alt Hacker NewsYeah, a friend of mine was tracked by a stalker ex boyfriend who worked at a Telco.
It was irritatingly difficult to avoid because it seemed he could look up her SIM card by name and then get her location no matter what (new SIM, new phone)
Anyone who reports this kind of thing to the police just sounds irrational and crazy and gets ignored.
Replies
Sounds like something worth reporting as it is an offence in Australia at least. The police would certainly investigate such an allegation and charges could be laid if there was sufficient evidence and a conviction was possible.
Scammy telcos in poorer countries sell SS7 data for a small fee. It will give you all the location data you need.
Assuming he had access to a database with (lat, long, SIM) data, if she got a new phone he could just use the known (lat, long pairs) from the old sim and lookup to get the new sim. Then bam, you can get all of the new lat longs.
It’s impossible to avoid unless you simultaneously move to a new house / apartment when you get your new phone, and never bring the new phone to any previous low-traffic location you brought the old phone to.
Well, my privacy-o-meter made me have my phone with no sim card and always airplane mode, and the sim card is in a dumb phone in my house, that I also barely turn on unless needed. Not perfect, but still far better than being tracked with telecoms.
I'm sorry but this sounds like bullshit. As someone who has access to such data at a telco:
- Very few people have legit business cases requiring access to enriched network telemetry, at least non aggregated.
- Of which, only a handful have any reason to see the MSISDN in clear.
- Of which, none can get access to clear CRM data.
- Lawful interception and emergency services use completely separate paths, exposed via user interfaces that aren't available to employees.
And obviously, a simple email to the data governance and privacy office would be taken extremely seriously.
Also why not simply switch to a different phone operator?
It's literally a known thing at telcos in various roles they find people looking up folks dox regularly. If someone registers a complaint that someone access their data they'll look it up and deal with them.
I once asked someone on the security /investigations side if you are logging what everyone is doing can't you easily find when folks are looking up stuff unrelated to their job? Their answer: we'd have to fire over half the people here - everyone is constantly looking up people's PII - celebrities, friends, enemies, etc. it's almost considered a unofficial perk of the job. This was from one of the largest US Telco carriers circa 2010. Maybe things have changed, hopefully.