How a Hacker Intercepted Secret Service, FBI Calls Using Google Maps

Unsuspecting citizens who tried to speak with the FBI and Secret Service had their calls intercepted and recorded without the hacker having to lift a finger during the call.
These callers made the hacker’s work easy; they trusted and dialed a number provided on Google maps, rather than seeking out a listing on a government website.

A hacker simply posted fake numbers on Google Maps and it took mere hours for unsuspecting users to dial the fake listings – allowing the conversation with real agents to be recorded (Image via Valleywag).

“Who is gonna think twice about what Google publishes on their maps? Everyone trusts Google implicitly and it’s completely unwarranted and it’s completely unsafe,” – Hacker.

Share:

Brian Seely, a network engineer and one-time Marine who has worked for tech companies like Microsoft and Avanade, used to get paid to spam Google Maps, according to Valleywag. He says he’s tried for years to shore up security gaps in the system by alerting Google engineers, but says he wasn’t taken seriously until he walked into a Secret Service office near his Seattle home Thursday.
While there, Seely says he got a notification on his phone that a call had just been intercepted: It was a Washington, D.C., police officer calling the Secret Service about an active investigation, according to Valleywag:

After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a “hero” for bringing this major security flaw to light. They let him go after a few hours.
He claims that he faked the government listings, picking numbers with his own 425 area code so they would stand out, because Google ignored his pleas to fix long-standing flaws in the system.

Seely said he took the fake numbers down after his conversations with the Secret Service.
After Seely’s fake numbers received the incoming calls, they were seamlessly forwarded to the real offices the callers were trying to reach. Only at that point did Seely’s program capture and record the audio transmission.
But this is just one hacker who has come forward to point out the flaw. Seely told Gizmodo there are thousands of trolls using Google Maps to create fake listings for pranks or jokes, and more seriously, for scam businesses who want to divert Internet searches to their high-priced services.
“It’s polluting Google Maps with hundreds if not thousands of fake locations and businesses. (Seely) estimates that there are over 100,000 fake listings for locksmiths alone,” Gawker reported:

 So say I’m a locksmith and I want a little more business. My ranking is too low when you search “locksmith near [my neighborhood]” on Google Maps; no one ever clicks on me.

Seely says trolls, like shady locksmiths, use the Google Maps trick to get thousands of extra calls for their businesses. (Photo credit: Shutterstock)

If I find the right scammer, I can boost my presence with a couple more (non-existent) locations. Or even better, I can have a scammer change my competitors’ numbers so that the calls forward to me instead. All I have to do is pay a scammer $50 or so per call. But hey, that’s just the cost of doing (shady) business.

Seely told Valleywag people should be a little more guarded with the information they pick up from Google.
“Who is gonna think twice about what Google publishes on their maps? Everyone trusts Google implicitly and it’s completely unwarranted and it’s completely unsafe,” Seely said.
Google did not immediately respond to TheBlaze’s request for comment.
“When unsuspecting citizens utilize this incorrect third party phone number to contact the Secret Service the call is directed through the third party system and recorded,” the Secret Service told Gawker. “This is not a vulnerability or compromise of our phone system. Virtually any phone number that appears on a crowdsourcing platform could be manipulated in this way.”
(H/T: Valleywag)
—

Yahoo, ICQ chats still vulnerable to government snoops

In a test, CNET was able to intercept and read Yahoo instant messages because the company has still not turned on encryption. It's been at least 10 years since the security vulnerability became public.

(Credit: Declan McCullagh/CNET)

Nine months after Edward Snowden revealed extreme Internet surveillance by US and British intelligence agencies, some major technology companies have yet to take rudimentary steps to shield their users' instant messages from eavesdropping.
A CNET analysis shows that Yahoo and ICQ transmit the content of supposedly private instant messages in unencrypted form, exposing them to both government spies and malicious snoops on the same Wi-Fi network. AOL's AIM service encrypts content -- but leaks metadata about who's talking to whom.
These privacy problems were highlighted by a Guardian article Thursday, which revealed that spy agencies were eavesdropping on Yahoo's unencrypted video chats. A surveillance system code-named Optic Nerve "intercepted and stored the webcam images of millions of Internet users not suspected of wrongdoing," the paper said, citing documents provided by Snowden.
That was possible because Yahoo has lagged far behind rivals Google and Microsoft in adopting a standard technique known as SSL that scrambles information before it's transmitted. SSL and similar technologies, if implemented properly, are designed to be proof against even the NSA's aggressive attempts to vacuum up petabytes of Internet traffic.
"We have ample evidence now that Yahoo doesn't really care about security or the confidentiality of its customers' communications," said Chris Soghoian, principal technologist at the ACLU's Speech, Privacy and Technology Project. "Whether it's the lack of encryption in Webmail, or the video issue, Yahoo has ignored repeated warnings from researchers, from human rights activists."

