| ▲ | aetherspawn 7 hours ago |
| Yeah, a friend of mine was tracked by a stalker ex boyfriend who worked at a Telco. It was irritatingly difficult to avoid because it seemed he could look up her SIM card by name and then get her location no matter what (new SIM, new phone) Anyone who reports this kind of thing to the police just sounds irrational and crazy and gets ignored. |
|
| ▲ | pigggg 5 hours ago | parent | next [-] |
| It's literally a known thing at telcos in various roles they find people looking up folks dox regularly. If someone registers a complaint that someone access their data they'll look it up and deal with them. I once asked someone on the security /investigations side if you are logging what everyone is doing can't you easily find when folks are looking up stuff unrelated to their job? Their answer: we'd have to fire over half the people here - everyone is constantly looking up people's PII - celebrities, friends, enemies, etc. it's almost considered a unofficial perk of the job. This was from one of the largest US Telco carriers circa 2010. Maybe things have changed, hopefully. |
| |
| ▲ | pocksuppet 4 hours ago | parent | next [-] | | In Western Europe they would get fired and go to jail. That's why Western Europe doxx information is considered the most expensive in the world. It wasn't complicated to create that situation. They can just fire a few, drag one to court, and rely on the chilling effect. | |
| ▲ | dboreham an hour ago | parent | prev [-] | | Calling BS on that story. You don't need to fire anyone. You just rate limit access to lookups where the customer didn't initiate a support call themselves, and require supervisor approval and audit of said approvals on a regular basis. I've also worked on systems where accounts could be marked as sensitive (e.g. the celebrities) and those needed additional sign off to be accessed. | | |
| ▲ | lostlogin an hour ago | parent [-] | | I’ve worked in systems like that too. I can tell you exactly how much privacy the celebrities got. There is no record of the sharing or the breaches. |
|
|
|
| ▲ | Padriac 7 hours ago | parent | prev | next [-] |
| Sounds like something worth reporting as it is an offence in Australia at least. The police would certainly investigate such an allegation and charges could be laid if there was sufficient evidence and a conviction was possible. |
| |
| ▲ | joshstrange 6 hours ago | parent | next [-] | | > The police would certainly investigate such an allegation and charges could be laid if there was sufficient evidence and a conviction was possible. I'll let you know when I finish laughing. This is 100% false. You can serve up all the evidence on a silver platter the the police will ignore it. I know, I've tried, specifically in a stalking case. They don't care. | | |
| ▲ | Padriac 6 hours ago | parent [-] | | Maybe where things are different where you live. | | |
| ▲ | pocksuppet 4 hours ago | parent | next [-] | | It's true in Australia, true in the US, true broadly in the UK and Europe. Where do you live where it's not the case? I once got mugged, had the perpetrator's ID and a video recording of them doing it, and they got a slap on the wrist. | |
| ▲ | close04 4 hours ago | parent | prev | next [-] | | After being stalked myself, for years, across borders, I can tell you the police doesn't care unless you can prove real, imminent danger. I have no idea how to prove that short of a written confession. A message from the stalker with a picture of them holding a knife at the door of my building, and the text I came to "visit" you but you had guests/witnesses for example didn't reach the bar of imminent danger. The police is made of people who want to do the job but are swamped with bigger problems, and people who don't want to do any real job. | |
| ▲ | estimator7292 5 hours ago | parent | prev | next [-] | | Things are very different in the US. Police do not exist to uphold the law or protect civilians from anything. There are specific rulings in our legal code that flatly state police are not obligated to protect anyone. Police in the US exist mainly to suck up tax money and harass and murder civilians and escalate peaceful protests into riots to justify suppression and murder. They're merely an instrument of an increasingly authoritarian government. Yeah, if you gave police here a complaint with all the evidence in the world, there is absolutely no obligation for them to investigate or take any action. And there's really no recourse. Be glad you live in a functional society. | |
| ▲ | trinsic2 6 hours ago | parent | prev [-] | | Maybe you're being Naive? Just because there are laws doesn't mean there going to be enforced. Especially with what's going on right now with governments becomming authoritarian. |
|
| |
| ▲ | jimbo808 6 hours ago | parent | prev | next [-] | | Ha. That's what everyone thinks before they've needed the police. | |
| ▲ | aetherspawn 7 hours ago | parent | prev | next [-] | | Yeah it was reported, but the telcos systems were such a load of slop there wasn’t any specific evidence recorded (logs etc), and besides nobody knew what to ask for, so it couldn’t be taken seriously. I don’t remember the exact circumstances of how they got a confession years later, I think bragging, but he did get convicted and the Telco eventually fired him, which stopped the stalking. | | |
| ▲ | boringg 7 hours ago | parent [-] | | What no log files of who's accessing records? That seems super sketch. | | |
