Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
United States Communications Privacy Security

Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US (vice.com) 68

Securus, the company which tracks nearly any phone across the US for cops with minimal oversight, has been hacked, Motherboard reported Wednesday. From the report: The hacker has provided some of the stolen data to Motherboard, including usernames and poorly secured passwords for thousands of Securus' law enforcement customers. Although it's not clear how many of these customers are using Securus's phone geolocation service, the news still signals the incredibly lax security of a company that is granting law enforcement exceptional power to surveill individuals. "Location aggregators are -- from the point of view of adversarial intelligence agencies -- one of the juiciest hacking targets imaginable," Thomas Rid, a professor of strategic studies at Johns Hopkins University, told Motherboard in an online chat.

Hacker Breaches Securus, the Company That Helps Cops Track Phones Across the US

Comments Filter:
  • by Anonymous Coward

    Is this the new working assumption we all need?

    • by Tablizer ( 95088 )

      So they know about my turtle porn all the way down?

    • Then where the hell are my keys?

      • Car keys are in refrigerator vegetable bin.
        The 3 pieces of celery with almond butter that, along with a cup of coffee, was supposed to be a snack, are in the closet with the paper towels.
        The paper towel that was supposed to be for wiping off the countertops is on top of the toilet where I had to pee all of a sudden.
        The cup of coffee that was warmed up in the microwave is in the cabinet where the extra packets of stevia are kept.
        The stevia and soy milk are in the desk where my pad's USB charger is.
        My pa
  • What the hell (Score:4, Interesting)

    by Anonymous Coward on Wednesday May 16, 2018 @01:47PM (#56621702)

    But this latest data breach is not the only sign that Securus is careless with sensitive information. Rid pointed Motherboard to a Securus user manual available online. One part shows a map and user interface for a Securus product, but instead of populating the screen with fake data for demonstration purposes, the guide appears to include the real name, address, and phone number of a specific woman. (Motherboard confirmed the details with those in online databases, as well as a media report that mentions the woman).
    How stunningly incompetent

  • by b0s0z0ku ( 752509 ) on Wednesday May 16, 2018 @01:47PM (#56621706)
    Hope he left some Cryptolocker behind after siphoning their data and jerking their pants off in public. Between charging prison inmates exorbitant rates to call their families and giving anyone who asks cell phone location data (without verifying the veracity of a warrant), Securus is a truly predatory company. The US wouldn't lose anything if they went under tomorrow.
    • by ugen ( 93902 )

      If they go under tomorrow, another company will promptly take its place. It's not a specific business - it's the system and the set of laws and (corrupt) interests protecting it.

    • by orlanz ( 882574 )

      I think the hacker should publicly release random parts of that data. It would suck for quite a number of people, but make sure you get the lobbyists and politicians in that release, and we may just have an uproar like with Facebook. Then laws may actually change and make these sorts of businesses less enticing to run. Until people find out that when people mean hacked, they mean THEIR data, I don't think things will change.

      Even something simple like Motherboard setting up a webpage where you enter your pho

    • ...and giving anyone who asks cell phone location data (without verifying the veracity of a warrant), Securus is a truly predatory company.

      WHat are you talking about?? They always make sure the warrant is valid before they do anything. It's just that the only warrants they accept must say things like "e pluribus unum" and must have a unique serial number that is generated and validated by US Mint.

  • How does someone find out if they are in the list and being watched? Paranoid
    • Are you in the US?

    • Re:Am I in the list? (Score:5, Informative)

      by SeaFox ( 739806 ) on Wednesday May 16, 2018 @02:13PM (#56621824)

      How does someone find out if they are in the list and being watched?
      Paranoid

      The list is of Securus' law enforcement customers, not individual citizens. And there is no "list of people being watched" here. The data is already being collected on everyone, it's just a matter of if a Securus customer made any requests about you. Without more info on how one uses the service, it's hard to tell if there is a record of who was tracked.

    • Isn't that obvious? Get arrested and sent to prison so you can access their database.
  • In both the meaning of the word "just".

    Bad cops track too.

    People other than cops track them too.

    • by Anonymous Coward

      In both the meaning of the word "just".

      Bad cops track too.

      People other than cops track them too.

