Motherboard previously reported that AT&T, T-Mobile, and Sprint have been selling their customers’ real-time location data, which trickled down through a network of middlemen and data brokers before arriving in the hands of bounty hunters.
But some people don’t even pay for this data at all.
Instead, bounty hunters and people with histories of domestic violence have managed to trick telecommunications companies into providing real-time location data by simply impersonating US officials over the phone and email, according to court records and multiple sources familiar with the technique. In some cases, these people abuse telecom company policies created to give law enforcement real-time location data without a court order in “exigent circumstances,” such as when there is the imminent threat of physical harm to a victim.
The practice is ongoing according to the sources, and court documents and an audio recording obtained by Motherboard also detail a previously prosecuted case in which one debt collector tricked T-Mobile by fabricating cases of child kidnapping to convince the telco to hand over location data.
“A group of 11 abducted a 7 year child in south Atlanta. This child’s life in obvious danger,” John Letcher Edens wrote to T-Mobile while posing as a US Marshal and trying to locate a vehicle to repossess, according to court records.
The technique highlights another gap in the security of telecom companies, and how they have, at times, exposed sensitive customer data to bounty hunters, stalkers, and other people not authorized to handle it. In some cases, scammers sought out so-called “E911” data intended for first responders, which is highly precise and can in some cases pinpoint a device’s location inside a building.
“So many people are doing that and the telcos have been very stupid about it. They have not done due diligence and called the police [departments] directly to verify the case or vet the identity of the person calling,” Valerie McGilvrey, a skiptracer who said she has bought phone location data from those who obtained access to it, told Motherboard. A skiptracer is someone tasked with finding out where people, typically fugitives on the run or those who owe a debt, are located.
Our IP Address: