Slashdot Mirror
Hackers Claim To Hit T-Mobile Hard
dasButcher writes "Hackers are
claiming to own T-Mobile USA's servers and to have access to the cellular phone carrier's operations, finance and subscriber data." (Here's the seclists.org post of the claimed breach.)
"We already contacted with their competitors and they didn't show interest in buying their data" LOL... seems like its worthless!
Why isn't this stuff encrypted? For the few places that would need the data why not have a special viewer that would decrypt the stuff thats sensitive?
Taxation is legalized theft, no more, no less.
Now, I'm not going to cheer crackers breaking into a private corporation's data services. The breech has tremendous privacy implications, and a lot of these fall squarely on the head of the consumer. However, I'd like to see a silver lining to this by seeing the data employed to put paid to the idea that SMSes have to cost so much. Time after time, the data has shown that SMSes *should* be giant cash cows for these monopolistic entities, but lacking internal financial data it has always been difficult to make an issue out of this at Congress. Of course the cell companies have every interest to keep this data private, but maybe in this case T-Mobile won't have the choice.
www.eissq.com/BandP.html Ball and Plate System. Amuse your friends. Crush your enemies.
Maybe the hackers can offer better service?
Have you fscked your local propeller head today?
Funny - I get an fraud warning from the link disclosing the breach . . . Opera being over-sensitive I think. "This site is known to distribute malicious software" - NMap has got such a bad name!!
From the "hackers" We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are offering them for the highest bidder. Seriously, how do they think T-Mobile's competitors are going to legally pay and use such information?
Run and catch, run and catch, the lamb is caught in the blackberry patch.
I happen to know a Nigerian Prince who would be *very* interested in their offer.
All of their production servers are running UNIX- or UNIX-like operating systems. Had they been running a Windows-only setup, this would not have happened.
Ever heard of a high-profile Windows shop being compromised during the last five years? No? Didn't think so.
Interesting. I only saw HP-UX, SunOS, AIX and Linux. No Windows used in T-Mobile, or they could not be cracked? Or T-Mobile just don't put anything important on Windows servers?
And the best thing they can think of doing with it all is to offer it to T-Mobiles competitors? Seriously? I can think of tons of ways to profit off of all that information.
However not one of those ways involves attempting to sell the information to companies that are legally required to report it. Or when that fails, announcing it to the public and getting every police agency in the world on my trail.
If you are, you better start thinking about where to go next. Their service is now wide open. Anything transferred through their network is now questionable.
Can you afford to send an email from a smartphone and have a couple of bytes changed, say from "no" to "yes"? Or from $100 to $10,000?
Can you afford to have your phone records available to everyone on the Internet? How far back could T-Mobile's records go? Two years? Five years?
I'd say if this was played right to the media it could shut T-Mobile down in about two weeks. After all, wouldn't that be a great goal? Their inability to keep hackers out equals no reason to be in business.
Of course this was almost certainly an inside-assisted job. But then you better watch who your employees are. If you're employing people that have access to potentially sensitive data, how do you know they aren't in a financial bind and will do anything to make next month's mortgage payment? Or have some gambling debts that they have to pay or their wife will work off?
I won't be happy to see T-Mobile (really Vodaphone from Germany) go under, but if these hackers have half a brain they will take the company down. If they are just your average script kiddies this will not make to the nightly news and will have no effect on the company.
There is no mention of this in the press. Perhaps it's because this is just some trouble makers whipping up a scam story? Is there any real evidence that this hack has actually occurred? No...
If you want news from today, you have to come back tomorrow.
We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are offering them for the highest bidder.
Does not it sound just like a scam? What about sending them one of these 419eater funny guys?
what if they just got a very convincing Honey Pot ?
Now!
I'll wait for some validation. Cuz, you know;
prodsrv1|192.168.1.200|root@cia.gov sekret files|for realz|RHEL4
isn't especially convincing.
Even if it's a real list, it could be something as simple as a pilfered company document off a laptop, a script-kiddie wannabe hacker employee showing off to his friends on IRC, or any of a hundred scenarios.
Do I doubt it's difficult to own a bunch of HP-UX boxes? Nah.
Have I learned to not spastically freak out every time some random people claim they hacked something? Yah.
Trouble is, T-Mobile wouldn't exactly be forthcoming with any confirmations.