      Set up a fake account and track cops and top federal LEA/TLA officials and publish the juicy bits to Wikileaks.

      Securus won't remain in business for long.

  • Professional hackers have been hacked, and their recursive hacking algorithm, known as GrndH0gDai, was recursively hacked and stolen.

  • Securus (Score:5, Funny)

    by jwymanm ( 627857 ) on Wednesday May 16, 2018 @02:26PM (#56621906) Homepage
    = Security + Circus
  • ..................

    Don't hold your breath. You'll be waiting a while.
  • by Rick Schumann ( 4662797 ) on Wednesday May 16, 2018 @02:34PM (#56621974) Journal

    Data breaches, Woody, data breaches everywhere!

    Come on people, isn't enough enough already?

    1. Companies like this 'Securus' shouldn't exist in the first place.
    2. ALL companies that handle personally identifiable/sensitive data should have properly secured systems 100% of the time, no excuses.
    3. Nobody's phone location data should be revealed unless there is a valid warrant.

    When is this bullshit going to stop? As-is, you can't connect anything to the Internet without exposing yourself to massive amounts of risk of being hacked into either by criminals or the government, you can't carry a smartphone around for the same reasons (only worse), and it's getting to the point where even your bank isn't a safe place to keep your moeny because they're getting hacked, too. What do we do about all this? What is the way forward? How do we fix this?

    Shit like this is why I don't have a smartphone, and why I pay cash for everything I buy in person: to reduce my exposure to this sort of risk. Neither I nor any one of us should have to do that.

    • by Teun ( 17872 )

      When is this bullshit going to stop?

      By the time the USofA joins the EU.
      Now the UK is all but gone we can do with another English language group.

      • by atrex ( 4811433 )

        When is this bullshit going to stop?

        By the time the USofA joins the EU. Now the UK is all but gone we can do with another English language group.

        You probably wouldn't want one with as much baggage as the US has.

  • Sounds like a violation of the 4th amendment, just with extra steps.

    • Sounds like a violation of the 4th amendment, just with extra steps.

      "It's illegal and unconstitutional for me to do as a LEO so I'll just pay someone else to do it for me!"

      "You'll go far in US politics, Son!"

      Strat

    • by Agripa ( 139780 )

      Sounds like a violation of the 4th amendment, just with extra steps.

      Great, just try to enforce it. First you will need standing. If you get past that, then you will need a remedy. Since the remedy for a 4th amendment violation is exclusion of evidence, which does not apply in a civil trial, you will need to be the defendant in a criminal trial. If you get past all of that, then law enforcement will use parallel construction anyway.

  • The "usernames and poorly secured passwords for thousands of Securus' law enforcement customers"

    I'll bet that could open some doors!

    • Given that many people re-use usernames and passwords, you are correct. I wonder how many local police computers are now accessible?
  • by zarmanto ( 884704 ) on Wednesday May 16, 2018 @03:17PM (#56622250) Journal

    Security vulnerabilities are a fact of life, and most people in any kind of a technology job are aware of that. It's not if you're going to be hacked, but when, and by who. And in fact, it's not these highly publicized breaches that we really need to worry about; rather, it's the breaches that nobody ever finds out that probably keeps the security experts awake at night. So if some well-meaning script-kiddie stumbled his way into Securus, than what that really tells us, is that someone with nefarious intent has almost certainly already exploited the same weakness well prior to this. Nobody found out about that hack* for two reasons: 1) The "real" hackers covered their tracks and didn't get caught, and 2) they didn't notify the press with childlike glee of their successful hack of a highly sought after target... rather, they used the vulnerability to collect as much data as possible, and hid any strategically useful data that they discovered under a rock, to be sold to the highest bidder on the black market.

    * Mind you... "that hack" could just as easily have been "those hacks"... and we likely still wouldn't know it happened, nor how extensive the damage was, until it's too late to fix anything.

  • by HeckRuler ( 1369601 ) on Wednesday May 16, 2018 @07:06PM (#56623450)

    Now tell me with a straight face that the FBI's suggestion to use a third-party key management system that they could go to with a warrant would be secure. Go on, let me hear it.

There's no such thing as a free lunch. -- Milton Friendman

Working...