Show Hide image

The bugger, bugged

After a chance meeting with a former News of the World executive who told him his phone had been hacked, Hugh Grant couldn’t resist going back to him – with a hidden tape recorder – to find out if there was more to the story. . .

When I broke down in my midlife crisis car in remotest Kent just before Christmas, a battered white van pulled up on the far carriageway. To help, I thought. But when the driver got out he started taking pictures with a long-lens camera. He came closer to get better shots and I swore at him. Then he offered me a lift the last few miles to my destination. I suspected his motives and swore at him some more. (I'm not entirely sympathetic towards paparazzi.) Then I realised I couldn't get a taxi and was late. So I had to accept the lift.

He turned out to be an ex-News of the World investigative journalist and paparazzo, now running a pub in Dover. He still kept his camera in the car's glove box for just this kind of happy accident.

More than that, he was Paul McMullan, one of two ex-NoW hacks who had blown the whistle (in the Guardian and on Channel 4's Dispatches) on the full extent of phone-hacking at the paper, particularly under its former editor Andy Coulson. This was interesting, as I had been a victim - a fact he confirmed as we drove along. He also had an unusual defence of the practice: that phone-hacking was a price you had to pay for living in a free society. I asked how that worked exactly, but we ran out of time, and next thing we had arrived and he was asking me if I would pose for a photo with him, "not for publication, just for the wall of the pub".

I agreed and the picture duly appeared in the Mail on Sunday that weekend with his creative version of the encounter. He had asked me to drop into his pub some time. So when, some months later, Jemima asked me to write a piece for this paper, it occurred to me it might be interesting to take him up on his invitation.

I wanted to hear more about phone-hacking and the whole business of tabloid journalism. It occurred to me just to interview him straight, as he has, after all, been a whistleblower. But then I thought I might possibly get more, and it might be more fun, if I secretly taped him, The bugger bugged, as it were. Here are some excerpts from our conversation.

