WhiteHat Consulting

This is a bit of a rant, but some may find it quite practical. Why is this limited to just telemarketers? Debt collectors, campaigners, and non-profits need included.

For about a year I kept getting hammered by an automated call only leaving a number to call back. A Google search turned up the number belonged to a collection agency in Chicago. They were hammering stale cases and my new number from a move just happened to be one of the numbers they had. I even had it happen after I moved since my number was associated with the address of the house I USED to live in two years ago. The call was for the owner who lived there before me!

I called them and told them to put me on their DNC list. They informed me that they were exempt as they were not telemarketers. I have had the same thing happen to me many times and to friends and family as well. Here is the 411 for you:

1) They ARE exempt from all telemarketing laws. Everyone likes to bring that up on the phone, but they are actually right.

2) So what now? They are still not exempt from basic laws governing harassment. You could deal with your phone company or talk to a supervisor of the debt collection agency and threaten a lawsuit if they keep calling you, or you could just go to…

3) Deal with them under the Fair Debt Collection Practices Act. They MUST inform of you their mailing address and the appropriate department. Send them a typed letter explaining that you are not the person they keep asking for, you have no knowledge of this person any debts this person has. Demand that all communications to that number cease immediately or you will seek remedies under the FDCPA.

Believe it or not, this works every time under the FDCPA. The reason why is that 99.9% of the people complain on the phone where the debt collection agency is not liable. Hardly anyone ever writes a letter. Write the letter, it will stop. If it does not.. you have a $5,000 dollar insta-claim in a small claims court of your choice.

People are absolutely wrong about somebody deserving to be harassed by debt collectors. Nobody EVER deserves to be harassed under any circumstances. That is why there are large awards in civil court cases for collection agencies with too much “zeal”.

I had clearly indicated I was not the party they were looking for (do I or my name even sound like “Susan”?). Any calls that occur after this are, by definition, harassment. Now this harassment is not necessarily fully written out under the aforementioned FDCPA, but it does not have to be. This is no different than any other person or company repeatedly calling a random person after being asked to stop.

As you can see from the FDCPA, even IF the debt collection agency is calling the right person there are still rules governing their ability to call them after being asked to stop. You might want to look at:

Causing a telephone to ring or engaging any person in telephone conversation repeatedly or continuously with intent to annoy, abuse, or harass any person at the called number.

Except as provided in section 804, the placement of telephone calls without meaningful disclosure of the caller’s identity.

Furthermore, at any time a person may send a letter to the collection agency asking that all telephone communications cease. Afterwards, the collection agency may only send letters to the person updating them on any actions being taken towards the debt.

CEASING COMMUNICATION. If a consumer notifies a debt collector in writing that the consumer refuses to pay a debt or that the consumer wishes the debt collector to cease further communication with the consumer, the debt collector shall not communicate further with the consumer with respect to such debt, except– (1) to advise the consumer that the debt collector’s further efforts are being terminated; (2) to notify the consumer that the debt collector or creditor may invoke specified remedies which are ordinarily invoked by such debt collector or creditor; or (3) where applicable, to notify the consumer that the debt collector or creditor intends to invoke a specified remedy.

If all else fails, fix it yourself with Asterisk. Numbers not on the white list are dumped into recorded phone tree maze with endless loops of meaningless choices and no way out except to hang up. It would be even better with a plugin that could try and string them on for a while without actually divulging any meaningful information by responding at pauses with phrases like “that sounds interesting”, “uh-huh”, and “I’m not sure”. The goal being to waste as much of the telemarketer’s time as possible on a dead end call (i.e. no sale) before they hang up in frustration.

While heading back from South Carolina, I got bored (again) so I fired up the laptop and decided to wardrive Charlotte while driving through it…

The netstumbler file is somewhere around here…I’ll post it when I find it

Materials: Compaq Presario laptop (2135US), Belkin wireless card (F5D6020), Kodak Digital Camera (C743), assistance from Rebecca.

