The premise is simple; instead of creating fake businesses with stupid names, he created fake locations for an FBI office in San Francisco and a Secret Service office in Washington DC, each effectively taking the place of its real life counterpart. These new locations were identical to their real-life counterparts—with one important change. A new phone number.
Seely sent me a link to a Google Maps Search query for “federal bureau of investigation near San Francisco, CA.” There, I saw two otherwise identical listings, and when I called the one Seely pointed out to me as fake, he was the one who picked up the phone. At the time of this writing, there are still two FBI offices listed in San Francisco, identical but for two different phone numbers.
Seely told me that the exploit was not actually in action, and that when it was, the Google Maps entry with the wrong phone number would be the one most prominently displayed. From there, Seely explained, it would be trivial to reroute the phone number to the incoming line for the actual FBI office, and either to listen to or even record the calls as they came in. I saw no explicit evidence that Seely had done or could do this part, but Valleywag did. The effect would basically be a very limited tapped phone. Any scammer with the ability to set this up would be able to intercept calls—but only from people calling in through office’s main line, and only people who’d looked up the number to call on Google Maps.