| ▲ | aetherspawn 6 hours ago | parent | next [-] | | I’m spitballing here but it seemed like his job was a kind of ITS/technician job in the core infrastructure, and it seemed like he didn’t need to go through normal channels to get the information he wanted, ie he could just like pcap a tower with a filter or whatever in a routine kind of way that I guess didn’t create any specific logs. If there were any relevant logs they would have had to give them to the police. And I know that at a high level Telcos are heavily regulated, so there should have been logs. | |
| ▲ | mr_toad 6 hours ago | parent | prev | next [-] | | Doesn’t surprise me at all. I signed up for an internet plan with a provider once, but they never let me login to pay the bills. After they started threatening me with collections and several phone calls layer it turned out they were billing someone in a completely different city. Complete shambles. | | |
| ▲ | cucumber3732842 5 hours ago | parent [-] | | I have a comparable dispute with an old ISP from an old apartment. Their system had me as still receiving services there for many months after I cancelled and moved. Every year they send me a final warning saying it'll go to collections (the fact that it hasn't actually gone to collections more or less tells me I'm right, lol). Every year I'm grateful it's "just" an ISP and not the government because the government would've escalated the fine to a bajillion dollars and issued a bench warrant by now. | | |
| ▲ | pocksuppet an hour ago | parent [-] | | On the other hand, at least with a bench warrant you get to go to court and tell the judge "look, I cancelled this service years ago and I don't live there any more, and they confirmed the cancellation" and the judge would tell the opposing party to go cry about it. |
|
| |
| ▲ | wil421 5 hours ago | parent | prev | next [-] | | Bad actors will buy data from people and places where they don’t care. https://www.lighthousereports.com/methodology/surveillance-s... | |
| ▲ | woadwarrior01 6 hours ago | parent | prev | next [-] | | I've seen people getting fired in BigTech for using the platform to stalk their ex-es. It's usually an alert that goes off when employees access internal dashboards for a certain profile, too many times. | | |
| ▲ | throwawaysleep 6 hours ago | parent [-] | | BigTech is far more competent than a Telco though. | | |
| ▲ | red-iron-pine 13 minutes ago | parent [-] | | having worked and consulted at both... debatable. level competency is higher at BigTech but laziness, vanity, selfishness, ego, and learned-helplessness happens plenty too. e.g. for all of the BigTech brilliance plenty of them fall for mildly complex phishing efforts or bribes, etc. |
|
| |
| ▲ | Zigurd 6 hours ago | parent | prev | next [-] | | Some systems, like lawful intercept, are designed to be hidden even from telco network management systems. The LI console that set up a wire tap might log activity at that particular console at that particular law-enforcement agency. But if you don't know where to look exactly, good luck. This is why the Chinese picked lawful intercept as a hacking target for the salt typhoon exploit. It's almost impossible to know whether that exploit is continuing or when exactly it began. | | | |
| ▲ | 5 hours ago | parent | prev [-] | | [deleted] |
|
| |
| ▲ | ImPostingOnHN 5 hours ago | parent | prev | next [-] | | You're referring to the police, who are also abusing these surveillance systems to stalk their exes? Or maybe federal law enforcement, who are also abusing these surveillance systems to stalk their exes? Or perhaps intelligence agencies, who are also abusing these surveillance systems to stalk their exes? Did I mention they're all friends with each other and usually help each other and cover for each other? | | | |
| ▲ | throwawaysleep 6 hours ago | parent | prev [-] | | Cops are too dumb to comprehend that. They would proclaim it impossible and order more donuts. Most simple criminals get away with their crimes. Anyone with any level of sophistication does as well. |
|
|
| ▲ | wil421 5 hours ago | parent | prev | next [-] |
| Scammy telcos in poorer countries sell SS7 data for a small fee. It will give you all the location data you need. |
| |
| ▲ | pocksuppet 4 hours ago | parent [-] | | SS7 access - you still have to hack the system to acquire the data yourself, and I believe it creates a log that you roamed to that country, and briefly disconnects your cellphone from the network? It's far from invisible. |
|
|
| ▲ | therobots927 7 hours ago | parent | prev | next [-] |
| Assuming he had access to a database with (lat, long, SIM) data, if she got a new phone he could just use the known (lat, long pairs) from the old sim and lookup to get the new sim. Then bam, you can get all of the new lat longs. It’s impossible to avoid unless you simultaneously move to a new house / apartment when you get your new phone, and never bring the new phone to any previous low-traffic location you brought the old phone to. |
| |
| ▲ | justinclift 6 hours ago | parent | next [-] | | If the person was deep enough into the system to have access to location data, then they'd probably be able to just directly look up customer details (likely easier). | | |
| ▲ | hocuspocus 6 hours ago | parent [-] | | Absolutely not. I have access to geo-located network telemetry. CRM data is completely off limit to anyone on my team. | | |
| ▲ | justinclift 5 hours ago | parent | next [-] | | Are you in a small company where most people wear lots of hats, or in a big company that has siloed off groups? Am guessing it's more of the big company approach that silos things off? | | |
| ▲ | hocuspocus 4 hours ago | parent [-] | | As far as telcos go, I work at a pretty small one. We have fewer subscribers than say, a single Chinese operator would have in a second tier city. |
| |
