Terrorist support or mere fraud?

One of the last vestiges of critical infrastructure protection is apparently being scaled and destroyed. Companies are violating every common-sense security premise I have ever known, cracking (illegally or not) the people component of security, in ways that heretofore have only been in the hands of law enforcement and judicial overview.

Today, for a few dollars to LocateCell.com, an online data broker, I can identify every person you have spoken to on your cell phone. All of the private names and numbers you have acquired during your career, building your business or protecting the country. Then I map when you spoke to your contacts, for how long and what they did in response to your communications with them. Then I find their addresses, Social Security numbers, friends, relatives . . . you get the idea. Paris Hilton Hell at your front door.

Thanks to LocateCell.com, anyone with a credit card can suss out the most private dealings of anyone their little heart desires. Maybe it's for competitive intelligence. (To whom is that company trying to sell? Which lawyers are they using? How often do Bill and Sally talk, when and for how long? How many people are on this project?) Why exhibit at a trade show when all of the good leads are in your competitors' phone logs?

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

One of the last vestiges of critical infrastructure protection is apparently being scaled and destroyed. Companies are violating every common-sense security premise I have ever known, cracking (illegally or not) the people component of security, in ways that heretofore have only been in the hands of law enforcement and judicial overview.

Today, for a few dollars to LocateCell.com, an online data broker, I can identify every person you have spoken to on your cell phone. All of the private names and numbers you have acquired during your career, building your business or protecting the country. Then I map when you spoke to your contacts, for how long and what they did in response to your communications with them. Then I find their addresses, Social Security numbers, friends, relatives . . . you get the idea. Paris Hilton Hell at your front door.

Thanks to LocateCell.com, anyone with a credit card can suss out the most private dealings of anyone their little heart desires. Maybe it's for competitive intelligence. (To whom is that company trying to sell? Which lawyers are they using? How often do Bill and Sally talk, when and for how long? How many people are on this project?) Why exhibit at a trade show when all of the good leads are in your competitors' phone logs?

While there are many other companies who also claim to offer similar invasive and likely illegal services, LocateCell.Com is catching the most attention. The behind the scenes corporate changes and interstate moves would appear to only further confuse the issue as states rights may go up against the national interest in stopping all forms of terrorist support. Update: Since I reported this to the FBI almost 2 months ago, despite promises they would get back to me - nary a word. Makes you really wonder.

Maybe I am a terrorist and want to map portions of your critical operations center. Then I know how to crash it. A terrorist can cause an operational systemic problem and then interfere with the protective efforts by launching denial-of-service attacks against the right people at the right cell phones. Or maybe, I as the terrorist will identify the right people in the right place at the Federal Aviation Administration or Federal Emergency Management Agency or the White House, then ID their kids and families. A few strategic phone calls can turn an active dedicated response team or terrified politicians into lethargic Katrina-like slugs or worse.

Or, maybe I am just an average profit-motivated criminal. I want to know to whom my cohorts are talking. Simple way to make them honest . . . or dead. It also would be useful to be able to monitor the private cell lines of police officials. Then I could find out who's the cop, who's the snitch and who's in-between.

In the intelligence field we call this traffic analysis. I know Bob's name and Bob is very important. Once I know to whom Bob talks, and when, I have the first layer of his private network defined. Once I know with whom Bob's associates speak, I have another layer defined. How far I want to go is merely a scalable effort. This is how the intelligence community turns seemingly innocuous pieces of open source or collected data into highly classified information. Now we can all do the same thing . . . for a few bucks.