6 March 2004

The cell phone is being demonized like the Internet for being able to track and threaten users. In the message below the two addictions are conjoined. Easy privacy invasion of the two are based on inherent insecurity resulting from service providers devising technology for their own purposes not that of protecting users. As if nothing can be done to prevent cellphone insecurity, and that it is always the drug users fault, never the drug makers and pushers abiding national security requirements to assure access to the systems (weak privacy protection a feature of worldwide). The cell phone has become a leading competitior with the Internet for surveilling and data collecting of unwary users. No wonder the body bugs are being given away. You see a cell phone user, pity their gullibility for trusting the seemingly private gadget, same for an Internet addict, like this one pecking a rant.


To: tscm-l@yahoogroups.com
Date: Fri, 5 Mar 2004 17:32:33 -0800 (PST)
Subject: [TSCM-L] Nextel Exploit Advisory

NEXTEL ALERT 

Be advised that yesterday we learned a very disturbing feature about
our Nextels. An SFPD undercover officer, who was doing some buys
in one of our cases, was compromised for the following reason. He
provided the crook with his Nextel cell phone as a UC contact number. He
changed his voicemail and left a message using his UC name (matching his 
UC cover).

The crook called the # and when it rang over to voicemail he pushed 
Option 1. Option 1, identifies the owner/operator of the phone. If you 
recall when you first activated your Nextel you had to call in and leave 
your name (or something to like that) on a Nextel recording. Anyway, that
original voice recording is in EVERYONE's Nextel memory and can easily be
accessed.

In our case, the crook got the UCs real name and entered it into
Google. Within minutes the crook learned that the UC was in an
SFPD Officer who was in an officer involved shooting several years
ago. The incident made the paper and is forever memorialized on the
internet. It probably took all of five minutes to figure this out.

As a side-note, I entered my name in Google last night and it immediately 
gave links to, among other things, DEA watch ("evaluations" are posted), 
the results of every road race I have run as well as my wife's alumni 
records, church newsletters that get posted on their website.

DEA Tech took the time to figure out how to disable this function
(refer below) on our Nextels. I advise anyone who does UC work to do
the same. He sent it to a few people in the division who do UC work but
you all should be advised of the same.

-----Original Message-----

CALL YOUR CELL # ONCE YOUR VOICE MAIL KICK'S IN PRESS #1, THIS
WILL VERIFY IF YOUR NAME IS RECORDED FROM THE INTIAL ACTIVATION. IF
THIS IS THE CASE, DO THE FOLLOWING;

1. CALL YOUR VOICE MAIL AND ENTER CODE, AS IF RETRIEVING MESSAGE

2. HIT OPTION #4 - PERSONAL OPTIONS

3. HIT OPTION #4 - PERSONAL PREFERENCES

4. THEN HIT DELETE KEY #3? TO DELETE NAME

DO A RE-TEST USING ABOVE VOICEMAIL RETREIVAL TO VERIFY YOUR NAME IS
DELETED.

=====