Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

BDFL - Memuneh
58351 posts

Uber Geek
+1 received by user: 9803


Topic # 180602 15-Sep-2015 07:21
Send private message

From The Guardian (and other sources): Vodafone Australia admits searching journalist's phone records (I wouldn't call "hacking" as in they didn't have to hack anything, did they?)

Vodafone Australia has admitted an employee hacked a journalist’s phone records in an attempt to uncover her sources for stories, but the telecommunications company denies any “improper behaviour”, despite internal emails suggesting it deliberately misled authorities about systemic privacy breaches.

O’Brien – herself a Vodafone customer – reported that Vodafone’s Siebel data system was vulnerable to hacking, and that the data of millions of customers was available online and easily accessible through generic passwords that were being shared around the company and publicly.

Customers’ home addresses, driver’s licences and credit card details were all available online, O’Brien wrote, and criminal groups were paying for customers’ private information.

She said the stories she wrote were “in the public interest”, and the vulnerability in Vodafone’s system serious enough that both the Information and Privacy Commissioner and the Australian Communications and Media Authority launched independent investigations.

“The shock and anger is only compounded knowing it was because I was doing my job that I was targeted and it was my own telco that was doing it to me. Since when did telling the truth become the wrong thing to do?”

An internal Vodafone email, reported by the Australian, shows the company was aware of the extent of the security breaches and the potential legal and reputation damage of hacking a journalist’s phone.

The head of fraud management and investigations for Vodafone Group, Colin Yates, wrote to then global corporate security director Richard Knowlton that there was a “huge risk” to the company if the hacking of O’Brien’s phone “gets into the public domain”.

I had a fair share of requests over the years from companies asking for the identity of people posting proprietary or confidential material on Geekzone. I can't obviously disclose this type of information without being in breach of the Privacy Act.

We know of internal investigations that caused a few people to lose jobs and on different telcos around - but that's a few years old now. There's a big difference between posting confidential pricing information and exposing problems. One is a case of trust breach the other is whistleblowing.

I do expect the report not to have been published before Vodafone was warned and had time to fix it - although it doesn't sound like it.

That's one of the reasons I have set our messages pages to be accessible only via HTTPS. But over the years more and more information has arrived either via WhatsApp and very few via voice calls - great as I really dislike talking on phone and rather have things documented.

Posting this on Off Topic as this is not a Vodafone New Zealand topic.

Create new topic


8833 posts

Uber Geek
+1 received by user: 1165

  Reply # 1387857 15-Sep-2015 13:09
2 people support this post
Send private message

My feeling is telcos lack auditing in this area.

Baby Get Shaky!
1441 posts

Uber Geek
+1 received by user: 318


  Reply # 1388029 15-Sep-2015 17:04
Send private message

gzt: My feeling is telcos lack auditing in this area.

Fair point.

My Two cents: I would question how difficult it would be to effectively audit an organisation with thousands of employees, most of whom would make dozen's of accesses to customer information daily in the scope of their normal duties. I'm sure (just an educated assumption here) that most Telco's, or organisations that hold large swatches of personal information, would have a list of customers who would set off an audit if their information was accessed (take high profile public figures etc). I'm sure most organisations would also practice/publicise random audits and have policies that would indicate as such. Regular audits on someone who under takes hundreds of transactions would be a nightmare, not just in a financial sense but also in a time management sense. As someone who has access to a lot of private information and accesses it frequently in the course of my duties (sometimes hundreds of queries a day) I know that when an audit happens I will be spending a large part of my day justifying my actions and not a lot of time doing anything else. For my employer they have to balance to requirement to meet their obligations under the Privacy Act with their requirement to actually get things done.

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

IDC thinks ANZ is a nation
Posted 27-Jul-2017 11:51

British new home buyers see ultrafast broadband as vital
Posted 27-Jul-2017 09:46

Australians want NZ-style gigabit, but for less
Posted 27-Jul-2017 08:57

Push notifications: A productivity killer
Posted 25-Jul-2017 14:15

Intergen takes SKYCITY to the cloud
Posted 25-Jul-2017 14:04

Nothing nebulous about Microsoft’s cloud-transition
Posted 21-Jul-2017 15:34

We’re spending more on tech, but not as much as Australians
Posted 21-Jul-2017 11:43

Endace announces EndaceFabric for network-wide packet recording
Posted 20-Jul-2017 20:49

Acorn 6: MacOS image editing for the rest of us
Posted 20-Jul-2017 17:04

HTC faces backlash over keyboard pop-up ads
Posted 19-Jul-2017 15:53

BNZ adds Visa credit cards to Android Pay wallet
Posted 18-Jul-2017 19:44

Still living in a Notification hell – Om Malik
Posted 18-Jul-2017 13:00

Duet Display uses iPad to extend Mac, PC
Posted 18-Jul-2017 10:58

PC sales could be worse
Posted 17-Jul-2017 07:34

Crypto-currencies, tulips, market bubbles
Posted 17-Jul-2017 06:38

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.