Internet security isn’t very secure, says a computer network engineer from Edmonds, Wash. who recently took just a few small steps to send a very big message.
Last week Seattle’s KOMO News reported that Bryan Seely hacked phone lines of the U.S. Secret Service and an FBI office, listening to and even recording conversations. Exploring a flaw with Google Maps is all it took to pull off the stunt, he says.
Many Internet scammers create false business listings for appearance on Google’s location service, and that only redirect callers to different businesses in other areas, says Seely, who also admits pulling the same tricks for pay himself.
"I've personally worked on and seen over 50,000 fake businesses.”
That common practice is not just a stunt, but could even be a risk to national security, Seely found.
To expose that risk, he says he created two false address listings on Google Maps – one to the Secret Service’s office in Washington, D.C., and the other to a San Francisco office of the FBI – but that listed an incorrect telephone number that Seely created himself. When anyone called that number, it would redirect to the correct office number, Seely says, but while still allowing him to listen and record the communication.
“This is a massive problem.”
Seely’s recordings of incoming calls to the FBI office and Secret Service made through his false listing, which he offered to his region’s edition of Gawker, are available below.
In interview with Gawker, Seely said:
“Who is gonna think twice about what Google publishes on their maps? Everyone trusts Google implicitly and it’s completely unwarranted and it’s completely unsafe. I could make a duplicate of the White House and take every inbound phone call from the White House. I could do it for every senator, every congressman, every mayor, every governor – every Democratic, every Republican candidate. Every office.”
An ex-Marine, Seely took the results of his prank directly to the Secret Service office in Seattle, Wash., where he says he was at first intensely interrogated.
“They grabbed a couple of people, they patted me down, searched my bag, read me my rights."
He was released after four hours, he said, during which Seely states he received notice of another phone call interception from his prank.
The Secret Service confirmed Seely’s claims in the following statement:
The incident in question involves an individual posting their own phone number as a Secret Service field office phone number on Google Maps. When unsuspecting citizens utilize this incorrect third party phone number to contact the Secret Service the call is directed through the third party system and recorded. This is not a vulnerability or compromise of our phone system. Virtually any phone number that appears on a crowdsourcing platform could be manipulated in this way.
This incident will be investigated thoroughly and appropriately. The Secret Service encourages the general public to visit our website at www.secretservice.gov to obtain accurate contact information for our field offices.
While Seely says he’s since received congratulating email messages from the Secret Service, Google gave no messages of any type when first contacted by media for comment.
Google finally issued statement two days later:
It was brought to our attention that an individual was creating fake business listings in Google Maps. Although these listings do not appear prominently on the map, we take problems like spam very seriously, and appreciate when the community flags issues so we can quickly resolve them.
Earlier in February, and before attempting this more prominent method, Seely said he tried to expose the problem by posting obviously prankish entries on Google Maps, creating listings for a “Snowden Super Secret Hiding Place” under the White House’s mailing address, and even an “Ineffectual Changes of Google” office location in Seattle.
These earlier Internet jokes got him no reply, Seely says, inspiring him to take his next, bigger step.