PI? by Anonymous Coward · · Score: 0

    Surely he deserves to be in there with the Verizon tech.

  4. Not true by rsilvergun · · Score: 3, Insightful

    Govt has no such monopoly. You have every right to self defense. Govt monopolizes the rule of law. Otherwise you get lynch mobs and witch hunts.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  5. Why is this illegal? by BitterOak · · Score: 1

    He faces up to five years in prison, but prosecutors are recommending a lesser sentence since he accepted responsibility, according to terms of the plea agreement.

    I thought the U.S. had a third party consent doctrine, whereby no warrant is needed if your data is stored with a third party, in this case, Verizon. So, I don't understand what they're being charged with in this case.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:Why is this illegal? by Narcocide · · Score: 1

      I assume the issue is that the employee was acting on their own, in violation of Verizon's terms of service. It would have been perfectly legal if they'd been selling the data to advertising partners instead, who would have absolutely no restrictions on who they then re-sell the data to. Honestly this P.I. is an idiot and threw someone in the line of fire for really no reason other than perhaps convenience.

    2. Re:Why is this illegal? by Anonymous Coward · · Score: 0

      For Verizion it comes down to 'it depends'.

      It depends on which provision of FCC regs the company he is in working in.

      But yeah selling private data pretty much in any form will probably get you fired from that company.

      If he works in the landline division to get at that data 'you need a warrant'. If it is in wireless maybe as it is also considered an ISP.

    3. Re:Why is this illegal? by Anonymous Coward · · Score: 0

      In a broad reading, the third-party consent doctrine would apply but the Stored Communications Act (SCA) was created specifically to address this:

      Section 2701 (18 U.S.C. 2701) of the SCA provides criminal penalties for anyone who "intentionally accesses without authorization a facility through which an electronic communication service is provided or intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished ... ."

      So as someone above pointed out, the government can do it but you can't. Government hates competition.

    4. Re:Why is this illegal? by LeftCoastThinker · · Score: 1

      He faces up to five years in prison, but prosecutors are recommending a lesser sentence since he accepted responsibility, according to terms of the plea agreement.

      I thought the U.S. had a third party consent doctrine, whereby no warrant is needed if your data is stored with a third party, in this case, Verizon. So, I don't understand what they're being charged with in this case.

      This. I would think that at worst he would be guilty of breach of contract, exposing him to civil penalty, but I'm not sure what they can charge him for, unless it was something along the lines of hacking (i.e. gaining access to computers that he was not authorized to) or corporate espionage.

      --
      If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
    5. Re:Why is this illegal? by Anonymous Coward · · Score: 0

      If you read the article, he is being charged with unauthorized use of a computer system. Basically one of the same laws hackers are charged with. It's a poorly written law that is too broad. What this person did probably should be illegal, but he was authorized to use the system, just not for this purpose.

    6. Re:Why is this illegal? by AHuxley · · Score: 1

      Depends on who asked for the data.
      e.g. MAINWAY https://en.wikipedia.org/wiki/...
      or other telephone company efforts like Hemisphere https://en.wikipedia.org/wiki/...

      --
      Domestic spying is now "Benign Information Gathering"
    7. Re:Why is this illegal? by Anonymous Coward · · Score: 0

      You would be making sense if Verizon the company authorized and profited from this, while not informing the customers, even in the ferengi print. Not that I've even read the summary, but I'll take a WAG and assume that wasn't the case here. Thanks for not paying attention.

  6. a drop by Anonymous Coward · · Score: 0

    a drop in the bucket for sure, but good to see somebody getting caught.

  7. Bad Security by avandesande · · Score: 2

    Technician should only have access to this information for accounts that were assigned to him.

    --
    love is just extroverted narcissism
    1. Re:Bad Security by rhazz · · Score: 1

      Someone has to have the authority to assign that access.

    2. Re:Bad Security by avandesande · · Score: 1

      Yeah, it would be the person writing the ticket. Technicians don't answer the phone....

      --
      love is just extroverted narcissism
    3. Re:Bad Security by Anonymous Coward · · Score: 0

      Technician should only have access to this information for accounts that were assigned to him.

      Nice idea, but not applicable in this case given the description of the systems named in the article and what I know.....

      It sounds like this guy was a switching center tech or cell site tech; accessing those systems would be reasonable for those job roles. Those techs have access to those systems for purposes of troubleshooting customer service complaints and benchmarking the network.

    4. Re:Bad Security by avandesande · · Score: 1

      Yes, that's why he should only have access to a customer that was assigned to him. When somebody calls for help the helpline creates a trouble ticket and when it is assigned to the tech, the system gives them access to that customer. Why would you need to check on somebodies number at random?

      Benchmarking? that should be automated.

      --
      love is just extroverted narcissism
  8. That's why Verizon + Yahoo is "synergistic" by Anonymous Coward · · Score: 0

    They have common IT security practices.

    1. Re:That's why Verizon + Yahoo is "synergistic" by luis_a_espinal · · Score: 1

      They have common IT security practices.

      Like Passw0rd as the general password for all accounts with sudo access? :)

    2. Re:That's why Verizon + Yahoo is "synergistic" by Anonymous Coward · · Score: 0

      Damn, now I have to change my password.

    3. Re:That's why Verizon + Yahoo is "synergistic" by Anonymous Coward · · Score: 0

      I suggest 1 2 3 4.

    4. Re:That's why Verizon + Yahoo is "synergistic" by nitehawk214 · · Score: 1

      1 2 3 4 5 is a better password. I use it on my luggage.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    5. Re:That's why Verizon + Yahoo is "synergistic" by Anonymous Coward · · Score: 0

      Nah... Left lock vertical, right lock vertical. Locks horizontal together, and then vertical together. If not done in this sequence, stand back and then it's splattered TSA Agent throughout the Terminal.
      They weren't going to let you take those fifty Gold Sovereigns and the Beretta through anyway...

