Phone ‘Hacking’ Scandal Could Get Wrong Answers

Unlike other security issues, the News International phone hacking scandal has actually turned out to be the End of the World. Or at least the end of the News Of The World.

Accessing Milly Dowler’s voicemail was deeply wrong, and against any journalistic code. And attempting to access the voicemails of 7/7 victims and soldiers’ relatives would be equally bad. But is it really happening? Is it a hacking scandal? And is it a danger now?

Not really hacking

First of all, this is not really hacking. There used to be a distinction between malicious breaches of security technology, and playful tech creativity security. Programmers who worked quickly and used unexpected clever short-cuts were proud to be “hackers”,  while the lawbreakers who broke into computers were “crackers”.

This distinction died some time ago – and with the security services recruiting from hacker events, the difference between good and bad guys is blurring further.

But the so-called “phone hacking” used by the News of the World doesn’t really merit the scary epithet it has acquired for journalistic convenience. There was no tech skill involved in most of these illegal accesses – merely the effort of ringing a phone and seeing whether its voicemail service  had a default or easy-to-guess passcode.

Also, the phones weren’t hacked. It was the voicemail service run by the operator – an entirely separate thing.

Now, we are not (just) being pedantic by making this distinction. The scary word “hacking” has done its job, and most people we have spoken to outside the tech community are fully convinced that newspaper journalists were using sophisticated wiretaps to eavesdrop on conversations, instead of accessing poorly protected voicemails.

We’ve spoken to the press offices of mobile operators and they, like us, are weary of explaining this distinction.

Were the operators to blame?

But wait – if it’s about default passwords on voicemail systems, then the operators are to blame. They’ve been supplying phones and SIMs, linked to voicemail boxes which are open to anyone to read!

Well yes, they did. But not for some years.

Despite misreporting in places like the Telegraph, Britain’s mobile operators now set up their voicemail systems so they do not have a default passcode. They also prompt users to operate at least a minimum level of security.

We checked a Vodafone account, and it would not let us listen to voicemails from a different phone until it had sent a random PIN number to the phone in question. In other words, it’s not hackable without having access to the phone, or guessing the pre-registered PIN.

T-Mobile, we found, does not allow mobile access until it has been set up from within the voicemail system, accessed from the user’s actual phone. Again, no “hacking” that unless you have the phone or guess the PIN.

O2, we read online, still has a default PIN, but this is not true, and has not been for “ages”, a weary spokesperson assured us. O2 requires you to set a PIN from the phone before you access the voicemail remotely.

Most of the operators also prevent users using stupid PIN numbers as well.

So in fact, the tsunami of illegal voicemail access is probably pretty much over. It’s even possible that some of the longer lists of possible “hacking victims” are simply lists of phone numbers that were found in journalists’ files, and were merely being used for conventional harassment – or even just phoning for comment.

Moral panic

The issue has now reached the status of a classic moral panic, where the underlying facts make little difference. It seems  that Murdoch’s News International is hoping to weather the storm and even come out of it with control of BSkyB and a re-organisation of its newspaper stable, which might have been in the pipeline anyway. The ‘Sun on Sunday’ appears to be on its way.

Meanwhile, a public inquiry is certainly better than the proposed internal Murdoch probe, which would, unbelievably, have been headed by Rebekah Brooks. Beefing up of the Press Complaints Council also seems like a good idea. But will it be designed to give excessive protection to celebrities or the rich, and will the media’s ability to carry out actual, necessary, investigative journalism be hindered?

If it is, then misunderstanding the tech might help deliver results that none of us actually want.