At the end of the day, you just have to plan around being hacked. You have to ensure your payment method associated with external services can handle being owned. You have to be ready for people getting your SSN and private info, since it's moronically being used for frivolous purposes everywhere.
Which is not to say you shouldn't do your best to keep your data protected and secure - I just try to plan around any data I give out to various companies being owned.
Does this mean service will improve?
How hard is it to keep a Linux, AIX and SunOS servers patched with security updates, seriously. These boxes must of never been properly secured in the first place for that many operating systems to be compromised. I know it is a bit of security through obscurity but having multiple server OS usually offers you some protection but to have this many fail seems like they need to pay more $$$$ and get a competent sysadmin group. I would not be surprised if a majority of their day to day sysadmin work was outsourced. If you do not have someone that is there with the firewall logs in real time, at least one honeypot behind the firewall and tripwire setups that page everyone but god when your honeypot is disturbed you are not even trying. Hell, I have that at home.
An Education is the Font of All Liberty
Come on, how is your gibberish any different from the rest of Slashdot?
Intriguingly, T-mobile's prepaid service is one of the best prepaid deals in the US.
If hackers compromised the contents of a backup server. There could be backups of some host(s) pre-upgrade and post-upgrade.
Telecoms is not a free market. It is an oligopoly. As such, there is no meaningful competition. The pricing of SMS is an ABOMINATION. At a personal level, this kind of gouging would be an unforgivable breach of ethics. I for one do not see why corporations should be licensed to disregard ethics.
How does a faceless corporation browbeat tens of millions of customers? One at a time, of course.
If I were a hospital, following your logic, I would negotiate with each patient. "Well, Mr. Gates, how much would you pay for a heart transplant? A billion dollars? OK, make it $1.2 billion and you've got a deal." Then one day this schmuck shows up. "Well, Mr. Schmuck, how much would you pay for a heart transplant? A hundred dollars in installments is all you can come up with? Do you know that just last week another gentleman paid us over a billion? You are insulting me. Go away. There are plenty of wealthy people who need new hearts." (the hospital negotiator seems not to notice that he is describing himself all too literally)
You may say that regulations and planned economies and safety nets do not work. That is arguable. The logical response, however, would be to say, let us apply human ingenuity, work ethic, and compassion, and try to make them work. Not, let's not even try.
Oh this is hilarious. When T-mobile's stock tanks Monday morning, someone is going to have made a killing on short-selling the stock.
Follow the money. Who stands to gain a lot by a supposed breach of all of T-Mobile's systems? Is there some proof the system is really hacked? I doubt anyone on ATT or Verizon's payroll would be dumb enough to pull this. But there are lots of hedge fund traders looking for new 'angles' to make a buck, and after having destroyed the banking system, I suspect someone has gotten wise to what could be pulled off with a little hacking. (Or suggestions of hacking)
Well, unless you bought your phone at a store with cash, and buy refills the same way..
I guess I am the "not smart" T-Mobile user, as I bought my prepaid phone through their web site.. You seem to be imply that T-Mobile is somehow a flyby night company ... They are in fact 8th largest in the world.. Verizon is 14th., AT&T is 15th., Sprint doesn't make the top 20 and they have slightly more than half as many subscribers as AT&T... Of all these companies, why should I not have trust in T-Mobile ?
waiting for ad.doubleclick.net
This could be a "shill" event. *NEW* Cyber Czar! Think about it. A manufactured cyber emergency to justify new cyber regulations and lockdown in the best of interest of "everyone".
leather-dog muksihs
Blog: @muksihs
I, for one, welcome our new hacker overlords. Who cares who sees my cell phone records or texts. Besides, you'd have to be stupid to do anything REALLY private over the airwaves these days anyway, what with Bush and Obama both agreeing that warrantless wiretaps are a good idea.
Seriously though, I've done PLENTY of shopping around over the years, and T-Mobile always has the best rates, best coverage, and best customer service out of all the US cellular providers. That might be like calling them a tall midget, but the best is the best. I get 2 lines with completely unlimited calling for less than $90.