  9. One down.... by gatfirls · · Score: 2

    If you think this is an isolated issue you are sorely mistaken. I'll bet this is a mainstay for PI's around the country. Especially since it took 4 years to catch him. My guess without details is that he got caught when he started using the Location system since that's not something anyone besides SysTechs and LEO would need.

    1. Re:One down.... by Anonymous Coward · · Score: 0

      It didn't take 4 years to catch him. They could've caught him the first time he sold data to the PI. They didn't. They were looking for bigger fish. It took them 4 years to decide they'd netted all they had reason to expect they could.
      E.G. they expected to find a huge network of technicians selling data, or collusion at the board level, and it didn't happen.

  10. i hope he goes to prison by Anonymous Coward · · Score: 0

    and gets beaten to a bloody mess, and then sodomized by a gang of homosexuals

    1. Re:i hope he goes to prison by MooseTick · · Score: 1

      "and then sodomized by a gang of homosexuals"

      As opposed to being sodomized by a gang of heterosexuals?

      Why do most people accept that once in prison, you will likely be raped? And few if any are concerned that that is tantamount to physical and psychological torture.

      --
      Ninjas don't carry tic tacs
  11. Non Psy-Op Translation... by Anonymous Coward · · Score: 0

    He used another company system known as Real Time Tool to "ping" cellphones on Verizon's network to get locations of the devices, according to the plea agreement.

    It seems like the days of demonizing font colors and backgrounds and /bin/ping aren't quite behind us. If they were the sentence might have been constructed more along the lines of-

    "He used another company system known as Real Time Tool to get locations of devices on Verizon's network, according to the plea agreement."

    Unfortunately, it seems the powers that be want people to be as afraid of college kids who experiment with /bin/ping as they were of those who experimented with Cannabis 50 years ago. Sure, maybe ping and/or Cannabis might be part of some evil criminal act. But they aren't the right parts of that evil criminal act to be focusing on. Unless of course your agenda is to keep the masses from being empowered with knowlege of how ping and Cannabis are not in fact conduits to satan, but in fact very beneficial in a vast variety of use cases, with very little risk of causing great harm, or even being the technically critical factors in some complex great harm.

  12. Fair is fair... by Anonymous Coward · · Score: 0

    have him wear a tracker for a few years after prison...with all telemetry data available to all the people he sold up the river.

    That way, he can run around scared wondering if today is the day hes going to get punched in the face......Jay and Silent Bob Strike Back style.....

  13. This is BS by Anonymous Coward · · Score: 0

    He faces up to five years in prison, but prosecutors are recommending a lesser sentence since he accepted responsibility, according to terms of the plea agreement.

    He admits to doing the crime, he should have to do the time. Otherwise there is no incentive for other Verizon employees not to follow in his footsteps. The article mentions his accomplice only as an "unnamed private investigator" which tells me that the convicted scumbag (he plead guilty) is not cooperating with authorities. This PI needs to be placed in the cell next to this guy so they can stare at each other through the bars.

  14. Cloud by fluffernutter · · Score: 2

    This is an example of why the cloud is bad. Even if companies are trustworthy, can that be said of every single employee in contact with your data?

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    1. Re:Cloud by Anonymous Coward · · Score: 0

      Generally cloud services store the data encrypted in a way that employees cannot access it. This was *not* a cloud system, it was the mobile operator's database of call records used for billing, statistics and debugging and therefore the operator's own data that their technicians require some form of access to, and a tool used to interrogate the current status of their network. No cloud involved.

    2. Re:Cloud by Anonymous Coward · · Score: 0

      Generally cloud services store the data encrypted in a way that employees cannot access it.

      You meant to type, "In a way that only senior employees can access it."

      If it's a cloud service (with the excepiton of a few foreign services and smaller services that have from time to time got shut down), law enforcement has a means to access the data. Even if you trust due process, you have little reason to trust the senior administrators who implement and manage the processes for accessing client data.

    3. Re:Cloud by Anonymous Coward · · Score: 0

      this literally has nothing to do with the cloud: data exists about customers any time someone does business with anyone else (except perhaps buying a bagel from a street vendor with cash). Any time a company holds data (which they absolutely all do, and have for decades) its available for abuse because its all in one place and not everyone in contact with it can be trusted.

      The cloud model is at least challenging us to rethink user-level activities and enhance federation and auditing (something that can and should be done in private systems too).

  15. This is news? by ErikTheRed · · Score: 1

    Anyone who thinks this doesn't happen a few hundred times a day with every telecom carrier you can think of is a bit out of touch. And it's hardly worrying next to the people paying off NSA analysts, contractors, and interns...

    --

    Help save the critically endangered Blue Iguana
  16. It's in the article by rsilvergun · · Score: 1

    "Shortly after the charges were filed last week, Traeger pleaded guilty to a felony count of unauthorized access to a protected computer"

    So yeah, those over broad hacking laws. Kinda sad to see 'em used for something I agree with.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  17. Money Talks by nehumanuscrede · · Score: 2

    Everyone has a price.

    Low paid call center employees just have a lower one.

    You companies who seek to get the cheapest labor you can find would do well to remember this.

    "I wonder how this open AP got connected to the corporate network ? "

    Ea$y An$wer. . . . .

  18. This data should probably not have existed by Anonymous Coward · · Score: 0

    This is why these records should not be kept any longer than is necessary for technical and billing purposes. Of course, it also needs to be guarded properly while it is needed.