Who’s listening to your phone calls, asks Josh Spero
THERE ARE BETTER ways to start the day than leaning over to pick up the Financial Times from the news vendor by Sloane Square tube station and seeing your face splashed on a red top, your love life on page three and your P45 on your desk when you get in.
The phone hacking disgrace, which made many devastating incursions into people’s private lives — from dead schoolchildren and terrorist victims to Prince Charles and the Queen — has been brought to light, but that does not mean hacking in all forms by the media, corporate rivals, love rivals and international criminals will cease. Before you put this down and pick up your BlackBerry, just consider who else might be reading what you read.
According to John Kelly of Schillings, which has its own phone-hacking unit, the hacking of voicemails is so passé it is not where the real threats lie any more; don’t forget that most of the cases we’re hearing about are over six years old, which is a lifetime in technology and well before smart phones and their smarter defences emerged.
‘This is very old technology: now high-net-worths need to think about email hacking, computer phishing, Trojan horses. Seventy per cent of those hacked are HNWs or celebrities,’ he says, and hackers will not do a broad sweep but will pick on particular individuals. ‘Targeting’ is the keyword. From phishing, which indicated a mass attempt to seize data, we now have spear-phishing, which is directed against a person.
The hacking — which here broadly covers any illegal or suspect way of obtaining personal information — that HNWs should be worrying about is that whose methods they have not even yet heard, or only dimly recall from previous media scares. I met Oliver Crofton of Vigilante Bespoke, ‘the world’s first cyber-bodyguard service’ in their words, in a top-secret location to see what the hacking threats of the 21st century looked like. But first he laid a dossier on the table and said he had had a contact dig up as many of my personal details as could be legally obtained.
My mother’s maiden name, my former home, my university friends — all could be found at Companies House, on the Electoral Register or the Land Registry, or in the information-cluttered planes of the internet. (Personal details can be removed from the Land Registry if holding companies buy the properties.) Some of the details were wrong, but enough were right to be able to gain access to many services which have standard questions for account access.
This then allows you to blag more information from, say, law firms and medical insurance companies. John Kelly explained how such threats have resulted in Schillings developing a service to enable clients to clean up their web profile. If in doubt, turn to your lawyer.
While Oliver and I were talking, a text message from one of my colleagues appeared in our conversation on my iPhone; it suggested I click on a link to a website. Because Oliver had told me he was going to send this text, I wasn’t surprised that it wasn’t from my colleague, but had I not known, and had the message been vaguely convincing (‘Great to see you last night, there’s a photo of you if you click here…’), I would have been taken in.
If I had clicked on the link, some software which tracked my keystrokes (and thus passwords) or took control of my system would have been installed. If you then use online banking, your log-in name and password can be kept. Sending one of these hoax texts (or emails) is easy — many websites allow you to do it. Protecting against this is near-impossible: caution is key.
Another sort of software, which has entirely legitimate applications for tracking employees or family members and can be inexpensively bought from websites such as mobilespy.com, can be turned on you once you’ve clicked on that link. It shows your texts, your phone calls, your location every few minutes. Criminals who want to know where you are, to kidnap you, or where you’re not, to burgle you, can sit back.
Sometimes the criminals don’t even need to do anything. We have become so heedless of our own privacy online that we continually leak valuable data. If you sign in to foursquare.com, everyone knows where you are. If you leave your Facebook privacy settings low, untold embarrassing facts and pictures are available, and many HNWs, who were initially wary of using it, have abandoned themselves to its social charms. And if, like me, you tweet incessantly, you are supplying things of untold use.
HNWs are just as vulnerable as most people to hacking (of all kinds) through the devices and technology they use, only they are much more attractive targets. Of course, those who work in the financial services should already be aware of this as they are used to legitimised hacking: their office phones and mobiles have calls recorded to prevent insider trading. Nevertheless, they are still not immune from those with malicious intent.
Hackers can slip in between the ones and the zeros of the digital world into the much fuller figures of your bank account. Wariness, a quality which the internet era has seen diminish, pays.