Announcement

Collapse
No announcement yet.

T mobile hands customer location data to fake US Marshall

Collapse
X
Collapse
  •  

  • T mobile hands customer location data to fake US Marshall



    Quote





    Ruth Johnson didn't know exactly who rang her phone and threatened her around 20 times in 2014. The person on the other end said he was John Edens from the U.S. Marshals with a warrant for her arrest for stealing a car. She was behind on her payments.




    It later turned out John Edens didn't have a warrant, nor was he from law enforcement at all. Instead, he was a debt collector with a history of stalking and domestic violence who had managed to get ahold of Johnson's phone location data. He did this by pretending to be a U.S. Marshal with the "Georgia Fugitive Task Force" to T-Mobile, which then provided Edens with the location of Johnson's phone in a handy Google Maps interface—"pinging" the phone, in industry parlance.






    Quote





    Motherboard previously reported on Edens' case using court documents and sources in the bounty hunting industry; Edens was sentenced to one year in prison for impersonating a U.S. officer. Now, Johnson explained in an interview what it was like to have her phone tracked. Her story demonstrates the very real human impact that the black market use and sale of phone location data can have.




    "I was very upset with the phone company, because I was under the impression that you had to get [a] court order in order to get information such as that out," she said. T-Mobile "put my life in danger," she added.




    The harassment was relentless. Edens turned up at Johnson's place of work. Someone banged on her home's door at 3 a.m., then Edens turned up on her porch another day. Johnson said her husband had been recently killed and Johnson didn't know if this harasser was somehow connected to his murder, compounding her fear. Her teenage daughter moved 10 hours away to be with her grandmother, just to feel safe.






    Quote





    Law enforcement who need to access data in an "exigent circumstance," such as a kidnapping, can ask carriers for a phone's location information. As court records show, Edens' scam was somewhat simple. He used a custom domain—"gafugitivetaskforce1.net”—to convince T-Mobile he was a legitimate requester of such data.




    "Carriers should check credentials before giving out customers' location data. Failure to do so is irresponsible and puts their customers in danger," Eva Galperin, director of cybersecurity at activist group the Electronic Frontier Foundation, and who has extensively researched stalking through technology, said. "There is no question that it is used to perpetuate abuse."






    Quote





    And up until recently, AT&T, T-Mobile, Sprint, and Verizon were selling their customers' location data to data brokers, who would in turn provide it to bounty hunters with little oversight. Documents leaked to Motherboard show that one company was providing real-time location data to around 250 bounty hunters, with evidence of tens of thousands of phone pings.






    Quote





    Johnson only discovered her location data had been given out when Valerie McGilvrey, another person who locates those who owe a debt and who Edens confided in about his techniques, told her. McGilvrey recorded one of her conversations with Edens in which he described how he tricked multiple telecoms into handing over location data.




    “Those are badass pings, is what they are,” Edens says in the audio recording.




    McGilvrey told Motherboard, "the number one reason I turned John Edens in was because he emailed me an Excel spreadsheet of a cell phone account activity that even included location of the device that the target (victim) phone was connected to."






    source: https://www.vice.com/en_us/article/8...rce=reddit.com




     




    This is some scary stuff and I'm surprised that nobody got killed because of it yet or maybe they did and we just don't know about it. Telecom companies should do more to verify that the person requesting the data is actually law enforcement. Also he only got one year in prison for all this? There's people who get locked up for longer for doing marijuana I hope he at least got some big fine that wasn't stated in the article. There also should be extra laws and regulations against the practice of selling customer location data. Making money should never come at the expense of public safety. 




    More...
      Posting comments is disabled.

    Categories

    Collapse

    Article Tags

    Collapse

    Latest Articles

    Collapse

    Working...
    X