Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Businesses

Cell Phone Records for Sale 124

tabdelgawad writes "The Washington Post has a good writeup on how 'data brokers' use various techniques to obtain cell phone records of individuals then offer them for sale to anyone who will pay. The data is obtained by either bribing phone company employees, or 'pretexting', or accessing unregistered customer accounts online. Although phone companies are the only source of this information (unlike, say SSNs which are available from many sources), one Cingular spokesman was quoted as saying that this is 'an infinitesimally small problem'."
This discussion has been archived. No new comments can be posted.

Cell Phone Records for Sale

Comments Filter:
  • by Anonymous Coward on Friday July 08, 2005 @05:41PM (#13017447)
    Those are like mini-vinyl discs that you can plug into your phone for ringer tunes, right? I bet DJs will love them!
  • "Infinitesimally" (Score:5, Insightful)

    by kihjin ( 866070 ) on Friday July 08, 2005 @05:45PM (#13017470)
    This is basically a candied way of saying "there's only a few ways they can do it, so don't worry about it."

    Wrong. Compromise is as easy as one... that's right, one point of failure.

    It's still a vulnerability.
    • by blixel ( 158224 )
      one Cingular spokesman was quoted as saying that this is 'an infinitesimally small problem'.

      Sounds to me more like they are saying the problems of individual persons are of infinitesimally small importance. If it happens to a lot of people, then - maybe - we'll care.
  • net 10 (Score:5, Interesting)

    by Lehk228 ( 705449 ) on Friday July 08, 2005 @05:47PM (#13017479) Journal
    i signed up with net 10 and i never even gave them my name, just pick up the phone at walmart, go online or call from a payphone to actiuvate it. wait 30 minutes to 1 day (varies) and it's active. i can buy refill cards with cash and activate them by phone or internet, all without giving out so much as my name. though it's a bit more expensive than standard cell plans at .10/min and .03/outgoin SMS they give me free incoming sms (Verizon are whores, they give everyone free outgoing sms and charge for incoming sms so you cann't control your spending)

    Net 10 runs on the tracphone/cingular GSM network and has a nice quick voicemail system (verison i swear took me over 30 seconds to even start hearing voicemail)

    no affiliation just a happy customer
    verizon sucks
    • I have started getting telemarketing calls on my phone number I have had for 10 years. The key is, every bit of data is available, from small things to classified stuff. As long as people are involved, there can always be leaks.
      In my opinion, the problem is that for the crimes there is little penalty. And little enforcability. Yes we live in a global economy, but also a global criminal economy, so enforcement is difficult.
      But take the good with the bad- sure there is identity theft, but we also get to see
    • I guess Net10 doesn't want to sell service to us Iowa privacy types. Their map says they cover us, but the zip code says they don't.
    • ...charge for incoming sms...

      I can not for the life of me understand how ANYBODY could buy into a system where you pay to recieve calls. What are you thinking? For that reason alone, I will not own a cel phone in countries that use a system like that. It's utterly insane. Same goes for the area code thing. The cel phone industry totally screwed that up...with all of our help. UGH! Maybe the telemarketing problem will get all of you to demand that the system gets fixed.
      • I can not for the life of me understand how ANYBODY could buy into a system where you pay to recieve calls. What are you thinking?

        You do not have to ANSWER your phone just because it rings. If I don't recognize the caller-id, off to voice-mail they go. Plus, it is a crime (felony?) for telemarketers to call cell-phones in the USA.
    • Re:net 10 (Score:1, Flamebait)

      Is it totally anonymous? If so, how long before this sort of service is outlawed? Disposable mobile phones that aren't attached to anyone's personal information sound like they'd be superb for terrorists. I hate acting like the alarmist, hypersensitive newsmedia, but it's true. A communications device which cannot be traced back to a person and can also be used as a very handy little detonator...
      • Re:net 10 (Score:2, Insightful)

        by Lehk228 ( 705449 )
        well net10 is a tracphone service, and tracphone is a favorite for terrorists and subversives alike o.O


        it is as anonymous as the security tapes when you buy the phone at wally world and the payphone/internet provider you refill on.

        no point in banning them as a stolen cell phone could recieve calls long enough before being reported and locked to be used as a detonator, and 5 mile GMRS radios are untraced and can be used as better detonators due to cell network jamming of critican national security areas
        • when you buy one of theese phones is it recorded which one was bought when/where so they can look at when a particular one was bought and correlate with security tapes.