Me So, how's the whistleblowing going?
Him I'm trying to get a book published. I sent it off to a publisher who immediately accepted it and then it got legal and they said, "This is never going to get published."
Me Why? Because it accuses too many people of crime?
Him Yes, as I said to the parliamentary commission, Coulson knew all about it and regularly ordered it . . . He [Coulson] rose quickly to the top; he wanted to cover his tracks all the time. So he wouldn't just write a story about a celeb who'd done something. He'd want to make sure they could never sue, so he wanted us to hear the celeb like you on tape saying, "Hello, darling, we had lovely sex last night." So that's on tape - OK, we've got that and so we can publish . . . Historically, the way it went was, in the early days of mobiles, we all had analogue mobiles and that was an absolute joy. You know, you just . . . sat outside Buckingham Palace with a £59 scanner you bought at Argos and get Prince Charles and everything he said.
Me Is that how the Squidgy tapes [of Diana's phone conversations] came out? Which was put down to radio hams, but was in fact . . .
Him Paps in the back of a van, yes . . . I mean, politicians were dropping like flies in the Nineties because it was so easy to get stuff on them. And, obviously, less easy to justify is celebrities. But yes.
Me And . . . it wasn't just the News of the World. It was , you know - the Mail?
Him Oh absolutely, yeah. When I went freelance in 2004 the biggest payers - you'd have thought it would be the NoW, but actually it was the Daily Mail. If I take a good picture, the first person I go to is - such as in your case - the Mail on Sunday. Did you see that story? The picture of you, breaking down . . . I ought to thank you for that. I got £3,000. Whooo!
Me But would they [the Mail] buy a phone-hacked story?
Him For about four or five years they've absolutely been cleaner than clean. And before that they weren't. They were as dirty as anyone . . . They had the most money.
Me So everyone knew? I mean, would Rebekah Wade have known all this stuff was going on?
Him Good question. You're not taping, are you?
Me [slightly shrill voice] No.
Him Well, yeah. Clearly she . . . took over the job of [a journalist] who had a scanner who was trying to sell it to members of his own department. But it wasn't a big crime. [NB: Rebekah Brooks has always denied any knowledge of phone-hacking. The current police investigation is into events that took place after her editorship of the News of the World.]
It started off as fun - you know, it wasn't against the law, so why wouldn't you? And it was only because the MPs who were fiddling their expenses and being generally corrupt kept getting caught so much they changed the law in 2001 to make it illegal to buy and sell a digital scanner. So all we were left with was - you know - finding a blag to get your mobile [records] out of someone at Vodafone. Or, when someone's got it, other people swap things for it.
Me So they all knew? Wade probably knew all about it all?
Him [...] Cameron must have known - that's the bigger scandal. He had to jump into bed with Murdoch as everyone had, starting with Thatcher in the Seventies . . . Tony Blair . . . [tape is hard to hear here] Maggie openly courted Murdoch, saying, you know, "Please support me." So when Cameron, when it came his turn to go to Murdoch via Rebekah Wade . . . Cameron went horse riding regularly with Rebekah. I know, because as well as doorstepping celebrities, I've also doorstepped my ex-boss by hiding in the bushes, waiting for her to come past with Cameron on a horse . . . before the election to show that - you know - Murdoch was backing Cameron.
Me What happened to that story?
Him The Guardian paid for me to do it and I stepped in it and missed them, basically. They'd gone past - not as good as having a picture.
Me Do you think Murdoch knew about phone-hacking?
Him Errr, possibly not. He's a funny bloke given that he owns the Sun and the Screws . . . quite puritanical. Sorry to talk about Divine Brown, but when that came out . . . Murdoch was furious: "What are you putting that on our front page for? You're bringing down the tone of our papers." [Indicating himself] That's what we do over here.
Me Well, it's also because it was his film I was about to come out in.
Him Oh. I see.
Me Yeah. It was a Fox film.
[A pause here while we chat to other customers, and then - ]
Him So anyway, let me finish my story.
Me Murdoch, yes . . .
Him So I was sent to do a feature on Moulin Rouge! at Cannes, which was a great send anyway. Basically my brief was to see who Nicole Kidman was shagging - what she was doing, poking through her bins and get some stuff on her. So Murdoch's paying her five million quid to big up the French and at the same time paying me £5.50 to fuck her up . . . So all hail the master. We're just pawns in his game. How perverse is that?
Me Wow. You reckon he never knew about it?
Him [pause] I don't even think he really worried himself too much about it.
Me What's his son called?
Him James. They're all mates together. They all go horse riding. You've got Jeremy Clarkson lives here [in Oxfordshire]. Cameron lives here, and Rebekah Wade is married to Brooks's son [the former racehorse trainer Charlie Brooks]. Cameron gets dressed up as the Stig to go to Clarkson's 50th birthday party [NB: it was actually to record a video message for the party]. Is that demeaning for a prime minister? It should be the other way round, shouldn't it? So basically, Cameron is very much in debt to Rebekah Wade for helping him not quite win the election . . . So that was my submission to parliament - that Cameron's either a liar or an idiot.
Me But don't you think that all these prime ministers deliberately try to get the police to drag their feet about investigating the whole [phone-hacking] thing because they don't want to upset Murdoch?
