Tuesday, September 19 2000

Hackers bust Telecom's security

19.09.2000 - By MICHAEL FOREMAN and DYLAN REEVE A group of computer hackers claims to have compromised the privacy of 255,000 Telecom phone subscribers in Auckland by compiling a "reverse directory."

The Business Herald has seen a copy of the file containing the names and addresses of listed subscribers sorted by their telephone numbers, one of several such files already circulating in CD-Rom form.

The hackers are threatening to post the entire 18Mb file on the internet.

The file contains only listed phone numbers and appears to be a little out of date.

However, it can still allow names and addresses to be looked up by entering a telephone number.

A Kingsland-based spokesman for the group said the hackers had bypassed security procedures at the Telecom White Pages site at www.whitepages.co.nz, and they could potentially download the details of every listed subscriber in New Zealand.

"They found a way to get it to spew out a whole lot of information," said a source close to the hackers.

"It was pretty simple. Anyone with enough knowledge could do it," he said.

The group had decided to hack the site because Telecom was charging $40 for a CD-Rom of the phonebook, which the hackers felt ought to be free.

But Telecom spokeswoman Linda Sanders said the company would not change the white pages site until it had proof its system had been hacked into.

"We don't know how this person got this information. He could have scanned it.

"We have no evidence that anyone has infiltrated our system at all," said Ms Sanders.

Telecom would change its attitude if it could be demonstrated that information had been obtained illegally, she said.

"If that is the case, then we will be concerned."

While the optical character recognition (OCR) software supplied with most scanners meant it would be technically possible to produce a text file from a phonebook, it would be extremely laborious.

The quality of the file seen by the Business Herald, which was free of the occasional errors and spurious characters associated with OCR, suggests that scanning was unlikely to have been used.

Ms Sanders also said the information was already publicly available.

However, anyone attempting to access mass subscriber details at the white pages site - by entering a blank or a "wildcard" character when asked for a name, for example - was refused.

She said inquirers were told that Telecom was unable to provide the information because it was required by the Privacy Act 1993 to protect individuals' personal details.

http://www.nzherald.co.nz/storydisplay.cfm?storyID=151826&thesection=technology&thesubsection=general

-- Martin Thompson (mthom1927@aol.com), September 19, 2000