A Verizon Wireless technician has plead guilty to a federal hacking charge related to selling customer data over a number of years. As Ars Technica discovered, the technician, Daniel Eugene Traeger, was selling customer location and calling data to a private investigator between 2009 and 2014.
He now faces a prison sentence of up to five years.
DON’T MISS: Yup, now the iPhone 7 is exploding
According to the plea deal found by Ars, Traeger was selling customer calling and location data to the private investigator on request:
“The Defendant accessed customer call records by logging into Verizon’s MARS system. The Defendant then compiled the data in spreadsheets, which the Defendant provided to the PI, including by e-mail. The Defendant accessed customer location data using a Verizon system called Real Time Tool. Using RTT, the Defendant “pinged” cellular telephones on Verizon’s network and provided location data for those telephones to the PI.
The PI paid the Defendant $50 per month of customer records or location data. The Defendant began selling records to the PI in about April 2009, at a rate of about two records per month. The rate increased over time, and by mid-2013 the Defendant was providing 10 to 15 records in exchange for about $750 per month.
Between April 2009 and January 2014, the Defendant was paid more than $10,000 in exchange for his provision of confidential customer information and cellular location data to the PI, an unauthorized third party. The Defendant accessed private and personal Verizon customer information in excess of his authorization for his own private financial gain.”
In short: the tech had a private investigator paying him to dig up information on specific customers, presumably to help in some kind of investigation. This is obviously illegal; but the worrying part is how it went undetected for so long. You’d assume that there’s little reason for a Verizon tech to frequently be pinging individual cellphones, so any systematic abuse of that system would be flagged.
But the document makes clear that for years, Traeger was selling multiple records per month, in a spreadsheet, via email. This one particular case has been caught; let’s hope Verizon (and every other cell network) does something concrete to prevent future abuse.