If this is real and T-Mobile's networks actually DO get shut down temporarily, then that will just be one less way that I get bothered.
looks like some serious jail time to me... http://www.law.cornell.edu/uscode/18/1030.html
This doesn't surprise me at all. I used to work there a few years ago. Security was not something they were concerned with in the least. RSH was used everywhere and they refused even use telnet let alone ssh. The root passwords on all the Unix servers that controlled the switch was the name of the switch manufacturer. So Nokia was nokia and Nortel was nortel. Frankly this wasn't the worst thing there, don't try to do anything that might improve service or change the way things are done because that would upset the norm.
Now's my chance to call all those phone-sex lines I've always been curious about!
Sir, you owe $15,239 and 33 cents.
"But I never made those calls!?! You people got hacked last month, didn't you? They must have stolen my info!"
Oh, that's right. Alright sir, we'll take care of it. Uhmmm...by the way, sir? I can barely hear you. Why do you sound so far away?
"Oh, I can't hold my phone. I uhhh...I sprained my wrists."
[End Of Line]
What I don't understand is why many people like the idea of plans instead of prepaid phones.
Simple. It's the phone itself. The average phone is given away "free" and higher end phones are substantially discounted when you sign up for a plan at X dollars a month.
You want to buy that new Iphone/Blackberry/Next Big Thing outside of a contract? Good luck. IF it's available at all, it can easily run $600 or more up front.
In contrast, prepaid phones are typically stripped down budget models. They'll make calls, send text messages, and some will surf the web, but in the era of "phone as fashion accessory/status symbol" they're really for those that have no other options, or simply don't care.
Incidentally, it was a pain in the ass to try to tell the CSR how to get to Slashdot.
really? sure hope you don't deal with end users very often.
Is anyone else getting tired of the media's and even Slashdot's own misuse of the word 'hacker'?
Crackers Claim To Hit T-Mobile Hard
Fixed it for you.
The "cyber czar" deals primarily with internal government IT matters. He has no power to enact regulations affecting the public.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
FWIW - I don't know if it could be related or quite how, exactly, but I am a T-mobile client in the SE US, and noticed yesterday and the evening before that calls were dropping like crazy. Very, very inconsistent from their usual service, IME. T-mobile has shown good network 'uptime' since they bought out a smaller cellular company I was with about 18 months ago. (They *have* tried to dick me for a little extra cash here and there on my bill, but were good after a call to billing.) The unusual poor performance I was witness to yesterday in conjunction with this story makes me go "Hmmm...", while hoping it bears out as untrue.
"...there are some things that can beat smartness and foresight. Awkwardness and stupidity can." ~ Mark Twain
Sounds like a hoax to me.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Anyone who does not have the wherewithal and sense to not make public their extortion demand, very likely does not have the sense and wherewithal to actually harvest information. I see a text depiction of a list of alleged connections to T-Mo servers.
I do not see actual data - show me a 500 data item sample if you have anything at all.
My best guess: Some 15 year old in an Eastern European country will shortly have some 'splainin to do.
----- In Your Cubicle No One Can Hear You Scream...
nice!
We all joke, and to some extent say, "good job" to the hackers. We forget these guys are no different than the robbers and thugs you see on "cops" or the evening news, they are just more covert. No one cheers on the armed gunman, robbing a convenience store. It bothers me these guys aren't viewed in the same light.
If you could reason with religious people, there would be no religious people
No doubt that they are bad guys, but to say that they are 'no different' is taking it a little far. How many convenience store robberies have you heard of that have ended badly for the staff? There is a good chance that a convenience store robber is willing to deprive someone of their life to get what they want. A hacker is merely willing to deprive someone of property. They are more like the guy who breaks into the convenience store after hours, with the intent to run away if confronted.
The curious thing is that the typical slashdotter would have some appreciation for the skills required to pull off such a hack (assuming they didn't just find a backup tape full of passwords in the trash :) - we can more readily identify with the nerd in his basement with the world at his fingertips 'sticking it to the man' than we could with the armed robber desperate to get cash for his next drug hit. And we all hate cell phone companies. I don't know what's on the agenda for these guys though... presumably blackmail or extortion.
But when you are king and are rounding up all the hackers, remember to include the guys who are unlawfully downloading copyright material too :)
http://en.wikipedia.org/wiki/List_of_mobile_network_operators
waiting for ad.doubleclick.net
I do not applaud law-breaking, but nobody deserves it more than you do. Worst company I've ever had the displeasure of doing business with.
Where do I sign up for the class action suit? I long-ago canceled my account, but I couldn't delete my private information out of your system.
