Slashdot Mirror
Hackers Claim To Hit T-Mobile Hard
dasButcher writes "Hackers are
claiming to own T-Mobile USA's servers and to have access to the cellular phone carrier's operations, finance and subscriber data." (Here's the seclists.org post of the claimed breach.)
Funny - I get an fraud warning from the link disclosing the breach . . . Opera being over-sensitive I think. "This site is known to distribute malicious software" - NMap has got such a bad name!!
Who said it was not encrypted?
If you are, you better start thinking about where to go next. Their service is now wide open. Anything transferred through their network is now questionable.
Can you afford to send an email from a smartphone and have a couple of bytes changed, say from "no" to "yes"? Or from $100 to $10,000?
Can you afford to have your phone records available to everyone on the Internet? How far back could T-Mobile's records go? Two years? Five years?
I'd say if this was played right to the media it could shut T-Mobile down in about two weeks. After all, wouldn't that be a great goal? Their inability to keep hackers out equals no reason to be in business.
Of course this was almost certainly an inside-assisted job. But then you better watch who your employees are. If you're employing people that have access to potentially sensitive data, how do you know they aren't in a financial bind and will do anything to make next month's mortgage payment? Or have some gambling debts that they have to pay or their wife will work off?
I won't be happy to see T-Mobile (really Vodaphone from Germany) go under, but if these hackers have half a brain they will take the company down. If they are just your average script kiddies this will not make to the nightly news and will have no effect on the company.
A better question is why is there so little competition in SMS prices - is there collusion to avoid competition?
Yes. The marginal cost is very close to zero, so when all the telecoms raise prices nearly simultaneously as they did a few years ago, collusion is by far the most likely explanation.
How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
Security is a process - not a state. Computer security is like a horizon - an imaginary line that seems to move farther away as you move toward it. The only way any network and systems on that network can be reasonably protected is if there is a recurring yearly budget. In most companies computer security is an afterthought in the IT budget. Sort of, like, if there's money left, we'll spend it on security. Or save it. The bottom line is that most companies simply can't afford meaningful security measures and most of those that can, choose not to spend the money. This entire IT security business is usually just good enough to keep the amateurs out.
This doesn't surprise me at all. I used to work there a few years ago. Security was not something they were concerned with in the least. RSH was used everywhere and they refused even use telnet let alone ssh. The root passwords on all the Unix servers that controlled the switch was the name of the switch manufacturer. So Nokia was nokia and Nortel was nortel. Frankly this wasn't the worst thing there, don't try to do anything that might improve service or change the way things are done because that would upset the norm.
FWIW - I don't know if it could be related or quite how, exactly, but I am a T-mobile client in the SE US, and noticed yesterday and the evening before that calls were dropping like crazy. Very, very inconsistent from their usual service, IME. T-mobile has shown good network 'uptime' since they bought out a smaller cellular company I was with about 18 months ago. (They *have* tried to dick me for a little extra cash here and there on my bill, but were good after a call to billing.) The unusual poor performance I was witness to yesterday in conjunction with this story makes me go "Hmmm...", while hoping it bears out as untrue.
"...there are some things that can beat smartness and foresight. Awkwardness and stupidity can." ~ Mark Twain