Him Yeah. There's that . . . You also work a lot with policemen as well . . . One of the early stories was [and here he names a much-loved TV actress in her sixties] used to be a street walker - whether or not she was, but that's the tip.
Me and Chum MLTVA?!
Me I can't believe it. Oh no!
Chum Really??
Him Yeah. Well, not now . . .
Chum Oh, it'd be so much better if it was now.
Him So I asked a copper to get his hands on the phone files, but because it's only a caution it's not there any more. So that's the tip . . . it's a policeman ringing up a tabloid reporter and asking him for ten grand because this girl had been cautioned right at the start of his career. And then I ask another policemen to go and check the records . . . So that's happening regularly. So the police don't particularly want to investigate.
Me But do you think they're going to have to now?
Him I mean - 20 per cent of the Met has taken backhanders from tabloid hacks. So why would they want to open up that can of worms? . . . And what's wrong with that, anyway? It doesn't hurt anyone particularly. I mean, it could hurt someone's career - but isn't that the dance with the devil you have to play?
Me Well, I suppose the fact that they're dragging their feet while investigating a mass of phone-hacking - which is a crime - some people would think is a bit depressing about the police.
Him But then - should it be a crime? I mean, scanning never used to be a crime. Why should it be? You're transmitting your thoughts and your voice over the airwaves. How can you not expect someone to just stick up an aerial and listen in?
Me So if someone was on a landline and you had a way of tapping in . . .
Him Much harder to do.
Me But if you could, would you think that was illegal? Do you think that should be illegal?
Him I'd have to say quite possibly, yeah. I'd say that should be illegal.
Me But a mobile phone - a digital phone . . . you'd say it'd be all right to tap that?
Him I'm not sure about that. So we went from a point where anyone could listen in to anything. Like you, me, journalists could listen in to corrupt politicians, and this is why we have a reasonably fair society and a not particularly corrupt or criminal prime minister, whereas other countries have Gaddafi. Do you think it's right the only person with a decent digital scanner these days is the government? Whereas 20 years ago we all had a go? Are you comfortable that the only people who can listen in to you now are - is it MI5 or MI6?
Me I'd rather no one listened in, to be honest. And I might not be alone there. You probably wouldn't want people listening to your conversations.
Him I'm not interesting enough for anyone to want to listen in.
Me Ah . . . I think that was one of the questions asked last week at one of the parliamentary committees. They asked Yates [John Yates, acting deputy commissioner of the Metropolitan Police] if it was true that he thought that the NoW had been hacking the phones of friends and family of those girls who were murdered . . . the Soham murder and the Milly girl [Milly Dowler].
Him Yeah. Yeah. It's more than likely. Yeah . . . It was quite routine. Yeah - friends and family is something that's not as easy to justify as the other things.
Me But celebrities you would justify because they're rich?
Him Yeah. I mean, if you don't like it, you've just got to get off the stage. It'll do wonders.
Me So I should have given up acting?
Him If you live off your image, you can't really complain about someone . . .
Me I live off my acting. Which is different to living off your image.
Him Yeah, but you're still presenting yourself to the public. And if the public didn't know you -
Me They don't give a shit. I got arrested with a hooker and they still came to my films. They don't give a fuck about your public image. They just care about whether you're in an entertaining film or not.
Him That's true . . . I have terrible difficulty with him [points to pap shot of Johnny Depp]. He's really difficult. You know, I was in Venice and he was a nightmare to do because he walks around looking like Michael Jackson. And the punchline was . . . after leading everyone a merry dance the film was shot on an open balcony - I mean, it was like - he was standing there in public.
Me And you don't see the difference between the two situations?
Chum He was actually working at this time? As opposed to having his own private time?
Him You can't hide all the time.
Me So you're saying, if you're Johnny Depp or me, you don't deserve to have a private life?
Him You make so much more money. You know, most people in Dover take home about £200 and struggle.
Me So how much do you think the families of the Milly and Soham girls make?
Him OK, so there are examples that are poor and you can't justify - and that's clearly one of them.
Me I tell you the thing I still don't get - if you think it was all right to do all that stuff, why blow the whistle on it?
Him Errm . . . Right. That's interesting. I actually blew the whistle when a friend of mine at the Guardian kept hassling me for an interview. I said, "Well if you put the name of the Castle [his pub] on the front page of the Guardian, I'll do anything you like." So that's how it started.
Me So, have you been leant on by the NoW, News International, since you blew the whistle?
Him No, they've kept their distance. I mean, there's people who have much better records - my records are non-existent. There are people who actually have tapes and transcripts they did for Andy Coulson.
Me And where are these tapes and transcripts? Do you think they've been destroyed?
Him No, I'm sure they're saving them till they retire.
Me So did you personally ever listen to my voice messages?
Him No, I didn't personally ever listen to your voice messages. I did quite a lot of stories on you, though. You were a very good earner at times.