        • Um, if I were inclined to use a cell phone as a detonator, I'd want to make sure that nobody was going to call the cellphone, except me.

          A stolen cellphone would make this rather difficult. There'd be a fair chance that you'd get a call at a rather inopportune moment, from someone trying to call the phone's real owner.
          • Don't say that too loudly. The telemarking companies will use it as a reason to get permission to start calling cell phones whenever they want to.
          • There'd be a fair chance that you'd get a call at a rather inopportune moment...

            Are they that stupid? I don't think so. Presumably they just set a silent alarm for a minute before t=0 and keep the phone switched off while they set us up the bomb.

            Cell networks are introducing transceivers to the underground so that commuters can annoy each other in tunnels too. Of course, a stolen phone's timed alarm could detonate a bomb, so I suppose security is little worse.

        • wow dumb mods night or what? either that or an EMP fried everyones sarcasm detectors
      • "A communications device which cannot be traced back to a person and can also be used as a very handy little detonator..."

        Your wrong, Humorously_Inept. I've investigated the remains of remote detonated bombs, and usually there is little if nothing left.

        You wouldn't be able to tell if what detonated the bomb was a verizon phone, cingular phone, or some sort of self-built device. There's usually nothing left at all of the bomb or any of its components.

        Your point would be valid if you could actually find th
        • they could possiblly call all the local cell networks and ask them what cellphones were active in the area at the time though.

          you could also ask them to look for a phone that was contacted at the time of the blast and then immediately dissapeared from the system. that would be a pretty big clue wouldn't it?
      • Re:net 10 (Score:4, Insightful)

        by Fulcrum of Evil ( 560260 ) on Friday July 08, 2005 @08:14PM (#13018253)

        Disposable mobile phones that aren't attached to anyone's personal information sound like they'd be superb for terrorists. I hate acting like the alarmist, hypersensitive newsmedia, but it's true. A communications device which cannot be traced back to a person and can also be used as a very handy little detonator...

        So what? Who gives a damn what is useful to terrorists? I don't - spazzing out over what terrorists could do is the most batshit crazy thing you could do. While you're banning things left and right, making a mockery of the USA, all those bad guys are running around totally unfettered. I'd rather have one city a month bombed, just like london, than deal with the TSA and the homeland security bullshit.

      • Re: (Score:3, Interesting)

        Comment removed based on user account deletion
    • Enjoy it while it lasts. Anonymous telecommunications will be eliminated and/or criminalized in the future. The Feds will insist that they need a way to quickly and easily tap all of your communications.
    • (Verizon are whores, they give everyone free outgoing sms and charge for incoming sms so you cann't control your spending)

      I call bullshit! I am a (less than happy, but still satisfied for the price as my company gets me a pretty decent discount) Verizon customer. Verizon currently charges .10 US$ for outgoing and .02 US$ for incoming text. On Aug. 1st, the cost goes to .10 US$ for both.

      Verizon also offers quote unquote "unlimited" texting options at $5/mo, $10/mo, and one other price point ($20/mo?

      • I was using the old free-up service and i understand that the new prepaid service is the same way, the monthly contracts are different
    • I hate Verizon too, but they charge for both incoming and outgoing SMS on most plans - usually 4 and 10 cents respectively.
  • define:pretexting (Score:5, Informative)

    by carambola5 ( 456983 ) on Friday July 08, 2005 @05:48PM (#13017485) Homepage
    Calling the cell company and pretending to be the owner of the account. Since SSNs are apparently easy to acquire, access via pretexting should not be all that difficult. Of course, it is illegal.
    • When you register online with a certain cell phone company I use, they text message a temporary password to your mobile phone to use to log in with before you can verify your personal info and start "managing". Seems like a good way to prevent "pretexting".

      However, any slashdotters know how to intercept mobile phone text messages? Curious because if it was up to me, phone companies or banks would allow customers to completely opt-out of online management of their accounts, thereby negating the possibil
    • Pretexting is what private investigators call it. Other groups would be more likely to call it social engineering or conning (as in con man).
    • Ah, you mean "Identity Theft", or as we used to call it back in the day: "FRAUD".

