Vodafone Australia Employee Searched Journalist's Phone Records To Find Source 65
An anonymous reader writes: In 2011, a journalist named Natalie O'Brien published a series of stories on security problems in Vodafone's Siebel data system. "Customers' home addresses, driver's licenses and credit card details were all available online, O'Brien wrote, and criminal groups were paying for customers' private information." Now, Vodafone Australia has admitted that an employee went through her phone and text records to try and figure out who her sources were within the company. O'Brien wrote, "The invasion of privacy is devastating. It plays with your mind. What was in those texts? Who were they to? What did they see? What did they do with the information?" Despite the admission, Vodafone has denied that it engaged in improper behavior (PDF). The company says it found no evidence the employee was directed to do so by management. That said, leaked emails show management became aware of the privacy breach and its potential repercussions as early as 2012.
"Just a totally rogue employee, not us" (Score:1, Insightful)
....says the CIA every time one of their agents is caught plotting an assassination, government overthrow, or arranging to help the rebels sell drugs for guns.
Re:"Just a totally rogue employee, not us" (Score:5, Funny)
If any member of your team is caught or killed, Vodafone will disavow all knowledge of your actions.
This tape will self destruct in five minutes, mate.
Re:"Just a totally rogue employee, not us" (Score:4, Funny)
Atleast the mission impossible agents were given a choice, "Your mission, if you choose to accept it".
Vodafone's tape starts out as "Your mission, which is a core item of your monthly performance review".
Re: "Just a totally rogue employee, not us" (Score:1)
"your business is important to us, please stay on the line and the next available spy we be availabile as soon as possible"
You laugh but Costas Tsalikidis was found hanged (Score:5, Insightful)
Funny, except for a few things:
Vodafone have been revealed to be the major company helping GCHQ spy on its own people and allies.
Vodafone was the mobile network that spied on Greece ministers during the Olympics.
Costas Tsalikidis, their engineer was found dead (hanged) when the bugging was discovered.
http://spectrum.ieee.org/telecom/security/the-athens-affair
So yeh ha ha ha +5 funny.
Re: (Score:3)
Canadian version:
If any member of your team is caught or killed, Bell Canada will disavow all knowledge of your actions.
This tape will self destruct in five seconds, eh?
Re: (Score:2)
Re: (Score:2)
I would have gone with Rogers.
Re: (Score:1)
Nah, the CIA doesn't even acknowledge that they're an employee at all. They just let them take the fall as a "tourist" or "hiker." As in "tourist caught hiking in Iran with a satellite phone, $50,000 in cash, and several radios and guns in his backpack--U.S. government says he's an innocent student who just crossed the border by mistake."
Re: (Score:2)
With vanishingly few exceptions, spies never carry guns. It's an automatic admission of guilt.
Re: (Score:1, Funny)
Ah, the victim was female. Time to fire up the media outrage machine. Let's call it what it really was: a digital rape.
OMG you triggered me with the word 'digital', you heartless CIS-male hetero-normative bastard.
Re: (Score:1)
Re: (Score:2)
"It" is one of my trigger words. Check your privilege.
Nii.
Re:Victims (Score:4, Informative)
In Australia, legally speaking "digital rape" refers to the use of fingers to sexually penetrate someone without consent. Calling this "digital rape" wouldn't fly in court, since it's a legal term with an established meaning.
Re: (Score:2)
You have no rights at all when it comes to business.
Keep believing that and it will come true.
Re: (Score:2)
You have no rights at all when it comes to business.
Keep believing that and it will come true.
It's not a matter of belief. It is a readily observable fact.
Way to take the initiative (Score:5, Insightful)
So... some guy in the data-center just take it upon himself to go look up the info on some journalist, ‘cause you know that’s what IT guys do all day long, look up stuff on people with no direction.
So glad they have this in place, seems to be doing a bang up job. I can totally see how some low level employee would totally disregard this to dig up dirt on a Journalist and her accomplices. Because, you know, there’s so much in it for the low level employee.
Re: (Score:2)
See, that's the great thing about being a corporation ... no actual liability.
Your staff does something shady? Well, you can fire them and say "the person responsible has been sacked".
Your management tells your staff to do something shady? Well, you can pretend like it was a rogue employee and deny all responsibility.
As you say, I find it exceedingly difficult to believe some tech guy just decided to do this on his own. I don't believe that at all.
Re:Over the top (Score:5, Insightful)
Precisely how would she remove records stored in the carriers data centre?
Re: (Score:1)
If you're writing a story about problems with Vodaphone data security, even ignoring possible retaliation from the company, why would you want to store sensitive data with the very company you're writing about? Seems a bit "duh" to me.
You know what can't get remotely read? Notes in a paper notebook.
Re: (Score:2)
They searched her call history genius. How is she going to make phone calls using a paper notebook?
Re: (Score:2)
She could choose another wireless company?
Re: (Score:1)
She could choose another wireless company?
