An ex-Marine turned hacker used his powers for good last week, exploiting a flaw in Google Maps to tap into phone calls from the FBI’s San Francisco field office and the Secret Service.
The news of hacker Bryan Seely’s exploit was broken by local Seattle broadcast news with a more detailed follow up by tech blog Valleywag, which obtained phone calls to the FBI recorded by Seely. The exploit allowed the former Microsoft employee to modify the phone numbers for businesses listed on Google Maps. He changed the listed phone numbers to fake ones, which would intercept and record the call before being rerouted to the FBI, allowing him to record everything said between the two parties.
Seely told Valleywag:
Who is gonna think twice about what Google publishes on their maps? Everyone trusts Google implicitly and it’s completely unwarranted and it’s completely unsafe. I could make a duplicate of the White House and take every inbound phone call from the White House. I could do it for every Senator, every Congressman, every mayor, every governor—every Democratic, every Republican candidate. Every office.
Seely tried time and again to warn Google, he told Valleywag, but when they didn’t listen he decided to show them just how vulnerable this system was.
Seely’s recording of an FBI phone call posted on SoundCloud airs the automated message system the San Francisco FBI plays. Afterwards, we’re able to listen in to the caller’s every word.
“Yes ma’am, I need to ask a question about an email I received, it’s concerning that y’all, the Federal Bureau of Investigations, claim I won a lottery through my email through another country,” the caller says to the FBI. He’s asking about a common Internet scam, phishing, and the second call Seely recorded from the Secret Service was just as innocent.
Listen to the FBI call Seely recorded in the player above.
But not every call to the Secret Service or FBI is so innocuous. After the Secret Service took Seely into custody for his actions, they apparently called him a “hero.”
The San Francisco FBI bureau’s spokesperson, Peter Lee, told the Guardian that he wasn’t aware of the scam, and could neither confirm or deny it. Sounds like super secret spy stuff to us. We directed him to the link, but he couldn’t confirm or deny that we sent him the link, either.
The national FBI spokesperson wasn’t aware of the issue, or at least, said she wasn’t. But the response from Google seems to be more telling — it contacted Seely to find a way around the exploits. But he didn’t appreciate their “attitude,” he told Valleywag.
In the meantime, Google’s map vulnerabilities apparently are lures for “entrepreneurs” who redirect calls from one small businesses to another, garnering millions in profits for the digital scammers in what amount to extortion fees, a tech consultant told Valleywag.
While Google works on a fix, if you have to call the San Francisco bureau of the FBI, try looking up the number using the Yellow Pages.
Read more at Valleywag, here.
Bryan Seely is hailed by Secret Service & never charged for recording FBI calls, This promotes idea of patriotic hackers. Sound familiar?
— socrates (@Prepostericity) March 5, 2014