Home of a couple of large bike rallies each year, Myrtle Beach is not only huge, but full of things to do. I highly recommend Godfather’s pizza – it’s the best pizza in town by far! Just before we left, I had to whip out the laptop and partake in a bit of wardriving. This one is a two parter…

Part 1:

Part 2:

Myrtle Beach, South Carolina netstumbler files one, two, and three.

Materials: Compaq Presario laptop (2135US), Belkin wireless card (F5D6020), Kodak Digital Camera (C743), assistance from Rebecca.

Just a quick drive through Asheville, North Carolina yielded a few wireless APs…

I put that netstumbler file somewhere…I’ll post it if I locate it

Materials: Compaq Presario laptop (2135US), Belkin wireless card (F5D6020), Kodak Digital Camera (C743), assistance from Rebecca.

Wow, what a beautiful area Carolina Beach was – definitely worth visiting if you’re in the area. The beaches were clean, the houses were gorgeous, and there were tons of wireless APs.

Carolina Beach, North Carolina netstumbler file.

Materials: Compaq Presario laptop (2135US), Belkin wireless card (F5D6020), Kodak Digital Camera (C743), assistance from Rebecca.

Taking a quick drive through Wilmington, North Carolina, which is just before Carolina Beach. Still have South Carolina in my sights…

Here is the Wilmington, North Carolina main netstumbler file and the tail end of the drive.

Materials: Compaq Presario laptop (2135US), Belkin wireless card (F5D6020), Kodak Digital Camera (C743), assistance from Rebecca.

Castle Hayne seemed like a fairly decent size city, so I decided to take a break from highway driving and fired up the laptop for some wardriving.

Castle Hayne, North Carolina netstumbler file.

Materials: Compaq Presario laptop (2135US), Belkin wireless card (F5D6020), Kodak Digital Camera (C743), assistance from Rebecca.

Well what else is a person supposed to do in Washington, DC other than see all the sites? Wardrive it of course! For more info on the wireless APs found, check out the netstumbler file. There are three videos – part 1, 2, and 3 because YouTube apparently only allows videos to be 10 minutes each.

Part 1:

Part 2:

Part 3:

Washington, D.C. main netstumbler file. Here’s another netstumbler file for Ft. Myer, Virginia (just across the river from D.C.)

Materials: Compaq Presario laptop (2135US), Belkin wireless card (F5D6020), Kodak Digital Camera (C743), assistance from Rebecca.

After seeing enough of New York, I decided to head south and wardrive Scranton, Pennsylvania…and run a stop sign For more info on the wireless APs found, check out the netstumbler file.

Scranton, Pennsylvania main netstumbler file and the highway file taken as I was leaving Scranton.

Materials: Compaq Presario laptop (2135US), Belkin wireless card (F5D6020), Kodak Digital Camera (C743), assistance from Rebecca.

Continuing my road trip, I decided to wardrive Binghamton, New York. For more info on the wireless APs found, check out the netstumbler file.

Binghamton, New York netstumbler files – first pass and second pass.

Materials: Compaq Presario laptop (2135US), Belkin wireless card (F5D6020), Kodak Digital Camera (C743), assistance from Rebecca.

While taking a road trip down the east coast, I decided to whip out the laptop in a few places. The first stop was Niagara Falls, New York. For more info on the wireless APs found, check out the netstumbler file. More videos to come shortly…

Niagara Falls, New York netstumbler file.

Materials: Compaq Presario laptop (2135US), Belkin wireless card (F5D6020), Kodak Digital Camera (C743), assistance from Rebecca, and don’t even get me started on gas…

Used hard drives that haven’t been formatted are the absolute easiest way to obtain information about the previous owner. Even if the hard drive has been formatted or the operating system has been re-installed, this does not assure that the previous data has not been written over or is not retrievable.

A few places you can find used hard drives at low cost, or in some cases free, would be at a flea market, garage sale, or even Freecycle. Last summer I went to a few garage sales and a flea market in search of older computer parts. I purchased one computer from a local Elementary School teacher who didn’t bother to format the hard drive. She still had some of her work on the hard drive including student names, the grade she taught, the classroom number, and various other information in plain view. Bought the computer, monitor, keyboard/mouse at her garage sale for $10.