Note, Vodacom (sorry, I mean its fall guy employee) did it "to try and figure out who her sources were within the company". Vodacom probably assumed the deep throat would be dumb enough to use his company phone, and can track incoming and outgoing calls from its network.
Re: (Score:2)
Who said she used her Vodafone account to contact her source? The article says that the company searched, not that they found the information they sought.
Re: (Score:2)
This is a very good argument for not using text messaging and sending everything even remotely interesting via encrypted email, and having everything sent via Email encrypted; if only interesting emails are encrypted, then bad actors will know which emails are of interest.
Re: (Score:2, Insightful)
I think she is simply making the most out of the situation for her own gain.
Step 1: Deny. Deny. Deny.
Step 2: Blame the victim.
Re: (Score:1)
Turn in your geek card because you're not worth your name.
"Second, why didn't she protect her data (or remove it) prior to releasing the story."
Yup, let's see her wipe data stored in a database she doesn't control.
You're not fit to have UNIX in your name.
Sounds reasonable to me (Score:3)
Now, Vodafone Australia has admitted that an employee went through her phone and text records to try and figure out who her sources were within the company. . . . Despite the admission, Vodafone has denied that it engaged in improper behavior (PDF). The company says it found no evidence the employee was directed to do so by management.
Oh. Well, as long as it was some IT vigilante whose love for Vodafone just got the better of him. Sounds fine to me!
Probably just some sweet, over-dedicated mook who took the workplace banner [flickr.com] too seriously. Definitely not any of the top brass directing this to happen.
Not directed by management (Score:4, Insightful)
Alright people, listen up! We have a spy in our ranks. We're not ordering or even asking anyone to search for the spy, but if one of you should happen to stumble into any bit of information about this, please keep in mind that we do offer a huge bonus.
Mission Possible (Score:2)
Comment removed (Score:5, Interesting)
Re: (Score:2)
Indeed. She should have been gone, gone, gone when she tried logging on as the backup administrator, since she had no authority to use that account.
Re: (Score:1)
Re: (Score:1)
A perfect example (Score:5, Insightful)
This case is a perfect example of why this sort of data should be encrypted on the device and in no way accessible to anyone except the owner. Because if there is a backdoor to this data, whether protected by "procedure" or a escrowed key, it /will/ be abused. If it is not the government abusing this privilege, then it will be by a corporation, or by an individual with a personal grudge, or by criminal elements (or even worse, by marketing departments!). It doesn't matter what sort of "controls" you put on those back-doors, ultimately they will be ignored and abused. The number of people who get "hacked" in this way may be low, but even one is too many.
This case should be dredged up every time a law-enforcement agency insists that easy access to personal data are a necessity in this digital age. They claim that there are protections in place to prevent this sort of thing; evidence (and common sense) show that this is nonsense. The only way to prevent this sort of abuse is not to remove the temptation from third-parties entirely; make the data on the device (or service) inaccessible unless you have the key to decrypt it, and ensure the only the owner of the data has that key.
Re: (Score:2, Informative)
It's not data on the phone. It's records of what calls she's made, so that it identifies who she has spoken to. Those have to be stored centrally to generate statistics to identify system problems and to generate billing.
It's the equivalent of an Apache access.log file, but one that can't be turned off because they do the bill runs off the data.
Re: (Score:2)
That ship has sailed. Like email, SMS texts are sent unencrypted. And it's going to take a herculean effort coordinating thousands of companies servicing billions of people to change it to something more secure. We've been trying to do just that with email for 20+ years and it's gone nowhere.
I'm not sure what the solution is. This sort of stuff seems to happe
anonymous cell phones (Score:5, Interesting)
You can never really protect against these kinds of invasions of privacy, in particular by telecoms or governments.
Professional journalists should be using "burner phones" for this. That's their job as professionals, even if some countries (I guess Australia among them) make this difficult.
People should also protest against legal requirements for registering their phones with the government.
Re:anonymous cell phones (Score:4, Informative)
Re:anonymous cell phones (Score:5, Insightful)
Sure there are: you can violate the law to get them (consider it an act of civil disobedience). You can get a foreign SIM card (there are plenty of companies that offer those, and quite cheaply too). Journalists can set a phone swapping club. Or you can use smart phones and use text messages only to initiate communications on privacy-conscious chat services.
Re: (Score:2)
Or, I don't know, just not use Vodafone?
I know if I was a journalist doing some "juicy expose" on, for example, Verizon or AT&T here in the good old US-of-A, I'd surely be using my T-Mobile line for any communication with a whistleblower. Even if that T-Mobile line was 100% traceable back to me, it would remove the ability for the company I'm exposing to see who I was talking to, at least directly.
Using a company's own services to communicate with internal employees who are leaking sensitive data is ju
Re: (Score:1)
You're doing your juicy expose on Verizon.
Someone you call while doing your juicy expose on Verizon happens to use Verizon.
How did you stop your T-Mobile phone number from showing up in the Verizon call data?