Frank M-Ahearn

The truth behind hacking? It’s a global business – and journalists are the least of it

The dark art of stealing personal information is not confined to newspapers, as a former practitioner explains

issue 27 August 2011

‘Hi, this is Mr Pretext from mobile phone activations. Our systems are down and I need you to bring up a customer’s mobile account for me please.’ I must have repeated this lie thousands of times in the past 20 years. It helped me gain access to information — criminal records, social security numbers, phone logs — that I would then hand on to all sorts of clients: journalists, insurers, cuckolded husbands and even policemen. As an American who spent many years in this underground industry, I can tell you that the British phone-hacking scandal has exposed only a tiny part of a vast criminal network.

In the old days, private investigators would peer through letterboxes or ransack the bins of their targets. In the past ten to 15 years, however, technology has multiplied the ways in which people like me can snoop on people like you. Mobile phone records, health records, anything that is held digitally can be accessed. My working day would start with a request to find phone records of one person, or the bank statement of another, or maybe the criminal record of a third. I’d find private details through utility companies, shops or frequent-flyer schemes. Then I’d pick up the phone and start blagging — or, as we called it in my part of the trade, pretexting: lying to extract personal details.

Glenn Mulcaire, the man at the centre of the News of the World case, was a professional footballer before he became an investigator. If that surprises you, it shouldn’t. What I did for a living — and what detectives acting for tabloid journalists are alleged to have done for a living — was hardly technical. It’s not hacking, in the sense of requiring computer programming skills or sophisticated manipulation of telecoms systems. All I needed was the ability to lie convincingly. The tactics uncovered in the News of the World case — accessing voicemail by giving a default code, or sometimes by persuading someone to set a code of your choice — is standard operating procedure for those on the underground superhighway of private information for sale.

Our gift was the ability to convince other people to give us the information we needed. Hacking phone systems is no trouble at all when you have a contact in the phone company or the police. I’d call the telephone company, posing as my target. ‘I lost my bill and need to take a few minutes and go over my list of calls,’ I’d say. Some people agreed straight away, others wouldn’t. When I felt the operator was on the fence, I played the sympathy card. ‘If I don’t turn in my expenses to my boss, he won’t reimburse me,’ I’d say, or explain haltingly about the surprise trip to Legoland I was planning for my children. The trick then was to stay silent. You’d be amazed just how much information could be spilled — after an awkward pause, of course — using these simple techniques.

I called my trade skip-tracing, not hacking. I was paid to find criminals, defaulting debtors and court witnesses. I carried out work for newspapers, too. When they wanted to talk to some children who had spent the night with Michael Jackson at Neverland, they called me. When they wanted to monitor O.J. Simpson’s bank accounts, they called me. I was once hired by a paparazzo to find Ozzy Osbourne’s private telephone numbers. I found eight.
Accessing messages on a person’s mobile phone was just one of the services we offered, but it was the least requested. I would not listen to the messages. Usually my clients just wanted the voicemail passcode, so they had the pleasure of listening in themselves. The most useful information, the stuff that earned me the big money, was detailed lists of calls from mobile phones. It was surprisingly easy to acquire. All it took was a simple call to a mobile phone company. I’d be asked for basic security, such as an address, date of birth and perhaps a password. Often, the person paying me already had that information. If not, it took just a little more pretexting to obtain it.

The information black market really boomed around 2000, when all manner of companies began putting their bills online, and accessing them therefore became easier. It doesn’t matter if you bank with RBS in Scotland or Banca d’Italia in Rome. Online services make it easier to access anything, anywhere.
It took time for the law to catch up. Until the 1990s, many of my trade’s techniques weren’t specifically illegal. And about ten years ago, some were punished with a caution or a fine. Now it’s prison sentences — as a number of journalists in Britain may find out. What is regarded as an outright crime now was, a decade ago, more of a grey area, both in America and Britain. My clients suspected I used murky techniques, but not necessarily illegal ones. A lot of the time, they were right.

That said, I tried to set my own limits. If you were on my list, then I believed that you’d done something stupid or illegal — or at least that you had chosen to forgo privacy by entering showbiz.

I’d like to say that I left the skip-tracing industry because of a crisis of conscience, but the truth is that it was getting too dangerous. It seemed as if every day another law was passed against one of my tricks. My decision to retire was made when I heard a helicopter over my New Jersey office. I threw a laptop to the ground and started stamping on it. Then I yanked open a drawer full of prepaid mobile phones and calling cards, and flung everything into a canal. I destroyed, in all, about $5,000 worth of equipment. As it turned out, the helicopter belonged to park police; they were searching the canal for a lost sea cow.

I don’t know how long Mulcaire was in my old business, but obviously he should have got out sooner. Or at the very least, he should have observed its golden rule: once the information has gone to the client, erase all trace of the transaction. I don’t understand why he kept it all, or how the police ended up with 11,000 pages of evidence and 4,000 mobile phone numbers. Perhaps he wanted to write a book. Perhaps he was stupid. Perhaps he hadn’t realised how the law had caught up with our trade.

For my part, I have turned from poacher to gamekeeper. I now advise people on how to hide from private investigators and skip-tracers. There is a growing market for this service. People are realising how vulnerable they are to identity theft. Companies are buying, selling and trading information all the time. The deals that bring you junk mail today may lead to identity theft and financial ruin tomorrow. Do you really want your contact information, private details and family connections splashed all over the internet? It doesn’t take a genius to start harvesting and selling this information.

Newspapers may be forced to start behaving themselves in Britain, but that will not end invasions of privacy. Skip-tracing will exist as long as we have lawyers, criminals and cheating spouses — and personal information which is held by businesses that  have no idea how to protect it. The black market for private data is huge, growing and global. Some newspapermen may be imprisoned, but skip-tracing and phone-hacking will be with us for some time to come.

Comments