The Dark Arts of Journalism
July 9, 2009 2:20 AM   Subscribe

My naive understanding of this is that intercepting a conversation over a GSM mobile phone is quite hard to do: it is not like the old days of analogue mobiles where you just use a radio scanner. I am assuming that finding the phone numbers of the target individuals would be quite easy - but monitoring calls to and from those numbers from a remote location would require some pretty in-depth access to the systems of the network providers involved would it not?
posted by rongorongo at 2:58 AM on July 9

rongorongo: the last link says they intercepted text messages that "had been sent" to the victims phone, the wording could be ambiguous here, but it sounds like they could have hacked not GSM, but the phone itself (perhaps a bluetooth exploit?). Regardless, it is much easier to decrypt a text message than an audible conversation: smaller and less noisy dataset and all.
posted by idiopath at 3:05 AM on July 9

Gosh, look at that sour look on poor ol' Dupert's face! What a tragedy!

But what would the UK public do if they had no way of knowing what the latest Screws of the World were? The system would collapse on itself!
posted by koeselitz at 3:06 AM on July 9

Also, I for one am glad they let him shell out a million Ruppees to try desperately to keep this whole thing quiet before blowing the cover off of it.
posted by koeselitz at 3:09 AM on July 9

I have a question - once you get the information, how do you use it?

Say you listen in on a conversation where a celebrity reveals something in confidence to the other person on the call, and the revelation is surefire front page material - how does the journalist or news org actually use that info without revealing they bugged the target's phone?

I suppose they can simply ask the celebrity to confirm or deny a "rumour".
posted by awfurby at 3:09 AM on July 9

Say you listen in on a conversation where a celebrity reveals something in confidence to the other person on the call, and the revelation is surefire front page material - how does the journalist or news org actually use that info without revealing they bugged the target's phone?

I'm guessing "a source" or "a close friend" can be relied upon to "pass" the information on, dedicated people that they are. I'm constantly amazed how many "close friends" celebrities have.
posted by outlier at 3:34 AM on July 9 [1 favorite has favorites]

I really think that the coverage here is taking great liberties with the term "hacked". I too wish they were more precise with the technical details. From what I can tell, a significant aspect of the malfeasance was plain old social engineering of unknowing social services bureaucrats and phone company employees -- although I'm sure there were probably also those who were knowingly bribed. From the 'bit of background' piece:

When the actress Charlotte Coleman died after an asthma attack, the News of the World paid for BT to be conned into handing over the itemised Friends and Family list from her bereaved parents' phone bill. When the TV presenter Linda Barker moved house, they hired Whittamore to get her new home address from the supposedly confidential social security database.

Working on instructions from the News of the World, Whittamore and his network also conned the criminal records database of the police, which is a specific criminal offence; the Inland Revenue, also a specific criminal offence; a cab company used by Ken Livingstone; a Paris hotel used by Jason Donovan; the actors union, Equity, for the addresses of actors; Granada TV, for information on a Coronation Street actor; and on numerous occasions the DVLA for the home details of people whose car numbers they had spotted. The News of the World has insisted that its journalists use subterfuge only when justified in the public interest.

Combine that with e.g. brute forcing the voicemail/web account passwords (since nobody uses good passwords) and you're off to the races. In fact I would go so far as to say that most things reported as "hacking" are really just "some clod doesn't know how to pick a secure password and somebody else was able to guess it with a little work."

To my knowledge this is exactly what happened with e.g. Paris Hilton's t-mobile and Sarah Palin's yahoo email, both of which incidents were lazily described by the media as "hacks". Whether you want to call that "hacking" is debatable but in my opinion it's not; at least, it's certainly not sitting around with a directional wireless antenna and trying to decypher the encrypted GSM radio transmissions.
posted by Rhomboid at 3:42 AM on July 9 [3 favorites has favorites]

BBC4 radio reported this morning that it was voicemails that they tried to "hack" into. I interpret this to mean that they got the celebrity's number, dialled it until they got voicemail, and tried any combination of obvious passwords (1234, 1111, etc) to see if they got through. Just a guess.
posted by like_neon at 3:44 AM on July 9

Or what Rhomboid said.
posted by like_neon at 3:45 AM on July 9

I don't really see what your point is, Rhomboid. Just because it's easy doesn't mean it's not hacking (in relation to forcing passwords at least).
posted by robcorr at 3:45 AM on July 9

From memory, they were hacking voicemails and possibly SMS messages before, not actual phone calls.
posted by MuffinMan at 3:47 AM on July 9

Wait. Rupert Murdoch is still alive? I though he fell off a boat.

*google google *

Ah. That was a different unscrupulous bastard media tycoon. And wishful thinking.

