Phone mail raid compromises 27 police detectives
In the September 1999 issue of the ÆGIS e-Journal we told and showed you how easy it was to break a phone mail system. It was a chapter and verse on how easy it is to do a “phone mail raid” and how easy it is to prevent a phone mail raid. We used the example of an engineering firm. It appears, however, that police too have some issues.
Steven Boudrias was able to break into the voice-mail system of 27 Montreal Urban Community police detectives. He said the detectives used access codes like 123456, or part of their telephone number
According to the Montreal Gazette, he listened to confidential messages about fraud, harassment and drug investigations. Boudrias was caught because he discovered that an acquaintance was under investigation and gave him warning. As it turned out, the friend was as imprudent as was Boudrias himself, and bragged not only about his knowledge of the investigation, but also about the source of his knowledge.
One of the morals of this tale is that we should be more careful about our various passwords. Actually, for many of us the number of passwords we need to deal with has become something of a problem, particularly on the computer: We have an awful lot of them, and there is a tendency to either write them down or make them something so simple that any fool can figure them out or use one userid and password for everything. An alternative is to use something like the Password Safe, available free from Counterpane (http://www.counterpane.com/passsafe.html). Password safe allows you to store an encrypted list of things that need userids and passwords. You of course need to remember the password for Password Safe, but you don’t have to remember all the passwords stored in it.
We recommend you be sure to back up the password file (as well as all your other important data) and store it offsite.