See also:<p><a href="http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html" rel="nofollow">http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.h...</a>
<a href="http://hackermedley.org/archives/4" rel="nofollow">http://hackermedley.org/archives/4</a>
<a href="http://www.h-online.com/open/news/item/26C3-GSM-hacking-made-easy-893245.html" rel="nofollow">http://www.h-online.com/open/news/item/26C3-GSM-hacking-made...</a><p>and<p><a href="http://events.ccc.de/congress/2008/Fahrplan/events/2997.en.html" rel="nofollow">http://events.ccc.de/congress/2008/Fahrplan/events/2997.en.h...</a><p>for similar and more advanced attacks on GSM.
Most laws against "hacking" have some section that defines hacking with various levels of specificity, but at the end it always some generic statement that allows them to prosecute anyone for anything. Something along the lines of "using a system to gain inappropriate access to information", or even just "usage of a system for purposes other than it's intended use".<p>Wasn't there a news story recently about a student that accidentally found a file with personal info available from his school's libary computer, and was subsequently arrested when notifying the administration?
<i>The first part of the operation involves getting a target's cell phone number from a public database that links names to numbers for caller ID purposes. DePetrillo used open-source PBX software to spoof the outgoing caller ID and then automated phone calls to himself, triggering the system to force a name lookup.</i><p>Uh, oh. And the rest does not look good either - the attack looks credible (the tracking bit looks legally iffy).<p><i>the hands of GSM providers in the U.S. are tied.</i><p>Just today was talking with a lawyer who's reviewing data protection legislation, vs. mandated (by EU regulations) information disclosure requirements. There may not be a way of reconciling both ...