I gave a bounty hunter $ 300. So he's lying on our phone

Photo: Shutterstock. Remix: Jason Koebler

Nervously, I gave a bounty hunter a phone number. He had offered to geolocate a phone for me, using a shady, overlooked service that was not intended for the police but for individuals and businesses. Armed with just the number and a few hundred dollars he said he could find the current location of most phones in the United States.

Bounty Hunter sent the number to his own contact who wanted to track the phone. The contact reacted with a screen shot of Google Maps, which contained a blue circle indicating the current location of the phone, about a few hundred meters.

Queens, New York. More specifically, the screen showed somewhere in a particular neighborhood ̵[ads1]1; just a couple of blocks from where the destination was. The hunter had found the phone (the goal gave his consent to the motherboard to be tracked through their T-Mobile phone.)

Bounty Hunter did all this without deploying a hacking tool or having previous knowledge of the phone's whereabouts. Instead, the tracking tool relies on real-time location data sold to bounty hunters, who ultimately come from the telecoms themselves, including T-Mobile, AT & T and Sprint, have found a carton survey. These monitoring functions are sometimes sold through mouth-to-mouth networks.

It is widely known that law enforcement agencies can track phones with a warranty to service providers, IMSI detainees, or at present through other companies that sell location data such as one called Securus, at least one company, called Microbilt, sells phone geolocation services with little overview of the spread of various private industries, ranging from car dealers and property managers to bail bondsmen and bounty hunters, according to sources familiar with the company's products and corporate documents obtained by the motherboard. Comparing the already very dubious business practices, this spy capacity is also resold to others on the black market that is not licensed by the company to use it, including me, apparently without Microbil's knowledge.

The motherboard survey only shows how exposed mobile networks and the data they generate allows them to monitor ordinary citizens, stalkers and criminals, and comes as media and decision makers pay more attention than ever to how site and other sensitive data are collected and sold. The survey also shows that a wide variety of companies can access mobile placement data, and that information is tricked down from mobile providers to a wide variety of smaller players, who do not necessarily have the proper security controls in place to protect the data.

"People resell to the wrong people," said the source of the source who flagged the company to the motherboard. Motherboards gave the source and others in this story anonymity to speak more honestly about a controversial monitoring capability.

Have you got a tip? You can contact Joseph Cox safely on Signal at +44 20 8133 5190, OTR chat at or email

Your mobile phone is constantly communicating with nearby mobile phone towers, so your telecommunications provider knows where to route calls and texts. From this, the telecommunications companies also perform the phone's approximate location based on proximity to the towers.

Although many users may be unaware of practice, telecommunications companies in the US sell access to their customers' position data to other companies, called location generators, who then sell it to specific customers and industries. Last year, a placement unit, called LocationSmart, was heavily criticized for selling data that eventually ended up with Securus, a company that provided low-level enforcement telephone tracking without requiring a warrant. LocationSmart also exposed a lot of data that it sold through a buggy site panel, which means everyone could give almost any phone in the US at a click of a mouse.

It's a complex supply chain that shares some of US mobile phone users & # 39; most sensitive data, with the telecoms potentially unaware of how the data is being used by the final end user, or even if the hands it lands in. Financial companies use telephone location data to detect fraud; Directions companies use it to find regular customers. But AT&T, for example, told Motherboards that the use of customer data by bounty hunters is explicitly against the company's guidelines, and questions how AT&T allowed the sale for that purpose in the first place.

"The claim here would be contrary to our contract and privacy policy, an AT&T spokesperson told a motherboard in an email.

In the case of the phone we tracked, six different devices had potential access to the phone data T-Mobile shares placement data with an aggregator called Zumigo, which shares information with Microbilt, Microbilt shared this data with a customer using its mobile tracking product, and the Bounty hunter then shared this information with a source for the bail industry that shared it with the motherboard. 19659003] CTIA, a telecom industry trading group such as AT&T, Sprint and T-Mobile members, has official guidelines for the use of so-called "site-based services" such as "relying on two basic principles: user information and consent," the group wrote in this policy. companies and data aggregators like motherboards spoke to said that they require their customers to get the consent of the people they want to track, but it is clear that This does not always happen.


