Business an 'easy' phone hacking target

2011-06-20 09:42

kalahari.com

London - British mobile carriers have tightened voicemail security since a phone-tapping scandal at News Corp's News of the World tabloid, but technological advances mean eavesdropping is easier than ever.

Politicians, actors and sportspeople have been top targets as front-page story fodder, but businesspeople with access to commercially sensitive information may be the next victims.

Soccer player Ryan Giggs this week became the latest celebrity to say he was suing the newspaper for intercepting his mobile phone messages, joining dozens of others including actor Jude Law .

But the practice, dating back to the mid-2000s, of trawling voicemails for scandal - which could yet threaten News Corp's $14bn bid for UK broadcaster BSkyB - looks primitive compared with privacy invasions possible today.

Intercepting phone calls, an activity that until recently was largely limited to governments and organised crime, is now well within the reach of motivated individuals or unscrupulous private investigators, as equipment prices plummet.

Spyware applications

"I'd be very surprised if no criminal organisation understood this potential and wasn't already doing this," said hacker Karsten Nohl, who helped expose a security flaw in the widely used GSM mobile network standard last December.

"In particular, business people with stock-relevant information would be prime victims of this kind of attack," he said.

A recent trawl by the GSM Association group of mobile operators found 18 different spyware applications sold openly on the internet, at prices ranging from $29.99 to $847.

Most of these require the snooper to get hold of the target's phone to install the necessary software.

But now phone calls can be targeted through the network with no need to gain possession of the device, and without leaving traces. A new industry has begun to spring up to take advantage.

"Over the past two years there's been a commodisation of tools to hack into the GSM network," said Nigel Stanley, practice leader for security at European IT research and consultancy firm Bloor Research.

"If you have the necessary criminal energy, it wouldn't be hard to find someone to supply the necessary equipment," said Bjoern Rupp, chief executive of GSMK CryptoPhone, which makes high-end secure phones.

Secure algorithm

The vulnerability of the 20-year-old GSM standard, used by billions of people in about 80% of the global mobile market, was clearly demonstrated last December by Nohl together with fellow hacker Sylvain Munaut.

The two demonstrated an interception at the Chaos Computer Club Congress in Berlin, using a toolkit of four cheap phones, a laptop and some open-source software to hack the A5/1 algorithm used to keep GSM voice conversations confidential.

"We always knew that the day would come when algorithm A5/1 would be vulnerable," said James Moran, chief security officer of the GSM Association.

The GSM Association has developed a new, more secure algorithm but it is hard to deploy in older networks. It has also made available a security patch that is easier to implement, but Nohl said it had not been widely deployed.

Nohl is currently conducting tests on networks around Europe and said he had been able to attack all the GSM networks in London, France, Germany and the Netherlands during recent tests, using kit that a computer studies student could build in a week.

Nohl said he estimated an entire surveillance operation could be built around a person or organisation today for under €30 000 ($42 000) - about one-tenth of the price it might have cost four or five years ago.

Among the British operators, only Vodafone is rolling out the GSMA's security patch to protect its network.

Confidential information

Orange and T-Mobile , who have recently merged their networks, are looking at security options but have no firm plans.

O2 said it was reviewing the GSMA's patch to see whether it was an appropriate response, but pointed out that the majority of calls on its network were now carried by the 3G UMTS technology, which does not rely on the A5/1 privacy algorithm.

Britain's smallest operator, Hutchison Whampoa's 3, has a 3G only network, so the question does not arise.

For those with a few thousand dollars to spare, secure phones are available from suppliers such as GSMK CryptoPhone or Cellcrypt and are used by top government officials, senior executives and celebrities.

But many ordinary businesspeople privy to confidential information have no such option, and may prefer to discuss business by phone than in writing, for compliance reasons.

"We are seeing a growing tension between organisational security requirements and personal convenience requirements with people often discussing sensitive issues on mobile phones to get their jobs done faster or because they have no other practical choice," said Cellcrypt CEO Richard Greco.

Eavesdropping on phone conversations is illegal in most countries including Britain, except by certain government bodies on grounds of national security, crime prevention or other public-interest reasons.

Unregulated industry

But Britain's private-detective industry is unregulated, despite the efforts of the Association of British Investigators, which has been lobbying for years to regulate the industry.

"There's those who belong to an association or advertise in the yellow pages or have a website, and then there's the brokers of information," said a spokesperson for the association. "These people make a lot of money."

"Most of them are one man bands, operate out of a back bedroom, do a reasonable job," he said.

"But it's possible for any extreme criminal element or somebody on the sexual offences register to set up in business this afternoon... they are a danger and sadly that's the situation."
Read more on:    cybercrime
NEXT ON NEWS24X
SHARE:

Read News24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
0 comments
Add your comment
Comment 0 characters remaining
 

Inside News24

 
/News
 

Red Bull Lionheart trail run - not for the fainthearted!

Entries are open, so what are you waiting for?

 
 

Where were you when you last felt alive?

Adventure holidays for your bucket list
Top 10 water sports to try before you die
6 impressive camping tips
LOL! The 8 stages of marathon running

Jobs in Cape Town [change area]

Property [change area]

Travel - Look, Book, Go!

Magical Massinga

Spend 5 nights at the gorgeous Massinga Beach Lodge in Mozambique and only pay for 4 from R13 220 per person sharing. Includes return flights, accommodation, transfers and romantic turndown. Book now!

Kalahari.com - shop online today

Save up to R1000 on Hisense smartphones!

View the large range of Hisense smartphones. Buy today and save up to R1000!

Deal of the week!

Save R1200 on the Samsung 48” smart full HD LED television now only R8799. Buy now!

Toys 4 for the price of 3

Buy 4 toys and get the cheapest FREE! Offer valid while stocks last. Shop now!

Mind blowing prices – As seen on TV

Get mind blowing prices on 1000’s of products! Shop now.

Save 20% on Nivea beauty products!

Buy any two Nivea beauty products and save 20%. Offer valid while stocks last. Shop now!

OLX Free Classifieds [change area]

Samsung Galaxy s4

Mobile, Cell Phones in South Africa, Western Cape, Cape Town. Date October 24

Best bargain in big bay

Real Estate, Houses - Apartments for Sale in South Africa, Western Cape, Cape Town. Date October 25

VW Golf 6, 1.6 Trendline (Excellent condition)

Vehicles, Cars in South Africa, Western Cape, Cape Town. Date October 25

Horoscopes
Aquarius
Aquarius

There is an easy social flow and the need to blend in, yet you may not feel entirely comfortable. Something beneath the surface...read more

There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.








Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.