UK Tabloid Snoop Hacked ATM to Tap Celeb Voicemails

Dutourdumonde Photography /
Dutourdumonde Photography /

News of the World (NoTW) snooper Glenn Mulcaire hacked an ATM near his home in Sutton to tap the voicemails of various celebrities and royal household members, according to The Guardian.

The newspaper was able to reveal the details on Monday as the private investigator began his sentence hearing. Mulcaire already pleaded guilty several months ago.
According to the report, police tracking the private investigator back in 2006 uncovered the ATM hack, which he had used to hide his illegal activities.
Mulcaire apparently hacked the cash machine located in a convenience store near south London town of Sutton, using its landline to access his victims' mobile phone voicemails.  
It was even referenced in a sentence hearing in 2007 when Mulcaire was jailed for six months for tapping phone messages from Clarence House.
No-one at the time suspected the sheer scale of the phone hacking he carried out for Rupert Murdoch-owned newspapers, until the investigation was reopened in 2011.
"The sole purpose of that telephone line was to dial into the banking system when the cashpoint was in use. In other words, it was not really a telephone at all,” prosecutors apparently told the court at the time. “It was simply a line to carry data to a cash machine to a database within the banking system, so as to record transactions carried out on the machine."
However, police were alerted when BT began sending bills to the ATM owner Cash Point Machines, which forwarded them to the shop owner.
After studying the itemised bills, detectives were amazed to discover the cash machine had effectively been used by Mulcaire to listen in to the voicemails of countless celebrities.
Sophos senior security advisor, Paul Ducklin, argued that in theory Mulcaire could have found an easier way to access a copper-wire phone line which didn’t require compromising the device plugged into said line.
“You can, in theory, ‘tap’ old-school phone lines anywhere between the premises and the exchange. And if you were going to do that, you'd probably listen in to a few of the lines you have physical access to for a while and pick one that sounded like it only ever carried data, on the grounds that the legitimate user would be unlikely ever to pick up his handset and overhear you making dodgy calls,” he told Infosecurity.

“Perhaps the ATM was a matter of chance, and it might just have well been a fax machine, an EFTPOS terminal, a Coke fridge or an alarm system that was hooked up to a modem and the phone line?”
The case illustrates the importance of checking one’s phone statements carefully, just as with banking and other online accounts, Ducklin added.
“That seems to be how this came to light: because the company that paid the bills noticed that there were anomalies in their logs, i.e. unexpected calls to unknown numbers, and took some sort of action,” he said.
ATM hacking is nothing new, of course, but it is usually done with a view to skim cards and/or steal money.
Just last month, two 14-year-old Canadian schoolkids made the headlines when they used an online ATM manual and guessed a six digit admin password to hack a Bank of Montreal cash machine in their lunch time. 

What’s Hot on Infosecurity Magazine?