      With all these new words for things that happen "on mobile phones" and "on the internet", its a wonder we got along at all without them ...
  • by Nf1nk ( 443791 ) <nf1nk.yahoo@com> on Friday July 08, 2005 @05:49PM (#13017490) Homepage
    It is a tiny problem for them, because it hasn't started to cost them money. They could give half a crap if my info was sold to anyone, it doesn't effect them at all.
    There is quite a bit that could be done with this data, from it you can build social webs, For example Bob bought a brand new *foo* Brad is his friend, so perhap we can intrest Brad in a loan to also purchase a *foo*.
    I am sure there are dozens of other things that could be found from this info.
    I say make the company who releases my personal information pay me a hefty chunk of change, and it will stop being a tiny problem for them.
  • Only Source? (Score:1, Insightful)

    by Anonymous Coward
    If phone companies are the only source, but are selling these records, they won't be the only source for very long, so won't it become a much larger problem pretty quickly?
  • by Space cowboy ( 13680 ) * on Friday July 08, 2005 @05:49PM (#13017494) Journal

    Yes, for them, it is. Let's make it not so.

    It's about time that companies were brought to book for being criminally stupid (not used in the legal sense, although I'd guess it's a grey area...)

    Simon.
  • by suitepotato ( 863945 ) on Friday July 08, 2005 @05:51PM (#13017508)
    In certain circles, it is far from unknown that with a little grease to the palm and massage of the ego that you can get the weakest link in IT security, the human personnel, to compromise security and integrity of databases. It's been done for many years. Should it really surprise us that it happens with cell companies full of people who figure themselves underpaid for the work they do and having no real loyalties?

    People who purposely reveal any customer personal account information should be punished for it, and given what incentives they need to testify against those who put them to it, and those who did made examples of. We know it's been done for years in IT, we certainly don't need it to spread in the cell world. A solid shout of intolerance for this from the public is needed.

    Typically, this means that some politicians will make much, do little on topic, and load it with pork and rights abuses. So I'm not holding my breath.

    At the telecom place I work, even without strict rules in place, I have always practiced a challenge based system to get information that the real customer should know about their company account off the top of their head. Until we have two-part authentication, it's the best I can do. Too bad so many others see no problem in farking over other people.
  • I've been getting "chocolate bar" spam ever since news came out that almost three quarters of office workers in an impromptu man-on-the-street survey were willing to give up their passwords when offered the bribe of a chocolate bar. [securitypipeline.com]. The spam claims to provide 10 pounds of Hershey's chocolate in exchange for who knows what.
  • by John Seminal ( 698722 ) on Friday July 08, 2005 @06:00PM (#13017564) Journal
    What is the proper laws that should be passed?

    Is the cell phone company guilty for releasing your call history? What was on your cell phone history for last month? Did you call your psychiatrist to reschedule? Did you call an aborition clinic? Did you call your mistress? And do you want anyone knowing this information.

    What I can't figure out is, how does a firm keep updating the call history?

    Or should the laws punish the people who steal the data? For example, if a private investigator obtains your phone history, should that PI go to jail?

    The new world of no privacy anywhere is getting ridiculous. Between having all your private information made public, having cell phones with cameras, websites with upskirt photos, and maps that image your house from space, there is nothing personal anymore. What is next, video cameras in toilet stalls to make sure thieft is not happening?

    • The new world of no privacy anywhere is getting ridiculous.

      That depends on the society you live in. It doesn't bother me, but I'm in the process of moving to a very remote place where people don't even own cars (they still exist!). This is one of the unexpected consequences of living in massively overcrowded societies. You just become a number. It's only going to get worse as long as people keep breeding like fucking rabbits.
  • Using such emphatic language only makes me skeptical.

    Under Sarbanes-Oxley, they should be required to inform the likely victims. Besides, if the telco has a breach of security, doesn't that also constitute a breach of contract by violating their privacy statement?
  • Read: infinitesimally small
    Should read: infinite spam allies' mall
  • by Anonymous Coward
    (what a nice way that would have been to end the article...)
  • one Cingular spokesman was quoted as saying that this is 'an infinitesimally small problem

    Until somebody gets Britney's Spears' calling list. That would be just about as good as her directory was.