Does Murdoch have a boat?
posted by pracowity at 3:52 AM on July 9 [3 favorites has favorites]

Most successful hacks are social engineering attacks, or so Mitnick claimed.
posted by idiopath at 3:53 AM on July 9

In the strict jargon-file sense, hacking has the connotation of finding a clever way of solving some problem or getting past a restriction. So yes, in the strict sense, brute forcing and social engineering are definite hacks. So would carrying a small notepad in your pocket with which you jot down appointments and ideas -- if you can stomach the "lifehack" term/movement. Or I "hack" my Tivo by putting in a larger HD. Or, I discover a new route to take to get to work and shave a few minutes from time travel time -- that's technically a hack. And here we come to see how using this most broadest definition of the word really starts to fall apart because it can be applied nearly universally to any situation where somebody does something clever.

As a result, I tend to reserve it for things which have a higher degree of technical difficulty. Finding a remotely exploitable vulnerability in a piece of software, crafting an exploit to take advantage of it, writing position independent shellcode that can be represented entirely by the printable range of ASCII characters, and successfully rooting someone: that's a hack. Downloading LOphtCrack and letting it run for a couple of days with the stock english language wordlist: not so much.
posted by Rhomboid at 4:05 AM on July 9 [3 favorites has favorites]

Most successful hacks are social engineering attacks

Yes. A bit like building a spy network, I suppose. And once they've done any little thing for you, you've got them hooked forever.

I also suppose that a good number of celebrity friendships are out of kilter -- that one half of the relationship is really in it for the money or fame that the other half seems to offer. In a case like that, it wouldn't be all that hard to buy the groveling, climbing, dissatisfied half of the friendship. Look for hangers on and hyenas around your target celebrity, let them know it would be worth their while to pass along a phone number or itinerary here and there or to place a little electronic box in a certain spot, convince them that you'd never ever ever reveal your source because you value them so highly, and hand them wads of tax-free cash.
posted by pracowity at 4:13 AM on July 9

On a different note: That summary on Susan Boyle after the relevant part of the "Dark Arts" clip is excellent!
posted by kolophon at 4:18 AM on July 9

Forgot to add: When the press reports that "celeb X had their email hacked by party Y" I get the impression that most lay people just throw their hands up and think, "poor X, there's nothing they could have done -- those darn hackers can do anything." After all, movies and TV portray these hackers as omnipotent, able to bypass anything, so just resign yourself to being hacked because they're just that good. But if it's reported instead as, "party Y was able to guess celeb X's predictably weak password and access their account" then the lay person reading it might get the clue that there is nothing mystical/magical going on, that the hack would have been entirely preventable, and that maybe they themselves shouldn't be using "kitty52" as the password to every site they sign up for.
posted by Rhomboid at 4:36 AM on July 9 [1 favorite has favorites]

This all means that the News of the World didn't do anything wrong
posted by dng at 4:40 AM on July 9

Note to self.. change password for everything from kitty52 to kitty53..

ohwait..
posted by mediocre at 5:07 AM on July 9 [1 favorite has favorites]

I am not in the least surprised by this revelation and by them having been able to keep this in the dark for so long. the british public simply does not care about their privacy or the sanctity of their personal lives. spend time in london now and you will spot more security cameras than in all of new york city -many made to look official although they are not- and look somewhat like myself and be prepared for intrusive bodysearches by cops multiple times per year under the auspice of terrorism prevention when what they are really after is petty crime.

yet nobody is making a real stink. there are a few protests here and there but the general british public does not care. this sends out a signal to private and public organizations that intrusive behavior will go over without much of a problem. so what this is going to cost an MP his job. the 'news of the world' and murdoch will be fine.

I've spent time living in the UK in the late 80s and early 90s and loved it to pieces. it was fantastic. I spent this last year there again and have never been so depressed about how a society had changed all my life. and that's why I left. the UK has become more conservative than bavaria. they have become the south texas of the european union.
posted by krautland at 5:17 AM on July 9 [2 favorites has favorites]

I wish I could disagree with you krautland, but I don't. The public won't care about this specific case either. I mean, look at the "Most Read" list on BBC News right now. This story is number 7, after such earth shattering stories as "What happens to ice falling from planes?" and "Dixon joins Strictly dance judges" and "Beckinsale awarded libel damages" and "Mystery surrounds Jackson burial" and oh my fucking god what is wrong with people?
posted by chill at 5:27 AM on July 9

Does that mean kitty52 is now available?!
posted by pracowity at 5:32 AM on July 9

Ah yes, the golden age of late 80s/early 90s Britain.. The poll tax, Thatcher, IRA atrocities, the haircuts..

Things were much better back then, Krautland.
posted by the cuban at 5:35 AM on July 9 [1 favorite has favorites]

Things were much better back then, Krautland.