Those are the highlights. As I drove home past the white cliffs, I thought it was interesting - apart from the fact that Paul hates people like me, and I hate people like him, we got on quite well. And, absurdly, I felt a bit guilty for recording him.

And he does have a very nice pub. The Castle Inn, Dover, for the record. There are rooms available, too. He asked me if I'd like to sample the honeymoon suite some time: "I can guarantee your privacy."

-- Listen to the audio now --

This article first appeared in the 11 April 2011 issue of the New Statesman, Jemima Khan guest edit

NEAL FOX FOR NEW STATESMAN
Show Hide image

They know where you live

Imagine your house being raided by armed police. That’s what happened to Mumsnet’s Justine Roberts after she fell victim to an internet hoaxer.

At around midnight on Tuesday 11 August 2015, a man dialled 999 to report a murder. A woman had been killed in her London home, he said, before hanging up without offering his name. A second call followed. This time, the man claimed to be the killer. He told the operator that he had now taken the woman’s children hostage at the Islington address. They were locked with him inside a room in the house, he said. The police responded with reassuring speed. Fifteen minutes later, eight officers, five of them armed with automatic weapons, accompanied by saliva-flecked dogs, arrived at the scene and took up position in neighbouring front gardens. When one officer banged on the front door of the house, the team was greeted, moments later, not by a masked murderer but by a blinking and bewildered au pair.

Justine Roberts, the woman whom the caller claimed to have killed, was in fact nearly 2,000 kilometres away – in Italy, holidaying with her husband and children. After explaining this to the police, the au pair called Roberts, who assumed that the incident was an unfortunate misunderstanding, one that could be unpicked after the vacation. It was no mistake. Roberts had been the victim of “swatting”, the term given to a false emergency call designed to bait an armed unit of police officers to storm someone’s home. It wasn’t until a few days later, as the family was preparing to return to London, that Roberts discovered that she had been the target of a planned and sustained attack, not only on her household, but also on her business.

Roberts is the founder of Mumsnet, the popular British internet discussion forum on which parents share advice and information. A few days before the swatting incident, members of 8chan, a chat room that prides itself on being an open, anonymous platform for free speech, no matter how distasteful, had registered accounts on Mums­net with the aim of trolling people there. When legitimate Mumsnet users identified and then ridiculed the trolls, some retreated to 8chan to plot more serious vengeance in a thread that the police later discovered. Roberts wasn’t involved in the online skirmish but, as the public face of the site, she was chosen as the first target.

After the initial armed response, Roberts’s perception was that the police were unconcerned about the swatting attack. “We were told that there was no victim, so there was not much that could be done,” she told me. The hoax caller, however, was not finished. In the days after the incident, there was chatter on Mumsnet and Twitter about what had happened. A Mumsnet user whom I will call Jo Scott – she requested anonymity for her own safety – exchanged heated messages with a hacker who claimed responsibility for the 999 call.

“It descended into jokes and silliness, like many things do,” Scott said. “I didn’t take it seriously when the hacker said he had big surprises in store.” She doesn’t believe that what happened next was personal. “I think I was just easy to find.”

A few days after police were called to Roberts’s home, Scott was in her bedroom while her husband was sitting downstairs playing video games. At 11pm, she heard a noise outside. “I looked out of the window and saw blue flashing lights in the street,” she recalled. “I could hear shouting but I didn’t pay it much notice.” Then she heard her husband open the front door. Police rushed into the house. An armed officer shouted upstairs, asking Scott if she was hurt. When she replied that she was fine, he told her to fetch her two young children: he needed to see them. Scott shook her sons awake, explaining, so as not to alarm them, that the police had come to show the boys their cars. As the three of them went downstairs, the officers swept up through the house, repeatedly asking if there were any weapons on the property.

“I was beyond confused by this point,” Scott said. “Everyone was carrying a gun. They had little cutaway bits so you could see the bullets. My eldest asked one of the officers if he could have a go on his gun and went to touch it.”

As Scott sat with an officer downstairs, she asked what had happened to her husband. “I later found out that the noises I’d heard were the police calling for him to come outside,” she said. “He dropped the PlayStation controller as he left the room. It was only later that we realised it’s a good job he did: in the dark, the controller might have looked like a weapon.”

Outside, Scott’s husband had been surrounded and arrested. Other police ­officers were on the lookout in the front gardens of nearby properties, having warned the couple’s neighbours to stay indoors, away from their windows. “One of the officers said it was beginning to look like a hoax,” Scott said. “Then he mentioned swatting. As soon as he said that word, I twigged that I’d seen the term that day on Twitter in relation to the Mumsnet hack.”

***

The term “swatting” has been used by the FBI since 2008. “Swat” is an acronym of “Special Weapons and Tactics”, the American police squads routinely called to intervene in hostage situations. It is, in a sense, a weaponised version of a phoney order of pizza, delivered as a prank to a friend’s home, albeit one that carries the possibility of grave injury at the hands of police. For perpetrators, the appeal is the ease with which the hoax can be set in motion and the severity of the results. With a single, possibly untraceable phone call, dialled from anywhere in the world, it is possible to send an armed unit to any address, be it the home of a high-profile actor whom you want to prank or that of someone you want to scare.

