Cheatsheet: What is pretexting?
This week's tech news is all about "pretexting," the method that investigators hired by Hewlett-Packard used to get the personal phone records of reporters and HP board members. But what is it? You'd better know, because it's about to blow up the business world.
Pretexting is lying. Wikipedia says: "Pretexting is the act of pretending to be someone who you are not by telling an untruth, or creating deception. The practice of pretexting typically involves tricking a telecom carrier into disclosing personal information of a customer, with the scammer pretending to be the customer."
It's common. The Washington Post says: "A security specialist said it has been a 'tradition for decades' for chief executives of big companies to hire private investigators to spy on colleagues, calling it a 'common power play.'"
It's easy. "All you need is the last four digits of a Social Security number and a correct ZIP code," a repossession investigator told the New York Times, and "you can view the bill."
It works. Hewlett-Packard's probe outed board member George Keyworth as the leaker who shared important business information with CNET.
It's unethical. At least according to a former president of a trade group, the National Council of Investigation and Security Services, quoted in the Times.
It's illegal. The Gramm-Leach-Bliley Act outlaws unauthorized attempts to gain personal nonpublic financial information. (Lawyers disagree on whether the ban applies to phone records.) Phone providers view pretexting as illegal and sue those who attempt it. This is why many investigators say they've stopped the practice. A bill in the California State Senate could make the offense a state crime punishable by up to a year in jail.
It got Patricia Dunn and superstar lawyer Larry Sonsini in trouble. As chairwoman of HP, Dunn authorized the leak investigation that included pretexting for phone records. Dunn now says she did not know of or authorize any pretexting. Also, the San Jose Mercury News obtained e-mails in which Larry Sonsini (outside counsel to HP) told former board member Tom Perkins that this investigation was legal.
The phone companies are fighting back. Most notably, Verizon is pushing against pretexters and other dealers in personal phone records. For example, the company settled with a records vendor who agreed to stop selling phone records and to share how they obtained those records.
This isn't the last scandal we'll hear. The president of one security company says that heads of Fortune 500 Companies hire "fly-by-night organizations" to do their dirty investigative work all the time. Now that a pretexting scandal is front-page news, expect investigative journalists to hunt down similar stories.
Pretexting [Wikipedia]
When a Stranger Calls, Beware of The Pretext [Washington Post]
An Industry Is Based on a Simple Masquerade [New York Times]