Illegally selling CDRs

That's been going on for 30 years.

Used to be that you had to have a contact in one of the companies and they did it to supplement their incomes. Now with login info kept and records of who accesses what, it goes on a lot less.

Same as pulling a credit report on someone you don't have permission for. Unscrupulous PI's do it all the time. I know lots of great PI's who wouldn't touch that type of thing.

Interesting twist in this case. CDRs (call detail records) illegally sold not by a staff member in a network operator or a service agent, but via police officers…..

http//www.thehindu.com/todays-paper/tp-national/tp-mumbai/thane-cdr-racket-prime-accused-held-in-ghaziabad/article24197670.ece

It is quite an interesting element of the case based upon the widely held belief of the expectation of safe custody and control of call records.

In the HEARING BEFORE THE COMMITTEE ON ENERGY AND COMMERCE / HOUSE OF REPRESENTATIVES / ONE HUNDRED NINTH CONGRESS / SECOND SESSION relating to PHONE RECORDS FOR SALE WHY AREN’T PHONE RECORDS SAFE FROM PRETEXTING? (Serial No. 109-53 - FEBRUARY 1, 2006)

At the disclosure stage for oral and written evidence MR. INSLEE states "I think there will be bipartisan agreement that no detective sheriff ought to worry about his cell phone records to his informants getting into the hands of those he seeks to apprehend.".

Moreover, the quality of the information being sold must equally be assessed. The Office of the Director of National intelligence (US) reported 2018 about use of CDRs and provides an illustration of the "Hops" involved (from target) to "unique identifiers" (1st and 2nd called parties) identified from surveillance and investigations. Such information if illegally sold on could have serious repercussions not just at local level but inter/national levels, too.

In the news article we do not know the "quality" of the CDR material, so far as the illegally sold CDRs are concerned, which is really the twist in that the expectation of safeguarding where a Superintendent or above has legally obtained call records, under a lawful authority, and the control of those CDRs whilst in the hands of the police.

These guys were selling access to 2 of the 3 telco networks in Australia. They used linkedin to target mainly private investigators. They could access 3 year old itemised billing statements, which included the confirmation of address, which was a major privacy issue.

The Telco's knew about this but struggled to investigate it, due to the juristiction issues. The AU federal police got involved and about 12 months later the first arrests started happening.

These guys were selling access to 2 of the 3 telco networks in Australia. They used linkedin to target mainly private investigators. They could access 3 year old itemised billing statements, which included the confirmation of address, which was a major privacy issue.

The Telco's knew about this but struggled to investigate it, due to the juristriction issues. The AU federal police got involved and about 12 months later the first arrests started hapening.

Thanks for the up date. Do you know if a report has or will be issued identifying more details?

I say that because itemised billing is not a CDR. A CDR is recorded by the DCM data capture machine at the switch (the exchange). The CDR is then harvested data (an 'image' if you will) and subjected to 'treatment' such as 'conversion', 'reconciliation', 'removal' of extraneous data, sent for 'abstraction' and then 'addition' for inclusion of customer name, pricing, etc. Pretty far removed from the stage of real evidence. Come what may the itemised billing in evidence is not the original at this stage but contain elements from the original.