Phone hacking and how it happens: Q&A with Mark Olson

Under investigation for hacking personal cellphones for information, the now-closed British tabloid News of the World has sparked international debate about media ethics. The newspaper allegedly hacked voicemails of terrorist victims’ families, celebrities, the royal family and others. The Chronicle’s Melissa Dalis spoke with Mark Olson, assistant professor of visual studies and former director of New Media and Information Technologies, about how phone hacking happens, hackers’ motivations and how to protect against being hacked, all in the context of the recent News of the World scandal.

The Chronicle: How does one hack into another’s phone?

Mark Olson: The process is actually relatively straightforward, and it’s not all that difficult to do. It usually involves doing what’s called spoofing the telephone’s ID, and this is usually done by a kind of software program that’s run on a smart phone or using voice-over IP. If I’m the hacker, I make my phone look like your phone, so that when I make calls out, the caller ID shows up as your number. What I do then is call into the voicemail system of the phone company that’s your provider, and the phone system thinks that I’m calling from your phone and puts me through to your voicemail.

If they can’t guess the password, there are certainly techniques of social engineering like are used in email to get people to give up their password. For example, a hacker could impersonate their victim's mobile provider and simply call and try to get them to share their password, or they could call the phone company impersonating their victim and ask to reset the password.

TC: What are motives for these hackers?

MO: In the case of the News of the World, they’re trying to get information by any means necessary, and certainly that’s part of being a journalist—to be savvy with how you can generate information. Investigative journalism is partly like being a detective, but the issue is you’re beginning to break the law. There shouldn’t be those kinds of privacy breaches, and I believe [President Barack] Obama signed a law about a year ago making this spoofing software [with] malicious intent illegal.

Some other motives could be cyber stalking or overzealous parents concerned about their children—I can imagine any number of situations. In the case of News of the World, it is the pressure to have the story and to kind of lose their ethics. My sense is that Murdoch’s news organization had a culture of using means of whatever necessary to get the story.

TC: Could anyone hack into a cellphone?

MO: I think so—the software is easy to get. In fact, there’s an app for that. I don’t believe its currently available on the iTunes store, but there are Blackberry and Android applications available for download, and some of the technology is built into voice-over IP calling.

TC: How could someone protect against being hacked?

MO: It’s just like email security. Have a complex password, and change it often. Have a complex pin, and teach yourself a mnemonic that allows yourself to remember as many numbers as your mobile provider will allow. Don’t store voicemails and texts any longer than you need to—don’t use it as a storage device. If you ever get a call or inquiry where someone asks you for you password, don’t give it to them. And don’t use something like your birthday [as your password].

TC: Were you surprised to see News of the World do this?

MO: Well certainly less so that the phone hacking was happening but that a news organization would compromise their ethics to that degree and the fact that so any prominent people seem to have been victims as well. I imagine that we’ll find out that there’s been a lot more that’s been going on than the simple technical ways I’ve been talking about. There are also all sorts of other behavior that might have been in play.

My surprise of the ethics violations is tempered by the fact that [Rupert] Murdoch’s news organization in particular has had a particular history of using whatever means necessary to get their story, so I think that what this suggests is that, in addition to online news ethics, older forms of media are still being salient.

TC: Any last things you want to say?

MO: Most people aren’t interested in my voicemail or your voicemail—we’re not newsworthy. In the IT world, they call it security by obscurity—being unknown means that you’re less likely to be a victim. I don’t know your cellphone number, I don’t know your email address and I don’t know your bank account. I really have no motivation to look up any of that information. By not being famous, we’re less likely to be victims that we potentially could be.

Discussion

Share and discuss “Phone hacking and how it happens: Q&A with Mark Olson” on social media.