  • by exp(pi*sqrt(163)) ( 613870 ) on Friday July 08, 2005 @06:09PM (#13017634) Journal
    You can do the equivalent of google page ranking for people. People who make many calls or are frequently called are well connected nodes in the graph of all phonecalls. These are likely to be influential people. So if you're trying to market something, say, then these are the people to call.
  • Wake Up Call (Score:3, Interesting)

    by Doc Ruby ( 173196 ) on Friday July 08, 2005 @06:14PM (#13017660) Homepage Journal
    VoIP allows anonymizer services that delete the records of the middleware proxy upon call completion, before they can be read by anyone. Callers still have to trust that the anonymizer will delete the records. But callers can also put another proxy at their endpoint, connecting to yet another endpoint somewhere else. And end-to-end public-key encryption is also available.

    Will this "infinitesimal problem" explode into distrust of telcos, destroying their brands' tremendous value in "privacy"? That would really drive a lot of people into VoIP.
  • This is a security hole, as TFA sort of mentions in passing, that makes it easy for domestic-violence perpetrators and stalkers to victimize people...

    ... and what do we get from those responsible? "Infinitesimal problem."

    Think maybe it's time to stop trusting these companies to regulate themselves?

    • And who, pray tell, would you rather have regulating those companies? The government?
    • We don't trust companies to regulate themselves. That is why conservatives want to kill all the lawyers. They are the only ones that will protect us from the usurpers of power, Dick and Cade. The lawyers and compentent judges have done too well a job ensuring the rights of the American People.
  • Social Engineering (Score:2, Insightful)

    by Jeet81 ( 613099 )
    Social Engineering will always be a security issue no matter how secure we get with hardware and software. Someone will always have access to all the records and keeping his mouth shut is not something computer geeks can do.
    • by Anonymous Coward
      "Someone will always have access to all the records"

      You lost me there. Encryption and one-way hashes can protect database access from ANYONE who is not authorized to view it.

      But nobody wants to do this because (A) it's extra work (B) the government wants the ability to snoop on you, and they have the power to make the telcos obey.
  • by AnalogDiehard ( 199128 ) on Friday July 08, 2005 @06:33PM (#13017763)
    By coincidence, today's paper had an article on the Do Not Call Registry [donotcall.gov], in which your cell phone stays on record for five years.
  • I recently got my cell phone bill and it had arrived opened and stamped by the post office as being received in this condition. Another curiosity was that my payment due date was handwritten on the outside of the envelope by someone and then badly whited out (which is why I could read it). So this was obviously opened by someone at the phone company or the company that prints the monthly billings or possibly the post office itself. I contacted the phone company and they said there was nothing for this perso
  • The telecom industry, selling our info for their profit?? Is anyone suprised at all by this?? My wife, who has a verizon phone, received a spam text message from verizon, asking her to upgrade her plan. We called to tell them never to do this again (or they would no longer have us as customers), and their reply was "tough luck." I wonder at what point the telecom industry will alienate their client base, to the point that people stop using their service?
    • We called to tell them never to do this again (or they would no longer have us as customers), and their reply was "tough luck." I wonder at what point the telecom industry will alienate their client base, to the point that people stop using their service?

      1) People won't completely stop using cell phones.

      2) It's a hassle to switch carriers, because you've signed up with at least a 1-year contract (possibly more), you'll have to buy a new phone from the new company, and you'll have to get a new phone numbe
    • I have said it before. Verizon has wonderful phone service. But heaven help you if you ever have to deal with their customer service people. They are rude, assinine, and don't give a rat's behind what your problem is. The customer is always wrong and unimportant is their company motto. Of course this is just from my personal experience with them.
  • by oneiros27 ( 46144 ) on Friday July 08, 2005 @07:48PM (#13018143) Homepage
    In 1999, I had an account with Sprint PCS.

    My company went and merged with another one, and the new company contacted Sprint, and had my personal cell phone bill redirected to them -- without my giving them permission to do so.

    Needless to say, I was pissed. (It was one of many reasons that I got pissed off at the new management, and quit shortly after). And when I called up Sprint PCS to bitch, they wanted me to give them my pin, and a whole bunch of other identifying info, which to the best of my knowledge, my company didn't have... I bitched them out, and told them they changed it once without it, and they were damned well going to change it back without me giving it this time.

    (I'm not sure if their willingness to change it back just from my bitching them out, without proving who I was is a good thing, or a bad thing ... them changing it the first time was definately a bad thing, though).
  • by Assmasher ( 456699 ) on Friday July 08, 2005 @09:17PM (#13018512) Journal
    I do not think that word means what you think it means...

"Pull the trigger and you're garbage." -- Lady Blue

Working...