It’s not about the dick pics or the angry texts he’ll be bombarded with. It’s much more serious.
The evening of April 29th was an unusual one for the UK’s prime minister Boris Johnson. Embroiled in a scandal about lobbying and cronyism where the prime minister is alleged to have addressed queries from a select group of individuals who sent him text messages as a greater priority than official business, things got worse.
A celebrity gossip newsletter called Popbitch revealed to its more than 300,000 subscribers that the prime minister’s phone number had been publicly available on a press release floating about online since 2006. While social media has been unusually quiet about the news – searches for the phone number itself reveal less than a dozen people have shared it on Twitter in the 12 hours since the newsletter landed in inboxes – enough people seem to have called the prime minister for him to switch off his phone.
Anyone calling the number, which remains freely available on the internet, is given a message saying that the phone has been switched off and encouraging to text Johnson instead.
A scandal in the making
The issue is troubling enough, and definitely inconvenient for the prime minister, who has steadfastly refused to change his phone number despite previous security concerns, according to sources within the UK government. Reportedly, police were apoplectic at the news that the number’s existence – which had been hidden in plain sight in a PDF for more than a decade – was made even more public.
But there is an underlying issue beyond the fact that any member of the public now knows that a direct line to the leader of their country is just a simple Google away. The real scandal isn’t that this number’s existence has surfaced now – because the sheer number of prank calls and texts will make the prime minister alert to the risk of cybersecurity threats now he knows it’s out there and in the wild.
Instead, the scandal is that there’s a real risk the prime minister has fallen victim to a trap in the previous 15 years that the number has been in the public domain, but few people have known about it or drawn attention to it.
Boris Johnson hasn’t been pwned – officially
A search for the phone number known to be associated with Johnson through leak checkers, such as CyberNews’s own, indicates that the phone number hasn’t been included on any previous lists of large-scale data breaches that are publicly known about. That may be a small semblance of relief for the prime minister and his security team.
Yet they will know all too well that if a celebrity gossip newsletter has known about the existence of his phone number on the world wide web for 15 years, then cybercriminals and state-sponsored teams of hackers will likely know about it too. For that reason, there’s a real risk of previously undisclosed security breaches that could have occurred in the past, when it wasn’t an open secret that the phone number was available to all and sundry.
That risk is all the more concerning given what we now know about the prime minister’s attitude towards his phone number being publicly available. That this has existed for 15 years and he hasn’t done anything about it indicates a lax approach to infosec by the leader of the UK. And that may give people pause for thought.
If Johnson doesn’t see the risk in his phone number being available online, it’s likely that he’s laid back about clicking links in phishing texts sent to his phone by those who have noticed his number’s existence online in the last 15 years. It’s not the barrage of messages he’s now receiving that security services need to worry about: it’s the number of innocuous-looking ones he’s received in the last decade or more – and what information he may have given up on well-designed phishing sites he’s clicked onto from them – that they need to try and trace back.