Unsuspecting citizens who tried to speak with the FBI and Secret Service had their calls intercepted and recorded without the hacker having to lift a finger during the call.
These callers made the hacker’s work easy; they trusted and dialed a number provided on Google maps, rather than seeking out a listing on a government website.
[sharequote align=”right”]”Who is gonna think twice about what Google publishes on their maps? Everyone trusts Google implicitly and it’s completely unwarranted and it’s completely unsafe,” – Hacker.[/sharequote]
Brian Seely, a network engineer and one-time Marine who has worked for tech companies like Microsoft and Avanade, used to get paid to spam Google Maps, according to Valleywag. He says he’s tried for years to shore up security gaps in the system by alerting Google engineers, but says he wasn’t taken seriously until he walked into a Secret Service office near his Seattle home Thursday.
While there, Seely says he got a notification on his phone that a call had just been intercepted: It was a Washington, D.C., police officer calling the Secret Service about an active investigation, according to Valleywag:
After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a “hero” for bringing this major security flaw to light. They let him go after a few hours.
He claims that he faked the government listings, picking numbers with his own 425 area code so they would stand out, because Google ignored his pleas to fix long-standing flaws in the system.
Seely said he took the fake numbers down after his conversations with the Secret Service.
After Seely’s fake numbers received the incoming calls, they were seamlessly forwarded to the real offices the callers were trying to reach. Only at that point did Seely’s program capture and record the audio transmission.
But this is just one hacker who has come forward to point out the flaw. Seely told Gizmodo there are thousands of trolls using Google Maps to create fake listings for pranks or jokes, and more seriously, for scam businesses who want to divert Internet searches to their high-priced services.
“It’s polluting Google Maps with hundreds if not thousands of fake locations and businesses. (Seely) estimates that there are over 100,000 fake listings for locksmiths alone,” Gawker reported:
So say I’m a locksmith and I want a little more business. My ranking is too low when you search “locksmith near [my neighborhood]” on Google Maps; no one ever clicks on me.
If I find the right scammer, I can boost my presence with a couple more (non-existent) locations. Or even better, I can have a scammer change my competitors’ numbers so that the calls forward to me instead. All I have to do is pay a scammer $50 or so per call. But hey, that’s just the cost of doing (shady) business.
Seely told Valleywag people should be a little more guarded with the information they pick up from Google.
“Who is gonna think twice about what Google publishes on their maps? Everyone trusts Google implicitly and it’s completely unwarranted and it’s completely unsafe,” Seely said.
Google did not immediately respond to TheBlaze’s request for comment.
“When unsuspecting citizens utilize this incorrect third party phone number to contact the Secret Service the call is directed through the third party system and recorded,” the Secret Service told Gawker. “This is not a vulnerability or compromise of our phone system. Virtually any phone number that appears on a crowdsourcing platform could be manipulated in this way.”
Follow Elizabeth Kreft (@elizabethakreft) on Twitter