Thursday, December 14, 2006

Social engineering and the newspapers

There is a scandal brewing it seems about the roles newspapers are playing in being complicit with information law breaking. First revealed by Iain Dale (and to be fully revealed by the Information Commissioner today), it appears that a large number of national newspapers have been using an agency to obtain personal information on politicians, celebrities and whoever else they want dirt on. This however is no ordinary Magnum PI because the methods that are being used to get the information is anything but legal.

According to following reports, in for example, the Daily Telegraph, some classic old school hacking techniques are coming into play. In the hacking world it's called social engineering, the extraction of information from someone without them realising they're doing it. For example, the person mentioned in the Telegraph story rang BT pretending to be another BT call centre agent who's system had crashed. He then asked the agent to give him details of a customer. Thankfully, and maybe unusually, the agent was quick enough to be suspicious of such a call.

Based on what Iain posted and the other stuff in the media, it's probably very likely that information was not just gained through the use of social engineering though. At the very worst end of the scale we are talking about the potential of information leaks within Government agencies. Anyone who reads my blog regularly will know that information leak and the supposed argument about "safeguards" is not one I trust. This revelation from Iain via Michael Ashcroft initially merely strengthens my view on that point.

There is though an important educational issue here. In the past I have written about banks which call people and request personal information for identification purposes. That practice remains commonplace today. The result is that people are all too easily manipulated into giving out information that they shouldn't. Ironically, we hear that there is a "trust issue" today between the public politicians, yet many of these breaches suggest that perhaps we are far too trusting.

Iain's biggest point on this issue was that because the papers were being fingered as culpable parties in the practice it was unlikely they would print the the story. Whey print something that slags yourself off. It would appear that he is right on that matter, the only papers to print the story thus far are those not implicated, the Telegraph and the Guardian. There is deafening silence from the tabloids. What a surprise!

No comments: