Two telecom companies are pursuing legal action against Scripps News journalists, claiming the publication's employees had hacked their way into sensitive servers to gain access to names, social security numbers and other information which could lead to the identity theft of over 170,000 customers.
The crack hacking tool the journalists were using to breach security and gain access? Google search.
The journalists claim they used Google search in order to gain access to a publicly available server. A server which contained a large amount of confidential data on customers using the Federal Communications Commission's (FCC) Lifeline cell phone program.
That program was specifically built to provide low-income earners with cell phones to help communicate with family members and to do business. But to do business, according to Ars Technica's Sean Gallagher, who broke the story (see update below), applicants must first prove they're eligible by submitting proof they're on a federal or state assistance program like food stamps. For YourTel and TerraCom, the two litigious firms involved in the case, this meant outsourcing verification to Indian call center, Vcare.
Normally outsourcing wouldn't be a big deal, even for handling sensitive information; Vcare and the two firms are required by the FCC to not retain any data gathered during the process. However, at some point on Vcare's end, the data was retained and posted on a public server. And it was indexed, at some point, in the depths of Google Search.
Naturally, Scripps News discovered this vulnerability and investigated the incident, calling to ask for representatives of both YourTel and TerraCom –– which coincidentally share the same COO, Dale Schmick –– for an interview.
The two companies Schmick represents responded by sending a letter threatening to take Scripps to civil court over hacking company property with automated scripts if they didn't identify the journalists involved. Specifically, two companies pointed toward the Computer Fraud and Abuse Act of 1986 –– the same law which was used against activists Aaron Swartz and Andrew "weev" Auernheimer, according to The Verge.
The script in question, however, is a free, open source, command line called Wget, which is used to download files available on the HTTP protocol. Essentially, the script allows a user to download files automatically, rather than having to click on each individual link.
Scripps responded, respectfully declining to out their employees, putting the legal ball back into YourTel and TerraCom's court.
Update May 28, 2013 2:08 PST: Scripps News has reached out to iTech Post to offer a correction: Scripps News, not Ars Technica, first broke the story of Scripps journalists falling under scrutiny for apparently hacking Oklahoma City-based TerraCom In, and affiliate YourTel America Inc.