| ▲ | kakacik 6 hours ago | parent | prev [-] | | Well maybe it wasn't such a well secured company and also this seems story from the past. | | |
| ▲ | hocuspocus 3 hours ago | parent [-] | | Built-in positioning of network traces is relatively recent in mobile network equipment and dedicated probes. If that happened more than 5-6 years ago, it would sound even less likely. Most telcos never bothered doing the processing needed to position raw events based on timing advances. They'd simply offload that to third party companies. These solution providers aren't crazy, they don't touch data that isn't already anonymized. It's even less probable that a random employee would have access to the multiple datasets needed to piece someone's personal data together. |
|
|
| |
| ▲ | calvinmorrison 7 hours ago | parent | prev [-] | | it's impossible for your precise location to be tracked by anybody... wow thats crazy | | |
|
|
| ▲ | tamimio 4 hours ago | parent | prev | next [-] |
| Well, my privacy-o-meter made me have my phone with no sim card and always airplane mode, and the sim card is in a dumb phone in my house, that I also barely turn on unless needed. Not perfect, but still far better than being tracked with telecoms. |
|
| ▲ | hocuspocus 6 hours ago | parent | prev [-] |
| I'm sorry but this sounds like bullshit. As someone who has access to such data at a telco: - Very few people have legit business cases requiring access to enriched network telemetry, at least non aggregated. - Of which, only a handful have any reason to see the MSISDN in clear. - Of which, none can get access to clear CRM data. - Lawful interception and emergency services use completely separate paths, exposed via user interfaces that aren't available to employees. And obviously, a simple email to the data governance and privacy office would be taken extremely seriously. Also why not simply switch to a different phone operator? |
| |
| ▲ | aetherspawn 6 hours ago | parent | next [-] | | So what you’re saying is if you were secretly a psycho and wanted to stalk your ex-girlfriend, you work at a Telco and basically have access to the tools to do it? So putting aside the fact you’re a reasonable person, anyone who works themselves up to a similar seniority and job description in a Telco as you, could in fact do exactly what the article is saying is an issue for the victims. | |
| ▲ | hnthrow0287345 6 hours ago | parent | prev | next [-] | | I'm sure every single telco in the world is perfectly in line with this | | |
| ▲ | lostlogin 3 hours ago | parent | next [-] | | Stalker terrorises woman, she reports it, nothing happens, stalker kills her. Queue hand wringing.
It’s played out a lot of times, in a lot of places, I don’t know why everyone here is so cynical. | |
| ▲ | hocuspocus 6 hours ago | parent | prev [-] | | Even in pretty dysfunctional countries, or pro-business ones like the US, where nothing like the GDPR exists, telcos management have a strong interest in not letting just any rank and file employee spy on subscribers. | | |
| ▲ | throwawaysleep 6 hours ago | parent [-] | | Most breaches are not in the interests of management, but they happen anyway as management wants to save money or doesn't understand how it could happen. |
|
| |
| ▲ | subscribed 5 hours ago | parent | prev | next [-] | | I'm glad to hear that your random telco's governance and influence has spread around the entire world to every other telco. FYI: from the fact it's hard (not impossible) to see the data mentioned and it's possible (not guaranteed) that the caught offender would be punished is a VERY long way to "you lie". Theirs was anecdata, yours is anecdata but you're additionally rude. | |
| ▲ | throwawaysleep 6 hours ago | parent | prev | next [-] | | > And obviously, a simple email to the data governance and privacy office would be taken extremely seriously. What is this based on? I used to work for a data governance and privacy vendor that supplied data for audits. Tons and tons of customers asked us to fudge their data. This is after the Delve scandal, where the hottest tech compliance company was completely fraudulent and numerous other hot tech companies also had completely fraudulent audits. This is not a reasonable assumption. | |
| ▲ | NitpickLawyer 4 hours ago | parent | prev | next [-] | | Ah, I remember back in the day when "trust me I work in a telco and this is just dumb" people were really really silent after the room 641a stuff got leaked. | | |
| ▲ | hocuspocus 3 hours ago | parent [-] | | So now the random ex-boyfriend has access to the same tools as 3 letter agencies, got it. If you live in a country where you cannot trust law enforcement then there isn't much your telco can do. But specifically, these surveillance tools are not available to us. |
| |
| ▲ | mistrial9 6 hours ago | parent | prev [-] | | you are close to a system in a way that those guardrails are clear and present; the story is from the point of view of a victim, and it is possible that they were indeed a victim. Therefore the means of the stalking is not known at all via this story, but somehow, something did occur. It is not surprising on either side, and they do not necessarily contradict each other IMHO | | |
| ▲ | hocuspocus 4 hours ago | parent [-] | | I'm specifically talking about the technical aspect. Even with non-existent separation of concerns, and abysmal practices related to data governance which would be breaking the law in most of the developed world, the story sounds like bullshit. Extracting points of interest and reconstructing paths from raw network telemetry isn't trivial. The likelihood a random employee could run a quick SQL join to stalk someone based on their name is zero. |
|
|
