Support 100 years of independent journalism.

  1. Politics
  2. Media
20 December 2011

The ‘phone hacking’ was despicable, but it wasn’t hacking

Private investigators hired by tabloids were ‘blaggers’, not hackers.

By Jason Stamper

We now know that certain tabloids including the News of The World covertly gained access to the voicemails of all sorts of people, from celebrities, to the family of murdered schoolgirl Milly Dowler. It was, as Robert Jay Q.C. described in his opening submission to the Leveson Inquiry, a “fishing expedition”.

But while some have described the actions of the tabloids and the private investigators they hired as ‘hacking’, as far as we know thus far, it was nothing of the sort. What they did should really be described as communications interception, or if you want to use security parlance, default configuration attacks.

If the owner of a mobile phone does not set it up with a new voicemail password or PIN, it remains the default PIN set by the phone maker or telecoms operator. 1234, for example, or 0000. All that a private investigator then needs to listen to one’s voicemails is the mobile phone number itself, and for the owner not to have changed the PIN.

So what the private investigators did was ‘blag’ the mobile phone numbers of their intended victims, either through social engineering techniques where you persuade a helpful person to divulge a mobile number by pretending to be someone else, or simply by paying someone at the phone company to give it out.

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive. Quick and essential guide to domestic and global politics from the New Statesman's politics team. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s global affairs newsletter, every Monday and Friday. A handy, three-minute glance at the week ahead in companies, markets, regulation and investment, landing in your inbox every Monday morning. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A weekly dig into the New Statesman’s archive of over 100 years of stellar and influential journalism, sent each Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy

That is not to say that what the tabloids and the private investigators they hired was not despicable, and the Notw‘s royal affairs editor Clive Goodman and private investigator Glenn Mulcaire may not be the only persons deemed by the courts to have also acted criminally.

There are techniques that can be used to hack into mobile phone conversations themselves and also to snoop on text messages sent via mobile phones. GSM interceptors can do exactly that, but these are not something someone with little more than ‘blagging’ skills would be able to deploy. Companies, more sophisticated hackers and even governments do use them, but we’re yet to hear evidence that these were used by the tabloids or private investigators under the Leveson Inquiry spotlight.

It’s scary enough that corporations and governments use sophisticated cybercrime techniques to bypass internet and communications security. It’s worth being that little bit more specific about the techniques that are being used in different situations, if we don’t want the general response to be, ‘there’s nothing I can do about my online security: if someone wants to hack my voicemails I am sure they could’.

When really the response in this instance, along with the outrage, might also be, ‘I should change my PIN’.

Jason Stamper is NS technology correspondent and editor of Computer Business Review.