Congress Told of Persistent Pretexting

Someone impersonating journalist Christopher Byron called AT&T's customer service 46 times over 2 1/2 months until a company representative finally divulged details of his phone calls.

"This is known as dialing for dummies," an animated Byron told lawmakers yesterday, complaining that the 2002 disclosure led to the identification of two of his confidential sources.

New York Post reporter Christopher Byron testified that his phone records were improperly revealed to an impersonator in 2002. (By Dennis Cook -- Associated Press) Save & Share Tag This Article  Saving options 1. Save to description:  Headline (required)  Subheadline  Byline 2. Save to notes (255 character max):  Subheadline  Blurb  None 3. Tag This Article

Gaining unauthorized access to such records is far more common than the recent Hewlett-Packard Co. case suggests, members of a House subcommittee were told at a hearing yesterday, the day after HP executives, former executives and investigators were called to testify on the tactics used to spy on communications between journalists and members of the company's board of directors.

Representatives of a private investigation firm, six wireless companies, the Federal Trade Commission and the Federal Communications Commission testified yesterday. An investigator, Doug Atkin of Anglo-American Investigations Inc. of Playa Del Rey, Calif., invoked his Fifth Amendment right against self-incrimination and refused to answer questions.

Compared with the previous day's standing-room-only session, the hearing yesterday had far fewer spectators. Committee members focused their questions on the mechanics of how phone companies verify the identities of people with whom their customer service agents speak and tried to determine the frequency with which impostors seek private information.

Rep. Cliff Stearns (R-Fla.) wondered whether the questions carriers ask to verify their customer's identities -- addresses and passwords -- are enough to stop most prying private eyes. "Are the wireless companies doing their best to protect their customers?" Stearns asked.

Wireless company executives sad tricksters will always try to work around ever-changing security measures. Snoops sometimes try to gain unauthorized access to records by posing as phone company employees, they said. In some cases, hackers try to change passwords to gain access through online accounts, as was the case with at least one HP board member.

Private investigators who sell such records -- sometimes advertised on the Internet -- use methods that are as creative as they are persistent, they said. "Human ingenuity is limitless," Charles Wunsch, Sprint Nextel Corp. vice president, told members of House Energy and Commerce Committee's oversight and investigations subcommittee. "Most customers demand fast and efficient service," and companies are faced with the challenge of trying to protect private customer data against legitimate requests for information from customers about their bills, he said.

FCC Enforcement Bureau chief Kris Anne Monteith said the agency had asked some carriers whether their databases were compromised in the HP case. Joel Winston, the FTC's associate director of consumer protection, said Congress should permit the FTC to levy criminal fines against people trying to gain access to phone records under false pretenses, a practice known as pretexting.

Both government witnesses testifying yesterday voiced their support for a Commerce Committee-backed bill that would outlaw the practice. That bill has not yet reached the House floor. A separate bill, from the Judiciary Committee, would make pretexting a crime, and has passed in the full House. Two proposals to outlaw the practice are pending in the Senate.

Company representatives testifying yesterday also endorsed bills that would make pretexting a crime. Some said they had filed lawsuits against firms that allegedly accessed private records in violation of computer fraud laws.

Cingular Wireless and Verizon Wireless have sued investigative companies that they allege obtained records in connection with the HP scandal.

Staff researcher Richard Drezen contributed to this report.