SIOUX FALLS, S.D. (KELO) — On January 23, 2023, South Dakota Gov. Kristi Noem announced via news release that her personal cell phone had been “hacked.” The release in question states: “Governor Noem’s personal cell phone number has been hacked and used to make hoax calls.”
It is unclear from the release whether Noem’s personal device itself has been compromised, which would constitute a “hack”, or whether someone has simply posed as Noem using her number, which would not.
A request for clarification on the nature of the “hack” described in the release was not answered by the Governor’s Office. Regardless of this specific situation, what is the main difference between hacking into a device and simply using someone else’s phone number, an act known as ‘spoofing’?
To find out, we spoke with Arica Kulm, Director of Digital Forensic Services at Dakota State University.
“It’s kind of two different things,” said Kulm. “Your identity can be compromised — we put our information out there on social media; we put our information out there online in a lot of different forms — it’s really hard to protect all of your information.”
Kulm says that data breaches can reveal your birth date, phone number, social security number or other identifying info, all of which can be packaged and sold online.
“The other side of that is your phone can be compromised,” Kulm continued. She says this can be the result of downloading an app, clicking on a link or using unsecured internet connections.
The key difference between spoofing and hacking comes down to this: “If your device is compromised, that would be considered your device has been hacked — if it’s your identity that has been compromised, you’ve been spoofed or impersonated,” said Kulm. “If I make a phone call and use your phone number, I haven’t compromised your phone — I’m spoofing your phone number.”
Spoofing, it turns out, isn’t difficult. “There’s online services you can use to do that,” Kulm said. “There’s ways to make prank phone calls doing that — businesses use that…