Not just that, cuban -- remember when they invented the tabloid newspaper and the "fluff piece", in 1995? I sure do miss the days when people only read hard-hitting news and the occasional well-considered, well-balanced opinion piece.
posted by teresci at 6:02 AM on July 9 [1 favorite has favorites]

I love Big Digger.
posted by hawthorne at 6:15 AM on July 9

In the strict jargon-file sense, hacking has the connotation of finding a clever way of solving some problem or getting past a restriction.

Nice point, Rhomboid.

I was never a ruthless old school celebrity "hack" - using the term here in its disingenuously self-effacing sense, meaning a journalist who churns out lively, facile copy.

But like everyone else on the celebrity interview circuit, I kept my eyes peeled when on location filming - which was always by invitation, to do celeb interviews.

I'd always look out for the daily call sheets - these were often stapled to the latest shooting scripts. Because they'd list all the home and/or hotel telephone numbers of the "talent" required on set. If these call sheets were left unattended by some production peon, I admit I had few scruples furtively copying all the numbers for future use.
posted by Jody Tresidder at 6:19 AM on July 9

I think you're being rather naive, krautland, in treating this as a story about personal privacy, when it's really a story about media corruption. And I think you're wrong to say that nobody cares. Murdoch and co have spent a fortune trying to make this story go away, and almost succeeded. Now it's out in the open, and it's not going to go away.

On the technical details of the phone hacking: it emerged in the Goodman/Mulcaire trial in 2007 that Mulcaire was paid £100,000 a year by the News of the World for 'posing as a credit controller to trick telephone companies to switch Pin codes to default numbers, therefore enabling access to voicemails'. Both Goodman and Mulcaire pleaded guilty, presumably to avoid further evidence coming out in the course of the trial -- evidence that is now starting to emerge.

But behind the phone-hacking story is a much bigger story about the unhealthily close relations between politicians and the media. Gordon Brown and David Cameron are invited to the wedding of the editor of the Sun. The editor of the News of the World resigns over the phone-hacking scandal only to take up a new job working for David Cameron. Could it be any more obvious that there is a strategic alliance between politicians and the media?

With the Commons expenses scandal, and now this, it looks as though that strategic alliance might finally be breaking up. I don't think this story will go away, and I'm hopeful that we may see more significant revelations coming out in the coming days and weeks.
posted by verstegan at 6:36 AM on July 9

And here I was thinking that the News of the Screws was a reputable organ and that Rupert Murdoch was a lovely man with absolutely no axe to grind.
posted by ob at 6:51 AM on July 9 [1 favorite has favorites]

OK, snark aside, this is interesting and I can't wait to see what happens next, but I have to say that whilst I'm a little surprised that this has been going on for so long without the law getting involved, I'm not surprised by the identity of the players in any way shape or form.
posted by ob at 6:54 AM on July 9

Sub-header from the story: If Murdoch's papers really believe in public interest they should disclose all details of illegal phone hacking

If Murdoch's papers really believed in the public interest, they wouldn't have used unscrupulous methods to gain information. It's not "public interest" they're after, it's exclusive articles. It's sad, but reporting and the public interest don't always go hand-in-hand. Yellow journalism is alive and well, often floating on stories about celebrity scandals. Those stories sell, but those scandals are no different from the scandals happening to people everywhere. The difference? They're celebrities.
posted by filthy light thief at 7:14 AM on July 9

the cuban: Ah yes, the golden age of late 80s/early 90s Britain.. The poll tax, Thatcher, IRA atrocities, the haircuts..

Things were much better back then, Krautland.

At least the goddamned British Nazi Party wasn't obtaining actual representation in many townships back then.

Nothing for a long time has made me as depressed as this little chart showing the dramatic increase in fascist voters in the UK. I just keep looking at it and goggling: what the fuck? These people didn't even exist in the '80s! They knew they'd-a gotten stomped. What the hell happened?
posted by koeselitz at 7:32 AM on July 9

pracowity: Does that mean kitty52 is now available?!

Ha ha, no, that's just a silly misconception.

As many people can use the same password as would like to! Hell, we could all have the same password if we wanted! And it sure would make logging in to MeFi easier, wouldn't it—you wouldn't even have to worry about typing your username in correctly as long as you typed in someone's.
posted by koeselitz at 7:41 AM on July 9 [1 favorite has favorites]

FWIW, it is possible to intercept and decode GSM traffic. There was a presentation at Shmoocon 2008 detailing such an exploit. They were in the midst of computing a rainbow table ( basically they precompute the solution space of the given problem domain in a tradeoff of memory vs. time ) that would allow anyone with an FPGA and the rainbow table to decrypt a session in 30 seconds. They also planned on commercializing said technology.

More info here.
posted by cloax at 7:45 AM on July 9 [1 favorite has favorites]

I had a friend who at one point did exactly this kind of work. She was employed by an agency that on sold and investigated celebrity secrets for the UK tabloids. As most have suggested it very rarely involved anymore complicated than a little bit of social engineering plus voicemail hacking.
Apparently it was pretty standard to find people hadn't bothered to change there default voicemail password. The people who got caught out were almost always those that taken almost no security precautions and had friends/lovers who were a bit indiscreet when leaving messages.