A flowchart showing how the telephone location data trickled down from T-Mobile to motherboard. Image: Motherboard.

Another source that has tracked the geolocation industry, told the motherboard while talking about the industry in general, "If there is money to be made, they will continue to sell the data."

"The third levels companies sell their services. This is where you see the problems of going to shady people [and] for shady reasons," the source said.

Frederike Kaltheuner, data recovery program led by the Privacy International campaign group, told the motherboard in a phone call that "it's part of a bigger problem; the US has a completely unregulated data ecosystem."

Microbilt buys access to position data from an aggregator called Zumigo. and then sell it to a staggering number of sectors, including landlords to expand potential tenants. Vehicle sellers, and others who run credit checks. Armed with just one phone number, Microbilt's "Mobile Device Verify" product can return a destination full name and address, geolocate a telephone in a single instance, or operate as a continuous tracking service.

"You can set up monitoring with control over the weeks, days and hours that this location on a device is checked, as well as the start and end date of monitoring," a business brochure that Motherboard found on the web reads.

Position as a potential customer, Motherboard explicitly asked a Microbilt customer support employee if the company offered phone geolocation for the bail bond menu. Shortly afterwards, another employee can be sent with a price list – finding a phone cost as little as $ 4.95 each if you search for a small number of devices. That price becomes even cheaper as the customer buys the opportunity to track multiple phones. Getting real-time updates on your phone's location can cost around $ 12.95.

"Dirt cheap when you think about the data you can get," the source knew with the industry added.


Part of the pricelist Obtained Motherboard. Image: Motherboard.

It's bad enough that access to highly sensitive phone geolocation data has already been sold to a wide range of industries and businesses. But there is also an underground market that motherboards are used to geolocate a phone-one where Microbilt's customers resell their access with profit and with minimal overview.

"Blade Runner, the iconic sci-fi movie, is set in 2019. And here we are: it is an unregulated black market where bounty hunters can buy information about where we are in real time over time and come after You don't have to be a replica to be afraid of the consequences, said Thomas Rid, professor of strategic studies at Johns Hopkins University, to the motherboard of a chat.

The source of the bail industry said the intermediary used Microbilt to find the phone. This intermediary charges $ 300, a significant mark on the regular Microbilt award, and the Google Maps screen delivered to the motherboard's target phone location also contained its approximate longitude and latitude coordinates, and a range of exactly where the phone's geolocation is: 0.3 miles or just under 500 meters, it may not be enough to give a person to a particular building in a populated area, but it can surely find a particular neighborhood, city or city

In other cases of telephone geolocation, it is usually done with the consent of the target, perhaps by sending a text message that the user must deliberately respond to, signaling they accept that their position is being tracked. This can be done in the earlier example of road directions or when a company monitors the truck's truck. But when the motherboard tested the geolocation service, the target phone received no warning that it was being tracked.

The source source originally notified to Microbilt to Motherboard said bounty hunters have used telephone geolocation services for non-work purposes, such as tracking their girlfriends. The motherboard was unable to identify a particular instance of this case, but domestic stalkers have repeatedly used technology, such as the cell phone's malware, to track spouses.

As the motherboard was reporting this story, Microbilt removed documents related to the mobile location product from its website.

A microbial spokesperson told the motherboard in a statement that the company requires everyone who uses mobile device verification services to prevent fraud to first obtain a consumer license. Microbilt also confirmed that it found an instance of abuse on the platform – our telephone ping.

"The promotion came through a licensed government agency that writes in about $ 100 million in bonds per year and passed all up front credentialing under the pretense that the placement was verified to reduce financial exposure related to a bond loan considered for the submitted consumer," said Microbilt in a sent message. In this case, "licensed state agency" refers to a private bail bond company, motherboard confirmed.

