+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

A prison technology company has a way to track almost any cell phone in the United States - and it reportedly just got hacked

May 17, 2018, 05:21 IST

A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, hackers staged a cyber assault with a self-spreading malware that has infected tens of thousands of computers in nearly 100 countries.Kacper Pempel/Reuters

Advertisement
  • Securus is a prison technology company best known for providing phone services for inmates.
  • One of its lesser-known services is a geolocation service that lets law enforcement track almost any cell phone within seconds.
  • Last week, the New York Times reported that a Missouri sheriff is accused of using Securus technology to track people, including a judge, without a warrant. The incident raised security and privacy concerns.
  • According to Motherboard, a hacker was able to breach the company's server, and supplied the publication with internal documents.

Securus, a prison technology company used by law enforcement agencies across the country, has allegedly had its data breached by a hacker, reports Motherboard.

The 10-year-old company came into the spotlight last week, when the New York Times reported that Cory Hutcheson, a former Missouri sheriff, was accused of allegedly using Securus services to track the whereabouts of people's cellphones, including a judge and members of the highway patrol, without warrants. Hutcheson pled not guilty.

The Dallas-based company is one of the leading providers of prison phone services, enabling inmates to communicate with the outside world. However, it also offers an additional feature to its customers in law enforcement - the ability to track the location of any cell phone across the country, in seconds.

In theory, this location service is meant for benevolent uses, like helping law enforcement solve crimes, or hospitals to recover wayward patients with Alzheimers. Furthermore, when inmates make a phone call, it gives prison staff a way to know where, exactly, the person they're speaking with is located.

Advertisement

Ahead of the Times report, however, Senator Ron Wyden (D-OR) wrote a letter to the FCC, as well as AT&T, Verizon, Sprint, T-Mobile, and other wireless service providers, demanding answers on the privacy implications of the location-tracking services offered by Securus, as well as asking for safeguards against the misuse of the service.

Furthermore, the Times reports that Securus' tracking tech works even if GPS is switched off on the target's phone: It uses cell phone towers to triangulate the phone's location, using tech originally invented for marketing. ZDNet has a deeper dive on how this feat is accomplished, and how Securus seems to use middleman companies to stay within the law.

It's difficult to know how widely this service is being used - not every Securus customer takes advantage of the geolocation feature. However, it is fair to say that Securus is very popular with domestic law enforcement agencies and prisons, with the Times reporting that its customers number in the thousands.

On Wednesday, less than a week after the Times published its story, Motherboard reported that hackers had supplied it with a spreadsheet of internal company files on customers who had bought Securus services since 2011, including personal information on 2,800 Securus users.

Motherboard described the contents of this breach as including "poorly secured passwords for thousands of Securus' law enforcement customers," as well as usernames, email addresses, phone numbers, and other personal information. And Motherboard reports that it was able to verify that the information was accurate.

Advertisement

The data breach also reportedly includes that of Securus staff members. And according to Motherboard, the roles of the users listed in the spreadsheet that the hacker supplied include "jail administrator" and "deputy warden," indicating that much or even most of the hacked data came from prison staff.

"If this account is true, it demonstrates, yet again, that Securus is failing cybersecurity 101, in total disregard for the privacy of the Americans whose communications and private data it should be protecting," Senator Wyden told Motherboard. He again called on the FCC and wireless carriers to take action to protect customer data.

Securus did not immediately respond for comment.

Read the full New York Times report here, and the full Motherboard report here.

NOW WATCH: Jeff Bezos reveals what it's like to build an empire and become the richest man in the world - and why he's willing to spend $1 billion a year to fund the most important mission of his life

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article