The ‘phone hacking’ was despicable, but it wasn’t hacking

Private investigators hired by tabloids were ‘blaggers’, not hackers.

We now know that certain tabloids including the News of The World covertly gained access to the voicemails of all sorts of people, from celebrities, to the family of murdered schoolgirl Milly Dowler. It was, as Robert Jay Q.C. described in his opening submission to the Leveson Inquiry, a "fishing expedition".

But while some have described the actions of the tabloids and the private investigators they hired as 'hacking', as far as we know thus far, it was nothing of the sort. What they did should really be described as communications interception, or if you want to use security parlance, default configuration attacks.

If the owner of a mobile phone does not set it up with a new voicemail password or PIN, it remains the default PIN set by the phone maker or telecoms operator. 1234, for example, or 0000. All that a private investigator then needs to listen to one's voicemails is the mobile phone number itself, and for the owner not to have changed the PIN.

So what the private investigators did was 'blag' the mobile phone numbers of their intended victims, either through social engineering techniques where you persuade a helpful person to divulge a mobile number by pretending to be someone else, or simply by paying someone at the phone company to give it out.

That is not to say that what the tabloids and the private investigators they hired was not despicable, and the Notw's royal affairs editor Clive Goodman and private investigator Glenn Mulcaire may not be the only persons deemed by the courts to have also acted criminally.

There are techniques that can be used to hack into mobile phone conversations themselves and also to snoop on text messages sent via mobile phones. GSM interceptors can do exactly that, but these are not something someone with little more than 'blagging' skills would be able to deploy. Companies, more sophisticated hackers and even governments do use them, but we're yet to hear evidence that these were used by the tabloids or private investigators under the Leveson Inquiry spotlight.

It's scary enough that corporations and governments use sophisticated cybercrime techniques to bypass internet and communications security. It's worth being that little bit more specific about the techniques that are being used in different situations, if we don't want the general response to be, 'there's nothing I can do about my online security: if someone wants to hack my voicemails I am sure they could'.

When really the response in this instance, along with the outrage, might also be, 'I should change my PIN'.

Jason Stamper is NS technology correspondent and editor of Computer Business Review.

Jason Stamper is editor of Computer Business Review

#Match4Lara
Show Hide image

#Match4Lara: Lara has found her match, but the search for mixed-race donors isn't over

A UK blood cancer charity has seen an "unprecedented spike" in donors from mixed race and ethnic minority backgrounds since the campaign started. 

Lara Casalotti, the 24-year-old known round the world for her family's race to find her a stem cell donor, has found her match. As long as all goes ahead as planned, she will undergo a transplant in March.

Casalotti was diagnosed with acute myeloid leukaemia in December, and doctors predicted that she would need a stem cell transplant by April. As I wrote a few weeks ago, her Thai-Italian heritage was a stumbling block, both thanks to biology (successful donors tend to fit your racial profile), and the fact that mixed-race people only make up around 3 per cent of international stem cell registries. The number of non-mixed minorities is also relatively low. 

That's why Casalotti's family launched a high profile campaign in the US, Thailand, Italy and the US to encourage more people - especially those from mixed or minority backgrounds - to register. It worked: the family estimates that upwards of 20,000 people have signed up through the campaign in less than a month.

Anthony Nolan, the blood cancer charity, also reported an "unprecedented spike" of donors from black, Asian, ethcnic minority or mixed race backgrounds. At certain points in the campaign over half of those signing up were from these groups, the highest proportion ever seen by the charity. 

Interestingly, it's not particularly likely that the campaign found Casalotti her match. Patient confidentiality regulations protect the nationality and identity of the donor, but Emily Rosselli from Anthony Nolan tells me that most patients don't find their donors through individual campaigns: 

 It’s usually unlikely that an individual finds their own match through their own campaign purely because there are tens of thousands of tissue types out there and hundreds of people around the world joining donor registers every day (which currently stand at 26 million).

Though we can't know for sure, it's more likely that Casalotti's campaign will help scores of people from these backgrounds in future, as it has (and may continue to) increased donations from much-needed groups. To that end, the Match4Lara campaign is continuing: the family has said that drives and events over the next few weeks will go ahead. 

You can sign up to the registry in your country via the Match4Lara website here.

Barbara Speed is a technology and digital culture writer at the New Statesman and a staff writer at CityMetric.