It turned out that 'Bounty Hunter' bought location information of the user of major mobile carriers

by Vitaly Vlasov

Motherboard revealed that a lot of " bounty hunters (prize earnings) " were accessing position information of user terminals owned by enterprises such as AT & T , T-Mobile , and Sprint , which are major mobile carriers in the United States. Motherboard reports that the location information accessed by Bounty Hunter included special GPS information used by the first responder expressing to the site on the phone to the emergency call dial.

Hundreds of Bounty Hunters Had Access to AT & T, T-Mobile, and Sprint Customer Location Data for Years - Motherboard
https://motherboard.vice.com/en_us/article/43z3dn/hundreds-bounty-hunters-att-tmobile-sprint-customer-location-data-years

Big Telecom Sold Highly Sensitive Customer GPS Data Typically Used for 911 Calls - Motherboard
https://motherboard.vice.com/en_us/article/a3b3dg/big-telecom-sold-customer-gps-data-911-calls

In January 2019, Motherboard reported that major mobile carriers sell location information of customer terminals, and that at the end, position information is passing to various companies and people's hands through brokers.

Major mobile carriers sell location information of customer terminals - GIGAZINE

Major mobile carriers sell customer location information to companies called "location aggregators" and location aggregators have sold mobile terminal location information to yet another company. The location aggregator sells people's location information to financial companies that detect load assistance and fraud towards rescue stolen cars.

Meanwhile, Motherboard reported from the location aggregator that the location information of the mobile terminal was handed over to the company called " CerCareOne ", and CerCareOne further sells the location information to the third party at the end. CerCareOne had been selling location information at least since 2012, but in 2017 that business was terminated and now the company itself does not exist. According to CerCareOne's internal document obtained by Motherboard, CerCareOne sells location information to over 250 people called "Bounty Hunter".

With Bounty Hunter it translates as it is "earnings earnings". In the United States there is a business called " bail bond guarantor " to rebuild the bail of the suspect who was arrested, but in the case that a customer who has had expensive bail outs escaped and refuses to repay the bail There is that. People who catch such fugitives and hand over to bail bond guarantors are called Bounty Hunter in the modern America. Bounty Hunter is a payment system based on payment, and the price of remuneration is said to be about 5 to 10% of bail.

Motherboard explained that the position information of the terminal of the major carrier was sold to the location aggregator, further sold to CerCareOne, and the bounty hunter and related bail bonder had caught the fugitive based on that information. Although major carriers do not allow Bounty Hunter to use location information to catch fugitives, they are not aware of how the customer's location information is being used at the end And that.

According to Motherboard, more than about 250 bounty hunters and related companies are accessing location information that has flowed from major carriers, and there are bailout guarantors who accessed location information for over 18,000 times. In many cases, bail insurance contractors enter the wording in the contract to exchange bail bonds with the term "if the bail bonds are not paid, the bail insurance provider has the right to use the location information service of the mobile phone" It is said that.

In addition, it is known that the location information service sold by CerCareOne included not only normal GPS but also special position information called A-GPS . In addition to specifying location information using ordinary GPS satellites, A-GPS is supplementary to the communication function of the mobile phone network.

As a scene where A-GPS is used, it is assumed that a first responder who rushes to the workplace first when the user dials an emergency call dial identifies the location of the caller. The A-GPS is able to grasp the position to some extent not only outdoors but indoors, and the error is only a few meters. In addition, when Motherboard inquired as "Was there once had sold A-GPS information to major carriers?", Although no company returned a clear answer, denying it as "not selling" He says he did not.

by rawpixel.com

The existence of CerCareOne is a secret that is known only within the community of Bounty Hunter and bail bonder, and its existence never leaked to the outside for a while even if the operation is completed in 2017. However, Motherboard who started the investigation discovered the website of the service called LocateUrCell.com hosted on the same IP address as the website used by CerCareOne.

LocateUrCell uses the mobile phone's location information to locate the whereabouts of missing elderly or lost children and to search for lost mobile phones. In an interview with Mr. Frank Rabbito, CEO of LocateUrCell posted in local news in 2011, it is stated that services cooperate with major mobile carriers and use GPS to locate subscribers' mobile phones. Rabbito was unable to respond to Motherboard comment request.

Eva Galperin, director of the cyber security campaign group of the Electronic Frontier Foundation , said, "Abuse of location information discovered this time is too bad."

by John-Mark Smith