03-02-2014 09:45 AM - edited 03-02-2014 09:48 AM
Unsuspecting citizens who tried to speak with the FBI and Secret Service had their calls intercepted and recorded without the hacker having to lift a finger during the call.
These callers made the hacker’s work easy; they trusted and dialed a number provided on Google maps, rather than seeking out a listing on a government website.
Brian Seely, a network engineer and one-time Marine who has worked for tech companies like Microsoft and Avanade, used to get paid to spam Google Maps, according to Valleywag. He says he’s tried for years to shore up security gaps in the system by alerting Google engineers, but says he wasn’t taken seriously until he walked into a Secret Service office near his Seattle home Thursday.
While there, Seely says he got a notification on his phone that a call had just been intercepted: It was a Washington, D.C., police officer calling the Secret Service about an active investigation, according to Valleywag:
After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a “hero” for bringing this major security flaw to light. They let him go after a few hours.
He claims that he faked the government listings, picking numbers with his own 425 area code so they would stand out, because Google ignored his pleas to fix long-standing flaws in the system.
Seely said he took the fake numbers down after his conversations with the Secret Service.
After Seely’s fake numbers received the incoming calls, they were seamlessly forwarded to the real offices the callers were trying to reach. Only at that point did Seely’s program capture and record the audio transmission.
But this is just one hacker who has come forward to point out the flaw. Seely told Gizmodo there are thousands of trolls using Google Maps to create fake listings for pranks or jokes, and more seriously, for scam businesses who want to divert Internet searches to their high-priced services.
03-02-2014 10:43 AM
Now that is a great one re. the 'look before you leap' warning...why oh why don't people stop and think before they blindly click...LOL
Webroot SecureAnywhere Complete Beta Tester v188.8.131.52...+ VoodooShield v2.31l Beta....working together as the NEW perfect combination! And backed up by AX Time Machine v2.0
03-03-2014 09:53 AM
That one is pretty funny. Especially since it can take a long time for Google to respond to update requests for changes to those entries.