More on Telecommunications Security: Strong Customer Identity Verification Procedures are Necessary

Since I’m on the topic of cell phone security and privacy today, I want to discuss briefly a story from yesterday on CNN, “Fan hacks Linkin singer cell data, threatens wife.”


“A woman is accused of using a computer at a national laboratory to hack into a cell phone company’s Web site to get a number for Chester Bennington, lead singer of the Grammy-winning rock group Linkin Park. According to an affidavit filed by the Department of Defense Inspector General, Devon Townsend, 27, obtained copies of Bennington’s cell phone bill, the phone numbers he called and digital pictures taken with the phone. Investigators said she also hacked into the e-mail of Bennington’s wife, Talinda Bennington, and at one point called her and threatened her.”


Click the link to see the full story.
It also indicates she was able to access the photos taken with his cell phone.
I checked my cell phone account…the photos I’ve taken with my cell phone are not stored with my account information. Is there another location within telecommunications providers’ systems where all text messages and all attached photos are stored? Perhaps if the photos are sent through the website you can use to send text messages, those may be stored?
It seems there is a lack of security within the telecommunications company. Someone should not be able to discover an individual’s cell phone number through the telecom provider, and then subsequently be able to get into the person’s account.
Perhaps Townsend just went to the telecom’s website where it allows individuals to reset passwords, or replace forgotten ones. The customer identity verification items used for these types of purposes often consist of information that can be quickly found. The report did not indicate the telecom involved. However, for example, when resetting a password, Verizon Wireless asks for your cell phone number, last four digits of your social security number, and your billing zip code. All these are items that can be found for most people fairly quickly on
the Internet. Once you provide these pieces of information, you can change the password online and get right into the account information.
To be fair, Verizon does send a text message to the account owner’s cell phone to notify of the password change. However, it would be easy for the account owner to either not realize what is meant by the message, or to not read the message at all since they likely would not recognize the number listed as the sender.
Lesson:
* Use strong customer identity verification items not only reset accounts and set new passwords, but also for your call center and customer service staff to use when someone calls them asking to obtain information about their account.

Tags: , , , , , , ,

Leave a Reply