She did have a lot of bloody good stories though... many which never saw the light of day to the lack of legally obtained source to attribute it too.
posted by choc0bot at 7:47 AM on July 9

At least the goddamned British Nazi Party wasn't obtaining actual representation in many townships back then.

True, but conflating this into Murdoch's shenanigans is fallacious. The Miner's strike, Zircon, Spycatcher, Faslane.. Dirty tricks from the 80s are well documented.

I see this story as a post expenses scandal counter punch from Parliament.. You could hear the glee in the voices of MPs today. News International lost alot of bargaining chips when that story blew open.
posted by the cuban at 8:49 AM on July 9

Man, I'd love to see Charlie Brooker do something with Lewis Black.
posted by boo_radley at 9:09 AM on July 9

Whose idea was it to play Beethoven's sublime 7th symphony behind the sordid details of dubious journalistic investigative practices?
posted by kozad at 9:09 AM on July 9

treating this as a story about personal privacy, when it's really a story about media corruption.
yeah? you don't think someone sat down and thought about likely scenarios for the case this might come out?

Things were much better back then, Krautland.
I didn't say that. I said I felt much better back then.
posted by krautland at 9:22 AM on July 9

Yes, it's a shame this didn't happen in time for Newswipe to take a stab at it.
posted by Rhomboid at 9:29 AM on July 9

But just in time for The Bugle to take a stab at it. Between this and Sarah Palin I can hardly wait for tomorrow. Extra bonus: they're put out by the Rupert Murdoch owned Times.
posted by Kattullus at 9:54 AM on July 9

I met a person who demoed their homebrewed GSM tower. It was a straightforward stack of hardware and software. They could connect calls to VOIP on the back end. Man-in-the-middle interception seems like a real possibility.
posted by zippy at 10:00 AM on July 9

Nobody cares about the spying shit...did you see the piece on Susan Boyle? Brilliant!
posted by Chuffy at 10:10 AM on July 9

I like how the photo gallery looks like a set of illustrations explaining the concept of "pastiness." There's even a token Lenny Henry!
posted by Kattullus at 10:59 AM on July 9

Conservative leader David Cameron has insisted Andy Coulson's job as his communications director is safe.
posted by Artw at 11:00 AM on July 9

Ah, Chuffy!

Let's hope that both Susan Boyle and News International get the justice they richly deserve.
posted by asok at 11:01 AM on July 9

Also I am laughing loudly at the concept that racist idiots didn't exist in the Britain of the 80s.
posted by Artw at 11:03 AM on July 9

Racist fun in the 80s, 60s and 30s...
posted by Artw at 11:08 AM on July 9

krautland - The British public simply does not care about their privacy ... spend time in london now and you will spot more security cameras than in all of new york city ... and look somewhat like myself and be prepared for intrusive bodysearches by cops multiple times per year under the auspice of terrorism prevention when what they are really after is petty crime. Yet nobody is making a real stink...

This is depressingly true. Very few people have any unease at the thought of being watched all the time they're in public, and very few people seem to be even slightly worried about the massive expansion of police and govt powers that have been pushed through under the banner of terrorism. I'm white and quite boring-looking, but a few friends who could pass for arab or (west) asian frequently get stopped for "random" searches. Normally a policeman can only search you if there's reason to suspect you're up to something, but because all of London is on a permanent terrorism alert, the police can now invoke the terror laws to search (or detain) anyone, any time and for no reason. And yet no-one seems to be complaining about it out loud.

koeselitz - Nothing for a long time has made me as depressed as this little chart showing the dramatic increase in fascist voters in the UK. I just keep looking at it and goggling: what the fuck? These people didn't even exist in the '80s! They knew they'd-a gotten stomped. What the hell happened?

They did exist, they were just called the National Front. Ostensibly different parties, but members (especially leadership) and their policies transferred pretty smoothly from the NF to the BNP.
posted by metaBugs at 11:43 AM on July 9

...via the Conservative and Unionist Party.

NF support fell away once Thatcher was elected. When you've got an extremely right-wing government in place merrily wiretapping 'subversives' (*) by the thousands, erecting new and race-based immigration restrictions, and flipping the bird to everyone else in Europe, all of the transient fascist vote leaves the extreme party with no hope of winning and votes Conservative instead.

* Declaration of interest: I was a relatively-senior member of an entirely-legal organisation engaging in no illegal or state-subversive activity which tried to persuade voters to oppose the UK continuing to possess nuclear weapons. They bugged us, intercepted our mail, and placed police and security service operatives inside the office and throughout our elected structures.
posted by genghis at 2:40 PM on July 9