Following on from yesterday’s discussion of passsword stealing, we have the recent report on the News of the World by the House of Commons Culture, Media and Sport select committee on hacking at the News of the World.
The general aspects of the case are covered elsewhere (and may well be dug up again by a judicial review it seems), but I’d thought I’d add two comments.
Firstly it shows, again, the uselessness of passwords as a means for protecting sensitive information. Exactly how this “hack” occurred isn’t public, but I’ll put hard up hard cash that it was a social attack and not a technical one. Over on At The Sauce there’s a description how one journalist believes his voicemail was accessed and it seems very plausible. As ever, the simplest solution to obtaining a password is to just ring up the provider and ask for it.
Secondly, the MPs are quoted as being “surprised” that this action wasn’t illegal. It’s always seemed strange that accessing an already read email, or already listened to voicemail, isn’t interception. Hopefully that will change as a result of this. Gaining access by technical means (like the Prince Phillip Prestel hackers, or the Paris Hilton case) leads to a charge under the Computer Misuse Act, but that doesn’t apply to these attacks.
Yates told the committee it was hard to get convictions for accessing others’ voicemails under the Regulation of Investigatory Powers Act. The committee recommended that the law be amended to cover all hacking of messages. (Source)