"As a result, MicroBilt was unaware that the terms of use were violated by the rogue person who sent the request under false pretenses, does not endorse such use cases and has a clear policy that such breaches will result in loss of access to all MicroBilt services and termination of the requesting party's end user agreement, added Microbilt. "By examining the alleged abuse and learning of contract breaches, we terminated the customer's access to our products and they will not be eligible for reinstatement based on this breach."

Zumigo confirmed that it was the company that gave the phone location to Microbilt and defended its practice. In a statement, Zumigo does not seem to constitute data that ultimately ended up with licensed bounty hunters, but wrote: "Illegal access to data is an unfortunate occurrence in almost every industry that deals with consumer or employee data, and it is impossible to detect a scammer or villain who seeks location data for their own mobile devices when the required consent is given. But Zumigo takes steps to protect your privacy by providing a measure of distance (about 0.5-1.0 miles) from an actual address. "Zumigo told the motherboard, it has cut Microbilt data access.

" People resell to the wrong people. "

In the motherboard was the successful geolocated phone on T-Mobile."

"We take the privacy and security of the customer's information very seriously and will not tolerate misuse of the customer's data," AT-Mobile spokesman told the motherboard in an e-mail. post statement. "While T-Mobile does not have a direct relationship with Microbilt, our provider worked with them and confirmed with us that they have already closed all T-Mobile data transmission. T-Mobile has also blocked access to device placement data for any Zumigo request on behalf of Microbilt as a further precaution. "

Microbil's product documentation suggests that the phone location service works on all cellular networks, but the intermediary could not or willingly search for a Verizon device. Verizon did not respond to a request for comment.

AT & T told the motherboard it has cut access to Microbilt as the company is investigating.

"We only allow sharing of a placement when a customer permits issues such as fraud prevention or emergency assistance, or when required by law," said AT&T spokesman.

Sprint told the motherboard in a statement that "protecting customer's privacy and security is top priority, and we are transparent about it in our privacy policy […] Sprint does not have a direct relationship with MicroBilt. If we determine that some of our customers are doing and have violated the terms of the contract, we will take appropriate action based on these findings. "Sprint did not want to clarify the contours of the Microbilt relationship.

These statements sound well known. Then New York Times and Senator Ron Wyden published details of Securus last year, the firm offering geolocation to low law enforcement without One warrant said the telecoms took extra measures to secure their customers' data would not be abused again. Verizon announced that it would restrict data access to companies that did not use it for legitimate purposes. AT & T followed shortly after with similar promises.

After Wydens press, T-Mobile's CEO John Legere tweeted last June "I personally reviewed this issue and promised to @tmobile will not sell customer placement data to shady middlemen. "

" It looks like these promises were little more than worthless spam in the customer's inbox. "

Months after the telecoms said they should fight this problem, in the face of an undoubtedly even worse case of abuse and data trading, they say pretty much the same. Last year, the motherboard reported about a company that previously offered phone recognition to bounty "Hunters; here Microbilt operates even after a wave of violent acts by decision makers. In his motherboard statement Monday, T-Mobile says it has almost completed the process of terminating dealerships.

" It would be bad if this was The first time we learned about it. It is not. Every major wireless operator promised to end this type of data sharing after completing this exercise last year. Now, it seems that these promises were little more than worthless spam in the customer's inbox, "Wyden told the motherboard in a statement. Wyden proposes legislation to protect personal information.

Due to the ongoing government interruption, the Federal Communications Commission ( FCC) unable to make a statement.

"Continued sale of location data by wireless operators is a nightmare for national security and personal security for anyone with a phone," Wyden added. "When stalkers, spies and predators know when woman is alone or when a home is empty or where a white house officially stops after work, the possibilities for abuse are endless. "

Subscribe to our new cyber security podcast, CYBER.

Source link

Back to top button

mahjong slot