Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US (vice.com)

Posted by msmash on from the was-bound-to-happen dept.

Securus, the company which tracks nearly any phone across the US for cops with minimal oversight, has been hacked, Motherboard reported Wednesday. From the report: The hacker has provided some of the stolen data to Motherboard, including usernames and poorly secured passwords for thousands of Securus' law enforcement customers. Although it's not clear how many of these customers are using Securus's phone geolocation service, the news still signals the incredibly lax security of a company that is granting law enforcement exceptional power to surveill individuals. "Location aggregators are -- from the point of view of adversarial intelligence agencies -- one of the juiciest hacking targets imaginable," Thomas Rid, a professor of strategic studies at Johns Hopkins University, told Motherboard in an online chat.

13 of 68 comments (clear)

  1. Just assume everyone knows everything every time. by Anonymous Coward · · Score: 2, Insightful

    Is this the new working assumption we all need?

  2. What the hell by Anonymous Coward · · Score: 4, Interesting

    But this latest data breach is not the only sign that Securus is careless with sensitive information. Rid pointed Motherboard to a Securus user manual available online. One part shows a map and user interface for a Securus product, but instead of populating the screen with fake data for demonstration purposes, the guide appears to include the real name, address, and phone number of a specific woman. (Motherboard confirmed the details with those in online databases, as well as a media report that mentions the woman).
    How stunningly incompetent

  3. Couldn't happen to a nicer company.... by b0s0z0ku · · Score: 5, Insightful

    Hope he left some Cryptolocker behind after siphoning their data and jerking their pants off in public. Between charging prison inmates exorbitant rates to call their families and giving anyone who asks cell phone location data (without verifying the veracity of a warrant), Securus is a truly predatory company. The US wouldn't lose anything if they went under tomorrow.

    1. Re:Couldn't happen to a nicer company.... by ugen · · Score: 2

      If they go under tomorrow, another company will promptly take its place. It's not a specific business - it's the system and the set of laws and (corrupt) interests protecting it.

  4. Re:Am I in the list? by Actually,+I+do+RTFA · · Score: 2

    Are you in the US?

    --
    Your ad here. Ask me how!
  5. Re:Am I in the list? by SeaFox · · Score: 4, Informative

    How does someone find out if they are in the list and being watched?
    Paranoid

    The list is of Securus' law enforcement customers, not individual citizens. And there is no "list of people being watched" here. The data is already being collected on everyone, it's just a matter of if a Securus customer made any requests about you. Without more info on how one uses the service, it's hard to tell if there is a record of who was tracked.

  6. Re:Just assume everyone knows everything every tim by Tablizer · · Score: 2

    So they know about my turtle porn all the way down?

    --
    Table-ized A.I.
  7. Re:Couldn't hrappen to a nicer company.... by b0s0z0ku · · Score: 2

    why blame the poor house? it can provide a roof over decent human beings' heads. far better if the company goes under and the owners get foreclosed. maybe someone will buy it and turn it into a halfway house for people the previous owners helped railroad...

  8. Securus by jwymanm · · Score: 4, Funny

    = Security + Circus

  9. FFS, isn't enough enough already? by Rick+Schumann · · Score: 2

    Data breaches, Woody, data breaches everywhere!

    Come on people, isn't enough enough already?

    1. Companies like this 'Securus' shouldn't exist in the first place.
    2. ALL companies that handle personally identifiable/sensitive data should have properly secured systems 100% of the time, no excuses.
    3. Nobody's phone location data should be revealed unless there is a valid warrant.

    When is this bullshit going to stop? As-is, you can't connect anything to the Internet without exposing yourself to massive amounts of risk of being hacked into either by criminals or the government, you can't carry a smartphone around for the same reasons (only worse), and it's getting to the point where even your bank isn't a safe place to keep your moeny because they're getting hacked, too. What do we do about all this? What is the way forward? How do we fix this?

    Shit like this is why I don't have a smartphone, and why I pay cash for everything I buy in person: to reduce my exposure to this sort of risk. Neither I nor any one of us should have to do that.

  10. Re:Sounds like... by BlueStrat · · Score: 2

    Sounds like a violation of the 4th amendment, just with extra steps.

    "It's illegal and unconstitutional for me to do as a LEO so I'll just pay someone else to do it for me!"

    "You'll go far in US politics, Son!"

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  11. Not IF, but WHEN... by zarmanto · · Score: 2

    Security vulnerabilities are a fact of life, and most people in any kind of a technology job are aware of that. It's not if you're going to be hacked, but when, and by who. And in fact, it's not these highly publicized breaches that we really need to worry about; rather, it's the breaches that nobody ever finds out that probably keeps the security experts awake at night. So if some well-meaning script-kiddie stumbled his way into Securus, than what that really tells us, is that someone with nefarious intent has almost certainly already exploited the same weakness well prior to this. Nobody found out about that hack* for two reasons: 1) The "real" hackers covered their tracks and didn't get caught, and 2) they didn't notify the press with childlike glee of their successful hack of a highly sought after target... rather, they used the vulnerability to collect as much data as possible, and hid any strategically useful data that they discovered under a rock, to be sold to the highest bidder on the black market.

    * Mind you... "that hack" could just as easily have been "those hacks"... and we likely still wouldn't know it happened, nor how extensive the damage was, until it's too late to fix anything.

  12. Encryption backdoors by HeckRuler · · Score: 2

    Now tell me with a straight face that the FBI's suggestion to use a third-party key management system that they could go to with a warrant would be secure. Go on, let me hear it.