T-Mobile and Cingular Call Records Available for Purchase Online

Lest you think your cell phone records were private—even if you are a high-profile candidate for the U.S. presidency—AMERICAblog has proved you incorrect by purchasing General Wesley Clark’s cell phone records for $89.95.

From AMERICAblog: “All we needed was General Clark’s cell phone number and our credit card, and 24 hours later we had one hundred calls the general made on his cell phone in November. The calls included a number of calls to Arkansas, to foreign countries, and at least one call to a prominent reporter at the Washington Post.

The records in question are from the Omnipoint Communications, part of T-Mobile. It would appear that records from Cingular are also available for purchase.

Comments

Edit Your Comment

  1. Smoking Pope says:

    This is double-plus ungood.

  2. SteveW says:

    Wow, very unsettling. What I find so odd is how exactly they are procurring these lists and how quickly. If you are using pretext style attempts to get numbers, that is if you call in and say you are Person Q when you are in fact Person R you are gaining access to the records under false pretext, it would take at least a few days to receive paper copies, and most companies will not e-mail records(I know Cingular prohibits that) but these guys seem to have a really quick turn around, it would seem within a day, so are they gaining access to the web accounts of these folks? If so how, social engineering your way into getting a password change is difficult to say the least and on top of that at Cingular the new password will normally be text messaged or emailed to the customer at previously provided addresses. So are they calling in and actually having the information changed on the accounts?
    The only other option that I can see is that the providers or someone within the companies are selling off these records. If thats the case they are being fairly secretive about it, because even as a CSR we were told that generally we should never give any call information be it time on call, number called, etc to anyone over the phone…epsecially not the last 100 calls made.

  3. SteveW says:

    What I find extremely unsettling is the speed with which these guys can get the records. If they are using pretext style scams to get the numbers it would normally take them at least 2-5 days or more to get the paper copies of a bill with the information and whats worse is that those paper copies would be billed to the person whos records you are retrieving at 5$ a pop (at least at Cingular) + they would have to have the shipping address changed to their own which is a whole other ball of wax.
    Otherwise they could get the information off of the customers web account, in that case though they would have to get the customers password. If they are calling in and social engineering their way into a new password they would also have to change the recieving email address, since password resets are sent to previously defined addresses or text messaged to the customer.
    Or and this is really the most unsettling option, the companies or someone inside the companies are selling the information off to them. If this is the case it is so amazingly two-faced it is not even funny considering that as a CSR at Cingular it was stressed that we would generally not give out any information on calls made to anyone over the phone other than special circumstances (like the article below this one) and even then only a bare minimum of information after a stringent verification.

  4. SteveW says:

    Woops my bad on the multi-post delete all but the last ;)

  5. mrscolex says:

    This is a little kooky– two cell stories in one day.

    First we rag on sprint for being too protective of your privacy.

    Then we rant on Cingulair for not being protective enough of our privacy.

    Wheres the middle-ground where we’d be satisfied?

  6. SteveW says:

    I don’t know, I think a fairly clear line can be drawn here. On the one hand the Sprint story had a particular incident that should not require the past 100 calls for instance and most companies have built in procedures for such events; releasing a small amount of data prior to a subpoena. This however is a massive security hole allowing for months and years worth of calling information, no one without a subpoena should need that much call data.

  7. mrscolex says:

    But how exactly do you prevent it? My understanding of how this works is based on these companies that gather the information cold calling and basically social engineering their way through the system. Even if they ask for something like an address verification there are still ways to fake it, the best way that I read about was just mumbling, or pretending that you were in a mouth-surgery recently. Its one of those things that if you just keep at it you’re bound to succeed, even if you only get to verify certain parts of the information in each subsequent call.

  8. gunnk says:

    If the company providing these records is getting them by impersonating the actual account holder it might be possible to prosecute them. The cell providers need to figure out how to better protect their records, but if the records are essentially being stolen by deceiving the providers they are most likely breaking one or more laws — including committing telephone fraud across state lines (which, I believe, is a felony).

  9. mrscolex says:

    I think gunnk is absolutely right, but there is always going to be an underground market for these services. Typically these types of services were intended for Private Investigators, which already use a number of semi-underground resources that do very similar things.

    How do you suppose private investigators get their information? Many times its these guys who perfected these techniques– these services that are popping up are just grey-market versions of the same thing that provide to a larger consumer-base.