Yahoo users' vulnerability to snoops has been public knowledge for at least a decade. A 2004 article (PDF) in Hakin9 magazine described how to intercept Yahoo messages using the tcpdump utility. "There is no encryption, not even scrambling of the packets content," Hakin9 concluded.
Four years later, CNET contacted Yahoo as part of a privacy survey we conducted of companies providing instant messaging services. Yahoo told us that it uses SSL only to scramble the user's password during the initial authentication, and acknowledged that "Yahoo Messenger does not use encryption for message delivery."
It took Snowden's revelations to spur the company's chief executive, Marissa Mayer, into sealing this gaping security hole. In a blog post last November, nearly half a year after the spy agency files began to leak, Mayer said that Yahoo will "offer users an option to encrypt all data flow to/from Yahoo by the end of Q1 2014." She stopped short of pledging that encryption would be turned on by default, however, a practice that Google's chat system and Skype have followed for over half a decade.
Yahoo has been equally sluggish in adopting encryption for Web e-mail: It finally activated HTTPS encryption for Yahoo Mail by default last month. By contrast, Google enabled HTTPS by default for Gmail in 2010, followed soon after by Hotmail. Facebook enabled encryption by default in 2012.
A Yahoo spokesman yesterday provided CNET with a statement saying: "We are committed to preserving our users' trust and security and continue our efforts to expand encryption across all of our services."
"The only reason they're encrypting e-mail with Webmail now was a front-page story in The Washington Post," said the ACLU's Soghoian. "It was only then, in response to that coverage, that Yahoo turned on SSL by default." That October 2013 article revealed the NSA's Special Source Operations branch collected more e-mail address books from Yahoo than from all other e-mail providers combined. (Gmail addresses were exposed because of Apple's lack of encryption in its Address Book app, a security oversight that Cupertino subsequently fixed.)
Even today, after Yahoo turned on encryption by default for Web-based e-mail (but not instant messaging), it's using older protocols with some known security vulnerabilities. Yahoo's servers also don't support forward secrecy, which would offer an extra layer of protection against government eavesdropping. Google and Twitter do.

ICQ messages were also unencrypted, as you can see in the above screen capture from the Wireshark packet analyzer. AOL's AIM client leaked metadata about who's talking to whom.

(Credit: Declan McCullagh/CNET)

How we conducted the tests We tested whether encryption was used in five messaging clients: AOL's AIM, Apple's Messages app connecting to AIM, Google Hangouts, Mail.ru's ICQ, Microsoft's Skype, and Yahoo Messenger. Mail.ru, an Internet company in Russia, where ICQ remains quite popular, bought the service from AOL in 2010.
To perform the test, we used the Wireshark packet analyzer to intercept the communications flowing between a MacBook with OS X 10.9.1 and the remote servers that each service used.
Neither ICQ nor the Yahoo Messenger Protocol encrypted the content of the communications. That meant that when we sent a message, it was transmitted across the Internet in the clear.
AOL's AIM desktop app made unencrypted connections to api.aim.net that transmitted unique "to" and "from" identifiers. Even if the NSA and GCHQ can't decrypt the content, the unencrypted unique identifiers could add to the agencies' vast trove of metadata charting the social connections of US and other citizens.
AOL and Mail.ru did not respond to requests for comment.
Google Hangouts, Skype, and Messages, on the other hand, used SSL encryption consistently. This is what we expected -- it's been reported previously, and Skype encryption has been studied in some detail -- and our tests confirmed it.
We acknowledge limitations to this test. We didn't evaluate the quality of the SSL cipher suite or its implementation. Nor did we test for certificate exploits. And we didn't test all clients; it's possible that the Windows client for AIM, for instance, behaves differently. (The protocol used by AIM supports unencrypted chats, so if you use a third-party client like Adium, be sure your privacy preferences under user accounts are set to enable encryption.)
We also didn't test mobile apps, though previous reports have pointed to some problems. A 2012 paper (PDF) presented at the Network and Distributed System Security Symposium said that Voypi, an iPhone messaging app, fails to use encryption.
Thijs Alkemade, a computer science student and lead developer for the Adium instant messaging application, posted a Python script last fall to intercept WhatsApp messages. He warned users of WhatsApp, which Facebook subsequently bought for $16 billion:

You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort. You should consider all your previous WhatsApp conversations compromised. There is nothing a WhatsApp user can do about this but except to stop using it until the developers can update it.

An analysis of WhatsApp last week by information security firm Praetorian found encryption flaws, the company said, that "the NSA would love." WhatsApp has said it's fixing them.