- People are roasting this ‘traditional’ take on marriage with a hilarious meme Saturday 5:17 PM
- The internet just collectively realized that the Neopets of the world must be hungry Saturday 4:00 PM
- Alt-right message board 8chan was served a search warrant Saturday 3:06 PM
- O.J. Simpson just joined Twitter in the most bizarre fashion Saturday 1:20 PM
- Prominent phone-hacking firm says it can unlock any iPhone for law enforcement Saturday 12:39 PM
- Hundreds of police officers belong to extremist Facebook groups, investigation finds Saturday 9:31 AM
- How to watch Tyson Fury vs. Tom Schwarz online Saturday 8:00 AM
- ‘Late Night’ is a disappointing, tepid comedy Saturday 7:00 AM
- How to stream ‘Love It or List It’ for free Saturday 7:00 AM
- How to watch the 2019 Concacaf Gold Cup online for free Saturday 6:55 AM
- Borderlands 3 preview suggests the aging series can still hang with the cool kids Saturday 6:30 AM
- How to stream the 2019 College World Series for free Saturday 6:00 AM
- Police try to solve domestic violence by giving victims blunt kitchen knives Friday 5:40 PM
- Privacy activist Ola Bini detained for 2 months in Ecuador without charges Friday 5:01 PM
- Twitter says suspending ‘God’ for a pro-LGBTQ tweet was an ‘error’ Friday 4:14 PM
Startup founder hacked an investor’s voicemail because #SiliconValley
How did he think this was a good idea?
Last week, we showed just how insecure voice mail systems really are by letting a 21-year-old British hacker break into my inbox. Obviously, somebody didn’t get the memo.
An impulsive startup founder named Avi Zolty hacked Web entrepreneur and Inside founder Jason Calacanis’s voicemail this week. And we know this because Zolty later blogged about his exploit on Medium.
The inane hack, according to Zolty, was a “social experiment,” “something unique” to draw attention to his startup company, which is trying to revolutionize the way we book rental cars.
Who knows, maybe Zolty’s company will “disrupt the $24bn a year US car rental market.” But first, he might want to think about finding a way to keep himself out of prison.
Zolty’s big idea was to replace Calacanis’s voicemail greeting with a message of his own: an advertisement aimed at venture capitalists who he thought might be interested in his startup, Skurt. What could go wrong?
“Hey guys, we temporarily borrowed Jason Calacanis’s voicemail,” Zolty’s message said. “If you wanna check out what we’re working on, we’re at Skurt.co. Jason, we hope there’s no hard feelings. We’re huge fans.”
A video posted by Jason Calacanis (@jasoncalacanis) on
Accessing Calacanis’s voicemail required little or no technical skill on the part of Zolty, so it’s curious why he believed that anyone would find his stunt impressive. It was accomplished by spoofing Calacanis’ phone number, thereby tricking the voicemail system into assuming it was actually him, and not Zolty, calling to check the messages. There are paid services online, such as SpoofCard, that do the technical magic for you. These services are usually employed by social engineers wanting to masquerade as other people over phone.
Unless you setup your voicemail to require a password each time you call it, there’s really no way to stop someone from checking your messages. There’s really no way to detect it either, if the hacker deletes a message before you’ve heard it. As Zolty eagerly points out in his blog, one can simply “call *67 to have it sent straight to voicemail.”
Rather than blow a gasket, Calacanis responded to having his inbox compromised by expressing concern over social media for Zolty, who may have violated state and perhaps federal laws with the shameless pitch. “Obviously you have not paid attention to the U.K. hacking scandal, but people go to jail for doing these kind of things—your intent does not matter in the eyes of the law,” wrote Calacanis.
— jason (@Jason) October 27, 2014
Indeed, Calacanis’s concerns are more than warranted. Zolty might easily find himself in handcuffs after publicly announcing that he’d exploited the phone company’s voicemail system. The Federal Bureau of Investigation (FBI), for one, has no patience and no sense of humor when it comes to hackers. And while surely the only damage done was to Zolty’s reputation—seriously, how did he think this was a good idea?—the U.S. government is in the business of making examples out of curious young hackers by crushing them under the full weight of the U.S. justice system.
Even a neophyte U.S. prosecutor could presumably find cause to charge Zolty with a federal crime under the Computer Fraud and Abuse Act (CFAA). All it takes is the slightest connection to interstate commerce—if Zolty was, for instance, in a different state than Calacanis when he hacked his voicemail. Likewise, it may be enough that the phone company’s servers were across state lines.
Regardless of whether or not a federal law was broken, there are plenty of state laws that apply; California Penal Code Section 502, for one. Anyone who “knowingly accesses and without permission adds, alters damages, deletes or destroys data … which reside or exist internal or external to a computer, computer system, or computer network” is said to be guilty of committing this public offense.
Hopefully, the authorities have their hands tied this holiday season pursuing serious criminals, like the ones launching cyberattacks against our financial institutions and point of sale (POS) systems—crimes that actually place U.S. businesses and their patrons at risk of fraud.
But if you’re reading this, Avi, you should probably get a good lawyer, just in case.
Photo by Samantha Celera/Flickr (CC by 2.0)
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.