Hacking revelations are ‘the tip of the iceberg’

Digital evidence expert Angus Marshall said it was important for every mobile phone and landline user to be aware how easy it was for other people to listen to their messages.

In 2006, private investigator Glenn Mulcaire and the NoW’s royal editor, Clive Goodman, were convicted of phone hacking after an investigation by the Metropolitan Police.

Article Continues Below

But it has since emerged that the practice at the paper was more widespread than previously thought and the revelation that murdered schoolgirl Milly Dowler’s mobile phone voicemail was also hacked has taken the story to a new level.

Mr Marshall, who is the managing director of forensic science firm n-gate, said it was wrong to portray phone hacking as some sort of clever technical attack.

He said: “All you need is a phone number and a little bit of luck.

“I am also certain what we are seeing is the tip of the iceberg.

“This is going on every day of every week in every country in the world, whether it is for industrial espionage, spying, or someone checking on a cheating partner.”

Mr Marshall, who has advised on national security matters and also worked on murder inquiries and counter-terrorism cases, said many people were under the impression that mobile phone voicemail was only accessible from the phone itself and believed that messages were stored there.

“In fact, messages are recorded on computers at the mobile network providers’ data centres and played back over the network when the user dials in to pick them up,” he said.

“It isn’t even necessary to have access to the mobile phone itself to get access to someone’s voicemail account – dialling their number while the phone is off or busy on another call results in call diversion so a message can be left, and this is where the hack can start.

“By pressing the right key sequence during the welcome message, anyone can get to the menu which allows voicemail to be played back.

“It’s a feature designed to let users listen to their messages from anywhere in the world, whether their phone is working or not, and is genuinely useful – but it creates a back door through which messages can be accessed.”

Mr Marshall said anyone needing to use voicemail should not use the network provider’s own default Pin used to gain access to the mailbox, since these were very well known and commonly published.

Instead, they should use a number that is not associated with anything connected to them and change it regularly.

He said: “Treat it like the Pin for your bank card – it could have similar value to someone who wants to spy on you.

“The same rules also apply to the answering machine on your landline – most of them have remote access capabilities so anyone who dials your number could listen to your messages if they can guess the access code.”

Mr Marshall, who lectures in forensic computing and has written a book on digital evidence in criminal investigations now used on many policing and law courses, said people should not leave voicemail messages that contained sensitive information.

“Use a text message instead”, he said.

“They’re far harder to intercept and require the cooperation of the network operator and special legal authority.”

He also said he did not believe phone operators could do a lot more in terms of securing voicemail messages, without making the system more difficult to use.

He said: “They are making access available across public networks and there is a limit to what they can do “There is not a major flaw, the weakest element is the human being.

“It comes down to personal responsibility, and if you are receiving sensitive messages on your phone you have to take some responsibility for keeping them safe.”