Protect Against Phone Hacking

In 2011 one of the more well publicised stories was that of the News of the World Phone Hacking Scandal. Among other things, this front page saga highlighted the large vulnerabilites present in mobile phone security. Phone hacking has resulted in unauthorised access to such things as a victim's personal voicemail, email, and bank accounts. Even Hollywood celebrities are not safe from phone hacking. So how exactly do the criminals do it? And how can you protect yourself from phone hacking? You don't have to be rich or famous to be the target of phone hackers -  all it takes is for you to make a few simple mistakes. Older mobiles are set with default pin numbers and most users don't bother changing them. This fact allowed hackers to easily access personal voicemail inboxes - all they had to do was dial the mobile number when it was switched off, or engaged, and try the default pin. This is thanks to a capability, put in by the network provider, to access voicemail from anywhere, including a landline. To determine the default pin all the hacker would have needed to do was google the particular mobile phone number. This would bring up the mobile's network provider and further googling would have allowed the hacker to find out the default pin for that particular provider. How would strangers have gotten a hold of your mobile number? Simple - you gave it to them. Social media sites are typically ripe with personal details that people willingly give away, including mobile phone numbers. Even when people do change their pin they typically change it to something recurring such as 1234, or to a birthday perhaps. These make it much easier for the hacker who, again, has access to social media sites where potential victims have typically left more personal information about themselves than they should have. Another thing the hackers have going for them is a property of the 4 digit pin system itself: there are only 10000 possible combinations! 10000 is not very many, and discovery of a 4 digit pin number by trial and error would not take too long. Nowadays network providers typically do not set default pins.

Sometimes a hacker will go to extreme lengths to steal information from your phone. These may include high-tech methods straight out of a spy thriller film. Although these techniques are not likely to be used on the common man on the street, they are still things to be aware of. Handset cloning is one such method. This is an advanced method which requires the hacker to use a special kit that doesn't come cheap. It's purpose is to make a duplicate of the target mobile phone, including the sim card, so that incoming calls can be recieved from the duplicate instead of the real one. It works when the real mobile is switched off. Bluetooth hacking is another method to be aware of. My advice: turn your phones bluetooth visibility to 'hidden' until you need to actually use it. Also, never accept connections with complete strangers. Malware, such as  viruses, worms, trojans, and spyware can be transferred through bluetooth. SMS spoofing is yet another technique to watch out for. It is a method that can use SMS to disguise the sender mobile number as that of anything else, including a trusted contact. It can also be used to fool the network provider into thinking that a message requesting a pin number came from the owner rather than a hacker. Another possible method hackers might use is Local Area Mobile Phone Tapping. This is another relatively advanced method, that allows the hacker to listen remotely to all phone conversations within a local area. To pull this off the hacker would rely on an array of sophisticated software. This software would pick up broadcast signals, decrypt the data and allow the hacker to listen in on phone calls within the vicinity.

Another threat to phone security, especially for smart phones, is the threat of malware from mobile apps. Smartphones are vulnerable for a number of reasons. They are relatively new, and users underestimate how secure they really are - many users forget that they are nothing more than handheld versions of desktop computers. Smartphones have more vulnerable entry points than standard mobile phones do. There are mobile apps available at the market that can steal details from a victim's phone, such as phone numbers, contacts lists, messages, data and so forth. Of course the apps don't advertise the fact that they could have malware attached to them, so it is neccessary to exercise extreme caution when deciding to download an app. The Apple Store typically has more stringent checks when it comes to apps than Google Play (now replacing Android Market) does for their apps. Even so, the advice still applies no matter what type of mobile you have.

