Tuesday, July 12, 2011

When the blagging stops and the hacking begins

Over the last few days I've been glued to the unfolding scandal that's engulfing News International. Most of the allegations of illegal activity have focussed on 'phone hacking' and 'blagging'. From a technical perspective neither of these is at all interesting.

The phone hacking that was done was pretty simple:
Mobile phones used to come with a default four-digit Pin such as 1234, 0000 or 3333. Customers were expected to change their Pin, but very few did.

Tabloid journalists and private investigators could simply ring the number and if the caller didn't answer, enter the default Pin and access the person's messages.

Another ruse was to change the voicemail Pin from the default to prevent other journalists having access to it.
Effective, but simple. As for blagging, that's just another term for the sort of social engineering that hackers get up to when they need information.

But yesterday a far more interesting (from a technical perspective) piece of news came out. It looks like News International may have used actual hackers and trojan horses to infiltrate the computers of their targets. If that's true then it would have given the 'journalists' incredible access because (a) they could have stolen any documents stored on the computers and (b) they could have installed a keylogger and captured everything that was being typed on the computer including passwords for email accounts. With access to email they could have read through current and past messages with impunity.

The news came about through an exchange between Belle de Jour and Zoe Margolis:

And Belle de Jour has gone on to give details in a blog post:
The message was from a journo at the Sunday Times. It was short Come on Belle, not even a little hint? There was an attachment. The attachment started downloading automatically (then if I remember correctly, came up with a "failed to download" message).

My heart sank - my suspicion was that there had been a program attached to the message, some sort of trojan, presumably trying to get information from my computer.
Oddly, George Michael also mentioned computer hacking:

Michael is talking about this man who was hired by the News of the World to do various dirty deeds, including:
One person who is familiar with Rees's operations claims that he or one of his associates started using Trojan Horse software, which allowed them to email a target's computer and copy the contents of its hard disk. This source claims that they used this tactic when they were hired by the News of the World to gather background on Freddy Scapaticci, a former IRA man who had been exposed as an MI6 informer codenamed Stakeknife.
The BBC Panorama program investigated this in more detail. The Guardian has also reported that:
Separately, [Gordon] Brown's tax paperwork was taken from his accountant's office apparently by hacking into the firm's computer. This was passed to another newspaper.
If all this is true, it points to an incredible level of access to private information and far greater sophistication than blagging.

Just imagine what's on your computer and in your email.

No comments: