- Majority of threats made since El Paso and Dayton shootings have been made online Thursday 8:00 PM
- Miley Cyrus tweets about cheating allegations and penis cake drama Thursday 6:32 PM
- ‘The Dark Crystal: Age of Resistance’ dazzles with a timely tale Thursday 6:00 PM
- The DOJ emailed a white nationalist blog post to immigration judges Thursday 5:31 PM
- The Amazon rainforest is on fire–and people are using memes to cope Thursday 4:11 PM
- Microsoft contractors listened in on Xbox users Thursday 2:15 PM
- Anti-vaxxer assaults pro-vaccine lawmaker on Facebook Live (updated) Thursday 2:15 PM
- Oreos licked by singer Lewis Capaldi are being auctioned off on eBay Thursday 1:54 PM
- Zach Braff predicted Sean Spicer would be on ‘Dancing With the Stars’ 2 years ago Thursday 1:38 PM
- NYPD sergeant who watched Eric Garner die punished with lost vacation days Thursday 1:27 PM
- Brie Larson haters have a meltdown over a joke about Thor’s hammer Thursday 1:26 PM
- This comedian attempted to make fun of women on Twitter—and it did not go over well Thursday 1:04 PM
- Logan Paul wants to help the Amazon rainforest Thursday 12:36 PM
- Nutaku announces redesign and filters for LGBTQ porn games (updated) Thursday 12:25 PM
- This video of dozens of inflatable mattresses taking off in the wind is perfect Thursday 12:20 PM
Startup founder hacked an investor’s voicemail because #SiliconValley
How did he think this was a good idea?
Last week, we showed just how insecure voice mail systems really are by letting a 21-year-old British hacker break into my inbox. Obviously, somebody didn’t get the memo.
An impulsive startup founder named Avi Zolty hacked Web entrepreneur and Inside founder Jason Calacanis’s voicemail this week. And we know this because Zolty later blogged about his exploit on Medium.
The inane hack, according to Zolty, was a “social experiment,” “something unique” to draw attention to his startup company, which is trying to revolutionize the way we book rental cars.
Who knows, maybe Zolty’s company will “disrupt the $24bn a year US car rental market.” But first, he might want to think about finding a way to keep himself out of prison.
Zolty’s big idea was to replace Calacanis’s voicemail greeting with a message of his own: an advertisement aimed at venture capitalists who he thought might be interested in his startup, Skurt. What could go wrong?
“Hey guys, we temporarily borrowed Jason Calacanis’s voicemail,” Zolty’s message said. “If you wanna check out what we’re working on, we’re at Skurt.co. Jason, we hope there’s no hard feelings. We’re huge fans.”
A video posted by Jason Calacanis (@jasoncalacanis) on
Accessing Calacanis’s voicemail required little or no technical skill on the part of Zolty, so it’s curious why he believed that anyone would find his stunt impressive. It was accomplished by spoofing Calacanis’ phone number, thereby tricking the voicemail system into assuming it was actually him, and not Zolty, calling to check the messages. There are paid services online, such as SpoofCard, that do the technical magic for you. These services are usually employed by social engineers wanting to masquerade as other people over phone.
Unless you setup your voicemail to require a password each time you call it, there’s really no way to stop someone from checking your messages. There’s really no way to detect it either, if the hacker deletes a message before you’ve heard it. As Zolty eagerly points out in his blog, one can simply “call *67 to have it sent straight to voicemail.”
Rather than blow a gasket, Calacanis responded to having his inbox compromised by expressing concern over social media for Zolty, who may have violated state and perhaps federal laws with the shameless pitch. “Obviously you have not paid attention to the U.K. hacking scandal, but people go to jail for doing these kind of things—your intent does not matter in the eyes of the law,” wrote Calacanis.
— jason (@Jason) October 27, 2014
Indeed, Calacanis’s concerns are more than warranted. Zolty might easily find himself in handcuffs after publicly announcing that he’d exploited the phone company’s voicemail system. The Federal Bureau of Investigation (FBI), for one, has no patience and no sense of humor when it comes to hackers. And while surely the only damage done was to Zolty’s reputation—seriously, how did he think this was a good idea?—the U.S. government is in the business of making examples out of curious young hackers by crushing them under the full weight of the U.S. justice system.
Even a neophyte U.S. prosecutor could presumably find cause to charge Zolty with a federal crime under the Computer Fraud and Abuse Act (CFAA). All it takes is the slightest connection to interstate commerce—if Zolty was, for instance, in a different state than Calacanis when he hacked his voicemail. Likewise, it may be enough that the phone company’s servers were across state lines.
Regardless of whether or not a federal law was broken, there are plenty of state laws that apply; California Penal Code Section 502, for one. Anyone who “knowingly accesses and without permission adds, alters damages, deletes or destroys data … which reside or exist internal or external to a computer, computer system, or computer network” is said to be guilty of committing this public offense.
Hopefully, the authorities have their hands tied this holiday season pursuing serious criminals, like the ones launching cyberattacks against our financial institutions and point of sale (POS) systems—crimes that actually place U.S. businesses and their patrons at risk of fraud.
But if you’re reading this, Avi, you should probably get a good lawyer, just in case.
Photo by Samantha Celera/Flickr (CC by 2.0)
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.