In America, where swatting originated, the practice has become so widespread – targets have included Tom Cruise, Taylor Swift, Clint Eastwood and the Californian congressman Ted Lieu – that it is now classed as an act of domestic terrorism. In the UK, where Justine Roberts’s was one of the first recorded cases, swatting is classed as harassment, though that may change if these and other forms of internet vigilante attacks, such as doxxing, become increasingly commonplace.

Doxxing involves the publication of someone’s personal details – usually their home address, phone numbers, bank details and, in some cases, email address – on the internet. It is often the prelude to swatting: after all, the perpetrator of a hoax cannot direct the police to the target’s home address until this is known. (During the week of the Mumsnet attacks, one of the perpetrators attempted to locate another target using their computer’s IP address, which can identify where a person is connected to the internet, often with alarming precision. Their calculation, however, was slightly out; police were called to a neighbour’s address.)

Though doxxing has a less dramatic outcome than swatting, the psychological effects can be just as severe. For victims – usually people who are active on the internet and who have outspoken opinions or who, in the eyes of an internet mob, have committed some kind of transgression – the mere threat of having their personal information made available on the web can cause lasting trauma. A Canadian software developer whose home address, bank details, social security number and email history were published online in 2014 told me that he now keeps an axe by his front door. “I still don’t feel safe here,” he said. “It’s terrifying.”

Christos Reid, a social media manager for a software company, was doxxed last year. Reid’s information came from a website he had registered seven years earlier. “I woke up one morning to find a tweet announcing my personal details,” he told me. When he asked the Twitter account holder to take down the address, he was told to commit suicide. Reid said he was “OK for about half an hour”; but then, after he went out, he broke down in the street. “I’ve become more paranoid,” he said. He no longer gives out business cards with personal information.

Reid lives in London, but at the time of the doxx he was attending an event in Nottingham, home to the British police’s largest cybercrime division. He was impressed with the police response, even though they told him that they had not heard of the term “doxxing” before. “I was interviewed by two separate people about my experiences who then compiled everything into a case file and transferred it to the Met. When I arrived home, an officer visited me to discuss what happened and my options.”

The policeman explained harassment law to Reid, and offered advice on how to improve security at his flat and what to do if someone hostile turned up at the address. Reid shouldered the repercussions of what had happened alone; no suspects were identified. A spokesperson for the Metropolitan Police similarly said that although detectives from Islington CID have investigated the swatting attacks made on Roberts and Scott, no suspects have been identified “at this time”, even as “inquiries continue”.

Doxxing may seem to be a mild form of harassment but it carries with it an implicit threat of impending violence; the worrying message is: “We know where you live.” Unlike swatting, which is always malicious, doxxing is sometimes viewed by its perpetrators as virtuous. In November 2014, hackers claiming to be aligned with the internet group Anonymous published personal information allegedly belonging to a Ku Klux Klan member from Missouri. The hackers said that their action was a response to the KKK’s threat to use lethal force against demonstrators in the city of Ferguson, Missouri, protesting against the killing of the unarmed black teenager Michael Brown by a white police officer. In January 2015 hackers claiming to be from Isis took over US Central Command’s Twitter account and posted information about senior military officers, including phone numbers and email addresses. In each case, those carrying out the doxxing believed, however mistakenly, in the virtue of their actions and hoped that the information could be used to bring punishment or ruin to the subject.

The term “doxxing” may be new but the practice is an old one. The Hollywood blacklist revealed the political beliefs and associations of actors and directors in the late 1940s as a way to invite shame, deny employment and dissuade others from following their example. “But it has become a lot easier to find people’s private details with the help of the internet,” Jeroen Vader told me. Vader owns Pastebin, a website that allows users to upload and distribute text documents, and where much of the personal data is anonymously uploaded and shared. “People post their private information on social networks,” he said. “A lot of people aren’t aware that their information is so easily available to others.”

In Justine Roberts’s case, the perpetrator may not even have needed to look at social networks to mine her personal information. “If you’re on the electoral roll, you’re easy to find,” she said. “There’s not much you can do to stop people getting hold of your data one way or another, whether it’s for nefarious reasons or simply to better advertise to you. We live in a world that is constantly trying to gather more information about us.”