Employment with Regards to Social Media

What are your rights as an employee when it comes to social media? Are you allowed to say stuff about your employer on Facebook, for example, that you wouldn't say to their face? As an employer what are you rights when it comes to disloyal employees who express their disloyalty on social networking sites? Social media is new territory in labor and employment law. Even so there are a few rough rules to follow, that may or may not change in the near future as the law regarding social media becomes more specific. In the United States, if a discussion on Facebook, or other social media sites, involves several coworkers it has a higher chance of being regarded as 'protected concerted activity', which is protected by the National Labor Relations Act (NLRA). If the discussion is about a colleague but the topic of discussion is not related to work, it will not be considered protected concerted activity. Examples of this might include mentioning sexually explicit things about fellow employees. Making statements that are defamatory and untrue will not be considered protected concerted activity. For example, there was one case where the firing of airline workers, who protested with signs saying that the airline was unsafe, was upheld. If those protesters had instead held signs that accurately said their airline had been cited for numerous safety violations, they would probably have been protected under NLRA.

Here is a list of cases where the use of social media by an employee resulted in that employee getting fired. Note that in some of these cases I was not at liberty to disclose their name.

Who: Kimberly Hester, a teacher's aide
Worked for: Less Cass Intermediate School District
Fired for: Not giving up her Facebook password to Lewis Cass ISD
In 2011, after work hours Hester posted on her Facebook page a picture of a colleague with her pants around her ankles. A member of the public complained anonymously to the school, which prompted the district superintendent to ask Hester for access to her Facebook page. Needless to say she refused every time she was asked, and was subsequently suspended on unpaid leave. Hester and her former employer are scheduled for arbitration in May of this year.

Who: Dawnmarie Souza, an emergency medical technician
Worked for: American Medical Response (AMR) of Connecticut
Fired for: Among other things, violating a policy that bars employees from depicting the company 'in any way' on social media sites in which they post pictures of themselves.
Souza was fired when she criticised, in a profanity filled post, her supervisor on Facebook. She did this after her supervisor denied her help from the union representing the company in composing a response to a customer's complaint. The National Labor Relations Board (NLRB) stepped in to defend Souza by filing a complaint against her former employer. The Board's general counsel, Lafe Solomon stated that employees are protected, by the NLRA, to discuss with each other things such as working conditions and unionisation. Whether these discussions take place around the water cooler or on Facebook is irrelevant. The Board also said that AMR's social media rule was "overly broad" and restricted employees' right to such discussion. In response AMR stated that Souza had been discharged based on "multiple, serious complaints about her behavior". They saw Souza's statements as improper negative personal attacks against a co-worker and, as such, did not regard them as concerted activity protected under federal law.

Who: five employees
Worked for: Hispanics United
Fired for: Responding to a post on a coworkers facebook page
The NLRB stepped in again to defend five employees of Hispanics United, a New York non-profit group, after they were fired by the organisation for, what Hispanics United regarded as harassment of a fellow employee. This occurred on Facebook, when they entered into a heated discussion about their job performance and working conditions. The NLRB saw the posts as protected discussion.

Who: a car salesman
Worked for: Knauz BMW dealership in Chicago
Fired for: Criticising his employer on Facebook
A car salesman working for the Knauz BMW dealership was fired after he posted photos to his Facebook page of a sales event the dealership was holding, accompanied by statements criticising his employer for only serving drinks and hotdogs. The NLRB alleged that Knauz BMW dealership violated the NLRA when firing the salesman.

Who: one employee
Worked for: Build.com, an online retailer
Fired for: Criticising her employer on Facebook
The employee in question criticised her employer's alleged state labor code violations on Facebook, and in the process garnered replies from other employees. The NLRB believed that this constituted protected discussion, and settled the case in April of last year.

Who: a reporter
Worked for: Arizona Daily Star
Fired for: Multiple tweets on his work-related Twitter account that the employer regarded as inappropriate and unprofessional
In this instance the NLRB agreed with the employer. Arizona Daily Star fired a journalist who had used his work Twitter account to post inappropriate tweets about the Tucson shootings. For example, he tweeted “You stay homicidal, Tucson ….”, along with “What?!?!? No overnight homicide? WTF? You’re slacking Tucson”. These offensive tweets were not protected concerted activity - they were not a discussion about unionisation, or management, or work place conditions.