More recently, I came across a few computers being given away by a hospital as they had upgraded all of their workstations. I was pleasantly surprised to find that all of the hard drives have been removed from every workstation, but found a few software CDs still in the CD-ROMs. Sure the CDs could have ended up containing databases/spreadsheets/documents with patient info because the trays weren’t checked, but they did not. Also, you still have to commend an admin that has the sense to know that hard drives are sensitive to exploitation – especially in a medical environment.

Materials: A little bit of cash, a few used hard drives, and some free time.

A while back I had to go to Walgreens to pick up a prescription around noon. It was quite busy and there was a line-up, however, I decided to wait for my prescription and people-watch. As I was waiting, customers and the pharmacists were giving out information as if nobody were around them to hear it. I heard names, phone numbers, birth dates, social security numbers (for insurance company ID verification), and the names of drugs being picked up. I couldn’t help but to think that this is wide open to exploitation given the fact that almost everyone has a cell phone capable of text messaging and note taking.

Over the course of 30 minutes while I was waiting, I had overheard, and subsequently could have stored on my phone, the personal information stated above for 10 different customers. It would seem that Walgreens would find a way to “silence” information that could be overheard. When I had went in, the only personally identifiable information they asked for was my phone number and tied me to that number. This is also fairly insecure as anyone can look up a phone number as it is public information and impersonate someone else. I would suggest that perhaps a quick drivers license check would be a better idea for ID verification. It’s silent, easily accessible, and has all the information they would need right there on a credit card sized document.

Materials: Some spare time and a cell phone capable of saving/sending text.

I happened to be looking through the Saturn owner’s manual for something completely unrelated and found a page that ended up being a bit humorous. Apparently Saturn engineers went through all of the trouble to make sure that the remote transmitter didn’t send the same signal twice so that it couldn’t be “sniffed” and re-broadcast for a thief to break in. Unfortunately, when creating the owner’s manual, they decided to share how to bypass the security of the remote transmitter so that anyone with a Saturn transmitter can get into your car.

If you flip to page 79, the manual states:

"Syncronization may be requried due to the security method used by this system. The transmitter does not send the same signal twice. The receiver will not accept a signal that has been sent to it more than once. This eliminates the possibility that the signal will be recorded and played back."

Now for the kicker. The very next sentence tells you how to bypass it:

"To syncronize your transmitter with the receiver, press and hold the LOCK and UNLOCK buttons on the transmitter, at the same time for about 10 seconds, near your Saturn."

Kind of senseless to go through all of that trouble to change the signal each time you use the remote. It takes a little more technical knowledge to record and retransmit a signal than it does to hold two buttons on a remote for 10 seconds. I would imagine that this method would be similar on other vehicles, so I guess it’s time to check your owner’s manual for something similar. Luckily the Saturn I drive does not have keyless entry.

Materials: 2000 Saturn owner’s manual.

Recently, my mortgage lender made a mistake and I had to visit their office to assist in correcting their problem. As always, I was curious as to how their policies/procedures worked and kept an eye out for vulnerabilities. After all, I do some banking through these people, so I want to feel at least somewhat confident in how they handle my personal information. What I had discovered was quite interesting.

I met with the mortgage loan officer who had greeted me and led me into his office. He proceeded to call the corporate office to inquire about my loan and to make a few changes like the SEV, the estimated value of the home, and the amount taken out via escrow for city taxes. Verification of his identity over the phone to the corporate office was only his name and an internal “identification number”. The internal I.D. number was read off by the loan officer very casually and could have been heard by anyone near or in his office. I texted his I.D. to myself and grabbed a business card for all of his other business information. One could imagine how this could potentially be abused – especially as this particular loan officer managed mortgage loans for a fairly large portion of these banks in the mid-Michigan area.

Materials: Motorola Razr phone with text messaging.