Jeroen Vader said he has noticed an “upward trend” in the number of doxxing posts uploaded to Pastebin in recent months, but insisted that when someone uses the site’s abuse report system these offending posts are removed immediately.

Across social media companies, action is more often reactive than proactive. Victoria Taylor, a former director at Reddit, one of the largest community-driven websites in the world, said that the rule against publishing other users’ personal information has been “consistently one of the site’s most basic policies” and that “any violation of this rule is taken extremely seriously by the team and community”. Still, she was only able to recommend that victims of doxxing send a message to the site’s administrators. Similarly, when asked what a person can do to remove personal details that have been published without permission, a Twitter spokesperson said: “Use our help form.”

The spokesperson added: “There has def­initely been an overall increase in doxxing since 2006, both on Twitter and on the internet more generally.” She attributed this rise to the emergence of search engines such as Intelius and Spokeo, services designed to locate personal information.

***

The surge in the number of dox­xing and swatting attacks is in part a result of the current lack of legal protection for victims. Confusion regarding the law on doxxing is pervasive; the term is even not mentioned in either US or European law. In a tutorial posted on Facebook in 2013, the writer claims: “Doxxing isn’t illegal as all the information you have obtained is public,” and adds: “But posting of the doxx might get you in a little trouble.”

Phil Lee, a partner in the privacy, security and information department of Fieldfisher based at the law firm’s office in Silicon Valley, said that differing privacy laws around the world were part of the problem. “Various countries have laws that cover illegal or unauthorised obtaining of data. Likewise, some of the consequences of releasing that data, such as defamation or stalking, cover elements of what we now term doxxing. But there is no global law covering what is a global phenomenon.” Indeed, Roberts believes that her London address was targeted from America – the 999 call was routed through a US proxy number.

One challenge to creating a law on doxxing is that the sharing of personal information without permission has already become so widespread in the digital age. “If a law was to state something like, ‘You must not post personal information about another person online without their consent,’ it wouldn’t reflect how people use the internet,” Lee said. “People post information about what their friends and family members have been doing all the time without their consent.

“Such a law could have a potentially detrimental effect on freedom of speech.”

Lee believes that a specific law is unnecessary, because its potentially harmful effects are already covered by three discrete pieces of legislation dealing with instances where a person’s private information is obtained illegally, when that information is used to carry out illegal acts and when the publication of the information is accompanied by a threat to incite hatred. However, this does not adequately account for cases in which the information is obtained legally, and then used to harass the individual in a more legally ambiguous manner, either with prank phone calls or with uninvited orders of pizza.

Susan Basko, an independent lawyer who practises in California and who has been doxxed in the course of her frequent clashes with internet trolls, believes that the onus should be on the law, rather than the public. She points out that in the US it is a crime to publicise information about a government employee such as their home address, their home and cellphone numbers, or their social security number, even if the information is already online. “This law should apply to protect all people, not just federal employees,” she said. “And websites, website-hosting companies and other ISPs should be required to uphold this law.”

Basko said that doxxing will continue to increase while police have inadequate resources to follow up cases. For now, it is up to individuals to take preventative measures. Zoë Quinn, an American game designer and public speaker who was doxxed in 2014, has launched Crash Override, a support network and assistance group for targets of online harassment, “composed entirely of experienced survivors”.

Quinn, who spoke about the problem at a congressional hearing in Washington, DC in April last year, recently posted a guide on how to reduce the likelihood of being doxxed. “If you are worried you might some day be targeted,” she wrote, “consider taking an evening to stalk yourself online, deleting and opting out of anything you’re not comfortable with.”

Both Scott and Roberts have changed their privacy habits following the attacks. Scott is more careful about interacting with strangers online, while Roberts uses scrambler software, which ensures that she never uses the same password for more than one online site or service.

For both women’s families, the effects of their encounters with armed police have also lingered. When one day recently Roberts’s husband returned home early from work, the au pair called the police, believing it was an intruder. And Scott is haunted by what happened.

“What if my husband had made a sudden move or resisted in some way? What if my eldest had grabbed the gun instead of gently reaching for it? What if people locally believed that my husband did actually have guns in the house?” she asks. “I don’t think the people making these sorts of hoax calls realise the impact.” 

This article first appeared in the 28 April 2016 issue of the New Statesman, The new fascism