

Legal spying via the cell phone system - jsm386
http://news.cnet.com/8301-27080_3-20002986-245.html

======
TallGuyShort
Is that actually legal? I thought that any spoofing of information to gain
access to information was illegal

~~~
sp332
Not if you're only spoofing yourself. He called himself with the bogus caller
ID to get the number associated with it.

------
moeffju
See also:

[http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.h...](http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html)
<http://hackermedley.org/archives/4>
[http://www.h-online.com/open/news/item/26C3-GSM-hacking-
made...](http://www.h-online.com/open/news/item/26C3-GSM-hacking-made-
easy-893245.html)

and

[http://events.ccc.de/congress/2008/Fahrplan/events/2997.en.h...](http://events.ccc.de/congress/2008/Fahrplan/events/2997.en.html)

for similar and more advanced attacks on GSM.

------
johngalt
Most laws against "hacking" have some section that defines hacking with
various levels of specificity, but at the end it always some generic statement
that allows them to prosecute anyone for anything. Something along the lines
of "using a system to gain inappropriate access to information", or even just
"usage of a system for purposes other than it's intended use".

Wasn't there a news story recently about a student that accidentally found a
file with personal info available from his school's libary computer, and was
subsequently arrested when notifying the administration?

------
CGamesPlay
I love the solution he offers: "people are just going to have to be made aware
of the threat."

~~~
impeachgod
I think that's the disease of security researchers - thinking that Average Joe
will give a shit. Average Joe's got more interesting thing to do than some
hypothetical threat - unless the threat actually occurs, in which case he'll
start shooting the messenger.

------
ableal
_The first part of the operation involves getting a target's cell phone number
from a public database that links names to numbers for caller ID purposes.
DePetrillo used open-source PBX software to spoof the outgoing caller ID and
then automated phone calls to himself, triggering the system to force a name
lookup._

Uh, oh. And the rest does not look good either - the attack looks credible
(the tracking bit looks legally iffy).

 _the hands of GSM providers in the U.S. are tied._

Just today was talking with a lawyer who's reviewing data protection
legislation, vs. mandated (by EU regulations) information disclosure
requirements. There may not be a way of reconciling both ...

------
eli
On what planet is hacking into voicemail legal?

