Hacking into cellphones is “quite easy”, say local spyware specialists, and it has been commonplace around the world since the technology first came into circulation.
What makes it easy is the fact that few cellphone users bother to set the special PIN codes to allow them to use securely the special feature of accessing their messages from another phone. This means their cellphones remain on the service provider’s default settings – well known to all in the business.
And the user is left vulnerable to hackers such as Glenn Mulcaire, the private investigator at the centre of the UK’s News of the World phone hacking scandal.
But even in cases where the four-digit message default setting has been changed, private investigators say it is relatively easy to access – as long as you have a connection placed inside the particular service provider, or the gift of the “blag” – see sidebar.
Acting on behalf of the tabloid newspaper, Mulcaire – in search of a scoop for his employers – is alleged to have invaded the privacy of not only politicians and celebrities, but also, post-mortem, murdered teenager Milly Dowler and UK soldiers who lost their lives in Afghanistan and other theatres of war.
Etienne Labuschagne, managing director of SpyCatcher SA, a company that develops and imports a wide range of surveillance equipment and other hi-tech gadgets, said “it’s actually quite easy” to hack into someone cellphone messages or to obtain other information from their phone. He said cellphones’ simple four-digit pass codes were not very secure.
But, as surveillance technology becomes increasingly sophisticated, it becomes more intrusive. Labuschagne said specially designed “malware” is also used to invade the privacy of cellphone users.
“Malware is software you can create that is sent to a cell via SMS. Once the person reads it, the malware installs an application that can do things like forwarding a copy of all incoming messages via e-mail.”
Such malware can also download all numbers stored on the target cellphone as well as a real-time record of all calls made and received.
But this is only the beginning. Other possibilities open up for the investigator if it is possible to take possession of the handset – even for a short period of time. Though rarely possible in cases such as those alleged against the News of the World – where celebrities or trauma victims not personally known to the hacker were involved – this stratagem is more readily available in investigations of marital infidelity and cases of corporate spying.
With the cellphone in hand, the surveillance expert can download, and plant bugging devices so sophisticated they allow spooks within a radius of up to 20km to listen in to actual conversations.
“I need 12 minutes,” one PI told Weekend Argus. “I can download every scrap of information on the cellphone in that time.”
He said technology existed in the private sector to link the phone into a remote surveillance network, where operators could listen in.
State spooks meanwhile have the capacity to listen in directly to cellphone calls by plugging into the transmission networks – though such interceptions are, in theory, tightly controlled and can only be authorised in terms of a special warrant signed by a judge.
Another technology available to the surveillance specialist is triangulation – the plotting of the position of a cellphone by measuring its relation to the network of cellphone towers.
Dave Miller, a former security policeman and director of Spyshop.co.za, said his company has customers from Cape to Cairo – but particularly from Lagos and Zimbabwe.
It is estimated that the US government spends $18 billion a year on surveillance equipment.
“Good cellphone surveillance technology is available from R8 000 upwards,” Miller said, “Surveillance is all about budget. The more money you have the better the devices. You could buy a bugging detector for R500, but you can also spend R1.2 million on a camera the size of a button.”
He confirmed that in South Africa, there have been instances where members of the media have bought surveillance equipment for undercover exposés.
Hawks spokesman McIntosh Polela said it was against the law to gain access to someone else’s cellphone messages or records without a court order.
“The Hawks have to comply with the law too. People often romanticise about what we do. They think we watch and monitor their calls. This can’t be done unless it forms part of an investigation and we get a court order from a judge.”
According to the latest report by the FBI Internet Crime Complaint Centre, South Africa is now seventh on the top 10 cyber crime perpetrators list.
David Miller said the cheating spouse scenario made up about 10 percent of his work. Most private investigators also worked with the police. Miller said he had worked closely with the Hawks.
“When you investigate a cartel and listen to their phone calls you have a court order and it’s in national interest. You use ruthless methods to get ruthless people.”
Another private detective, who did not want to be named, said private investigators all over the world, including South Africa, make big money selling spyware to clients.
“Clients will pay thousands of rands to get spyware on their spouse’s phone or laptop. I get between three to five requests from clients per week who need more information about spyware to spy on their spouse. We also get requests from clients that suspect their phones are bugged and we do de-bugging of phones as well.”
Vodacom spokeswoman Portia Maurice said following the first reports of phone hacking in the UK in 2006 Vodafone put in place additional measures to protect its customers’ privacy specifically designed to prevent this kind of unlawful intrusion.
”Vodacom followed suit and we are confident that our voicemail system is extremely secure. Additionally, in South Africa we don’t have the default PIN issue as our customers have to physically set up a pass code on their cellphones for remote access to their voicemail. This function has been in place in South Africa since the early 2000s.”
Customer service executive at MTN Eddie Moyce said: “It is important that every customer must set up their own password for security reasons. The onus of protecting confidential information on the handset lies with the consumer.”
Cell C spokeswoman Candice Jones said the company had also enhanced voicemail service security. - Weekend Argus