111
Verizon Gave Phone Data to Armed Stalker Who Posed as Cop Over Email (www.404media.co)
submitted 11 months ago by videodrome@lemmy.capebreton.social to c/cybersecurity@lemmy.capebreton.social
11 comments fedilink hide all child comments

cross-posted from: https://midwest.social/post/6303502

The FBI investigated a man who allegedly posed as a police officer in emails and phone calls to trick Verizon to hand over phone data belonging to a specific person

Despite the relatively unconvincing cover story concocted by the suspect ... Verizon handed over the victim’s data to the alleged stalker, including their address and phone logs. The stalker then went on to threaten the victim and ended up driving to where he believed the victim lived while armed with a knife

Version Security Assistance Team–Court Order Compliance Team (or VSAT CCT) received an email from steven1966c@proton.me.“Here is the pdf file for search warrant,” Glauner, allegedly pretending to be a police detective, wrote in the email. “We are in need if the this [sic] cell phone data as soon as possible to locate and apprehend this suspect. We also need the full name of this Verizon subscriber and the new phone number that has been assigned to her. Thank you.”

Verizon is not the only telecom that has failed to properly verify requests like this. In a somewhat similar case, I spoke to a victim who was stalked after someone posing as a U.S. Marshal tricked T-Mobile into handing over her phone’s location data.

top 11 comments
sorted by: hot top controversial new old
[-] mosiacmango@lemm.ee 8 points 11 months ago* (last edited 11 months ago)

Of note, he already had a warrant out in California for stalking an ex there. She had to change her phone number 4 times in 4 months, "but somehow he kept getting it."

She was also with Verizon, so it's pretty clear that this is a systemic issue with how they verify warrants(they clearly dont).

Here's hoping these two women and anyone else who sees this story and was mysteriously stalked while using Verizon sues the living fuck out of them.

[-] halcyoncmdr@lemmy.world 8 points 11 months ago

Having worked in the industry on the retail side for both Sprint and then T-Mobile since 2007 and the amount of continuous annual training and borderline annoying effort these companies put out to retail employees about not disclosing CPNI (Customer Proprietary Network Information)... and considering how often this seems to happen... it's clear the back end teams don't get the same training or reminders despite their jobs actually being to disclose this info under the right circumstances.

[-] EmperorHenry@infosec.pub 4 points 11 months ago

Clearly the guy didn't have a warrant and Verizon gave the data anyway.

[-] EmperorHenry@infosec.pub 3 points 11 months ago

I'm starting to understand why borderline illiterate scammers from india are able to scam so many people.

If you're pushy and you just say that you're an official something or rather then people will just do things for you.

[-] sadreality@kbin.social 2 points 11 months ago

And likely there is nothing wrong with it.

[-] Truck_kun@beehaw.org 2 points 11 months ago

Yes, of course I will trust a police officer contacting me through their official domain (.gov or otherwise) of .... @proton.me

Not sure if this is just a failure of judgement, common sense, or training; or all three.

I'd like to say some kind of .gov should be required if person is claiming to be a government officer of some kind, but many cities use .org, and some police departments may have a separate domain from the city, but.... it's a freaking @proton.me domain.

I deal with doctors offices all the time, and I always give a little extra scrutiny to any professional that is using a gmail, hotmail, yahoo, aol, proton mail, etc. email address. It doesn't make things official, but it does seem shady if you don't put in the small amount money/effort to use a custom domain.

[-] shalafi@lemmy.world 2 points 11 months ago

This was in a security presentation I used to give. Watch the horror unfold. :)

https://www.youtube.com/watch?v=lc7scxvKQOo&t=2s

[-] iHUNTcriminals@lemm.ee -3 points 11 months ago* (last edited 11 months ago)

No shit we live in the wild West there is no security.

think about it... Think about the ways you could do stuff like that... There is nothing stopping it.

[-] videodrome@lemmy.capebreton.social 11 points 11 months ago

There is nothing stopping it.

Proper verification is a good start.

[-] Entropywins@kbin.social 6 points 11 months ago

Safety is an illusion...

[-] CaptainProton@lemmy.world 3 points 11 months ago

80s and 90s were the wild West of tech. Now we're more like the mobster era, with some countries toying with prohibition.

this post was submitted on 09 Dec 2023
111 points (100.0% liked)

Cybersecurity News

1326 readers
1 users here now

Welcome to Cybersecurity News!

A community that collect news and other tidbits related to cybersecurity in all its domains.

There are no hard and fast rules regarding what to post here-- we are fine with both pop news articles and more technical pieces regarding cybersecurity.

We use a bot called flynnbot to repost some rss feed content but the majority of posts are human-curated.

New to Cybersecurity?

Here are some resources to get you started:

Related Communities

!security_cpe@infosec.pub
!cybersecurity@zerobytes.monster
!packetstorm@zerobytes.monster
!security@programming.dev
!secops@lemmy.world
!cybersecurity@sh.itjust.works
!netsec@zerobytes.monster
!securitynews@infosec.pub
!cloudsecurity@infosec.pub
!netsec@links.hackliberty.org
!cybersecurity@infosec.pub
!cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
videodrome@lemmy.capebreton.social
flynnbot@lemmy.capebreton.social