Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Penetrates T-Mobile Systems

Posted by timothy on from the sounds-like-a-movie-plot dept.

An anonymous reader writes "SecurityFocus.com reports 'a sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mail, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities.' Demi Moore and Paris Hilton are involved."

7 of 396 comments (clear)

  1. Get Moore !?! by rednip · · Score: 4, Interesting
    Most troubling...
    T-Mobile, which apparently knew of the intrusions by July of last year, has not issued any public warning.

    Q: If I were a customer and I found out that my identity has been stolen, could I sue T-Mobile for any damages since they knew of the problem, or perhaps for just having breakable security?

    BTW, the Black Hat's email address (and online identity) is ethics@netzero.net and at one point was looking for work as a security administrator. Not a big surprise that he was interested in the field, but 'Ethics'!

    --
    The force that blew the Big Bang continues to accelerate.
    1. Re:Get Moore !?! by lucabrasi999 · · Score: 5, Interesting

      As I read even more of the FA:

      According to court records the massive T-Mobile breach first came to the government's attention in March 2004, when a hacker using the online moniker "Ethics" posted a provocative offer on muzzfuzz.com, one of the crime-facilitating online marketplaces being monitored by the Secret Service as part of Operation Firewall.
      "[A]m offering reverse lookup of information for a t-mobile cell phone, by phone number at the very least, you get name, ssn, and DOB at the upper end of the information returned, you get web username/password, voicemail password, secret question/answer, sim#, IMEA#, and more," Ethics wrote.

      It appears the feds knew about this months ago.

  2. Not-so Secret Service by Vollernurd · · Score: 3, Interesting

    Surely the Secret Service would encrypt anything important? I would have though that they would not have used a commercial network service like that. But then again mum always told me not to think too much.

    --
    Smokey, this is not 'Nam, this is bowling. There are rules.
  3. Secret Service Mail Encryption by dnno · · Score: 3, Interesting

    Just because he is reading Secret Service mail doesn't mean it is important. For all we know the mail could read like this: On todays lunch menu we are not going to be having the chicken fajita due to a lack of chicken, we will be having PB & J's. Surely they have secure transmission lines (& methods of encryption) , so why would they send anything of importance over T-Mobiles network?

    --
    feh, lots of things are pointless, this one too
    1. Re:Secret Service Mail Encryption by Maestro4k · · Score: 4, Interesting
      • Just because he is reading Secret Service mail doesn't mean it is important. For all we know the mail could read like this: On todays lunch menu we are not going to be having the chicken fajita due to a lack of chicken, we will be having PB & J's. Surely they have secure transmission lines (& methods of encryption) , so why would they send anything of importance over T-Mobiles network?
      If you'd RTFA, you'd know that many of things he had access to were important, sensitive and, in an ideal world, should have been encrypted. One good question the article didn't ask is why'd the secret service agent send these things unencrypted over a monitorable network? Personally I'd like to know that he had been disciplined for allowing this security breach to occur.
  4. Re:Hmm... by pegr · · Score: 3, Interesting

    So the guy hacks in to the network, steals personal information, downloads private pictures, sells all this stuff... and then he's able to get away with just one felony, no jail time, and even a work offer for the Secret Service?

    If you think the Secret Service won't use his skills in exactly the same way he was offering to the public before he got busted, you are mistaken. That is to say (explicitly), the Feds will use this guy to break into private computer networks and steal information of interest to them. They will keep him at arms length in case he gets caught. This is the way law enforcement (unfortunately) works...

  5. Yep, the guy was stupid by Tassach · · Score: 4, Interesting
    From the article:
    [He] even knew the agency was monitoring his own Microsoft ICQ chat account
    Come on, how frelling stupid can you be? You've got hard intel that the opposition is on to you and you don't shut down your operation? At the very least you crank up your operational security a notch or ten in that situation.

    The guy crossed the line when he went to sell personal information to identity theives. Looking at famous people's candid photos is pretty harmless (as long as he's not selling them to some tabloid or spreading them around). Reading the SS's email is the ultimate in poetic justice; they should be more aware of just how insecure email is than just about anyone. It's inexcuable for the frelling SS to have been sending sensitive documents around in unencrypted emails.

    In the end, it sounds like the guy got caught because of his own hubris. Which, when you think about it, is typical... criminals get busted not because the cops are spectacuarly competant, but because they run their mouths off.

    --
    Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?