Unsuspecting citizens who tried to speak with the FBI and Secret Service had their calls intercepted and recorded without the hacker having to lift a finger during the call.
These callers made the hacker’s work easy; they trusted and dialed a number provided on Google maps, rather than seeking out a listing on a government website.
Brian Seely, a network engineer and one-time Marine who has worked for tech companies like Microsoft and Avanade, used to get paid to spam Google Maps, according to Valleywag. He says he’s tried for years to shore up security gaps in the system by alerting Google engineers, but says he wasn’t taken seriously until he walked into a Secret Service office near his Seattle home Thursday.
While there, Seely says he got a notification on his phone that a call had just been intercepted: It was a Washington, D.C., police officer calling the Secret Service about an active investigation, according to Valleywag:
After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a “hero” for bringing this major security flaw to light. They let him go after a few hours.
He claims that he faked the government listings, picking numbers with his own 425 area code so they would stand out, because Google ignored his pleas to fix long-standing flaws in the system.
Seely said he took the fake numbers down after his conversations with the Secret Service.
After Seely’s fake numbers received the incoming calls, they were seamlessly forwarded to the real offices the callers were trying to reach. Only at that point did Seely’s program capture and record the audio transmission.
But this is just one hacker who has come forward to point out the flaw. Seely told Gizmodo there are thousands of trolls using Google Maps to create fake listings for pranks or jokes, and more seriously, for scam businesses who want to divert Internet searches to their high-priced services.
Microsoft® Windows Insider MVP - Windows Security
Now that is a great one re. the 'look before you leap' warning...why oh why don't people stop and think before they blindly click...LOL
Webroot SecureAnywhere Complete Beta Tester v188.8.131.52, imaged by Macrium Reflect v7
That one is pretty funny. Especially since it can take a long time for Google to respond to update requests for changes to those entries.