I've worked in I.T. long enough to know that the vast majority of security products and services out there are little more than selling companies a "bill of goods". Sometimes, it's a great investment, simply as a CYA move. (As a systems administrator, you're a lot less likely to get fired because of a hack if you can show you tried your best to secure everything, using products X, Y and Z, right?)
But ultimately, you can go with the most highly regarded firewall product, the top-rated anti-spyware and anti-virus solutions, implement policies requiring employees change their passwords every 30 days, encrypt sensitive information, and the whole 9 yards. But one employee who has been given access is all it takes to make it all come tumbling down. (And I imagine the vast majority of the time, that's a key component of successful hacks anyway. Remember the AOL credit card leaks a while back? Total inside job.)
In most cases, you really don't have much of a guarantee that a given product truly gives you the security it claims either. How do you REALLY know that expensive firewall doesn't have some kind of back-door in it that's never been publicized? Maybe one of their developers stuck it in there secretly, knowing he'd made FAR more than his salary selling the password to a few key hackers in the underground later?
Unless a product offers to cover all your expenses to recover from a hack, if their product or service is hacked, it's pretty weak insurance.
They might have technical chops or they might just be taking advantage of a disgruntled employee or other low-tech hole; it's impossible to say so far. What's clear is that they obviously had no idea what to do with the data once they got their hands on it.
I mean, did they really think they could just grab a dump of T-Mobile's customer database and sell it to AT&T? C'mon. Let's think about that for a minute -- what the hell is AT&T going to do with it? I'm sure their marketing department knows all about T-Mobile's demographics versus their own, and if not (and if they care) they could find out with a few calls and some relatively small payments to a research firm. Same with just about anything else I can possibly imagine them extracting from T-Mobile's servers. If AT&T or Verizon is really dying to know something about T-Mobile's operations, they have lots of easier ways to figure it out that involve a lot less risk than buying red-hot DB dumps from criminals.
Also, anyone with half a brain ought to realize that all the telco companies live in fear of being broken into, and that a major breakin is going to hurt the public's perception of the entire industry. The U.S. cellular telcos are, basically, a cartel: and if there's one thing cartel members hate more than each other, it's disruptive outsiders. T-Mobile's competitors probably didn't respond because they thought it was a joke, or some sort of Nigeria scam; if they'd known it was serious, they almost certainly would have done what Pepsi did and called the cops. Not for altruistic reasons, but for sound business ones: having basically mercenary criminals screwing around, stealing data, scaring customers, and generally upsetting the normal business environment is not to any legitimate player's advantage.
The other red-flag that screams amateur hour about the whole thing is what they did after being turned down by the "competitors" -- they posted what amounts to a "for sale" ad to the Full Disclosure list. They thought that was the best venue for selling a shitload of customer financial records? Really? There are bulletin boards, whole online communities, where criminals trade identity information. It's a mature underground economy; the information they had -- names, addresses, CC numbers, SSNs -- would have been a fungible, commodity product, well-understood and easy to resell for cash.
However they got the information in the first place, it's pretty clear they didn't think their cunning plan all the way through.)
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
* Poor privacy. T-Mobile doesn't need to know who I am or anything about me -- it's not their business. If I want to switch phones, it's easy enough to do. I don't want their junk mail, I don't want targeted ads, I don't want them selling my call history, I don't want them selling my number...basically, there are very few reasons for me to want T-Mobile to know who I am other than "someone who wants telecom service without lock-in and will pay for it".
The "l" in T-Mobile stands for lock-in. They sold me a phone that they later admitted could not be unlocked for some reason or another, after I explicitly requested a phone with international service and capability to use SMART. In 2004, they sold me a phone which did both. In 2006 they lied and sold me a piece of junk (for what I needed) that is sitting a drawer unused.
I HATE T-Mobile, HATE them. Rotten company. Rotten customer service.
Me (screaming at T-Mobile after a trip overseas): Why didn't my phone work?
T-Mobile Customer Service Rep: Sir, you were supposed to call us and enable international service before leaving the USA ... um, which our records show you did on several occasions. I'm very sorry.
Rotten company, rotten service. T-Mobile sucks. They deserve to die.
As if they would confirm this. You'd have to be insane to turn around and go "yes, we have been compromised and any calls you make can and probably will be monitored by hackers". There would be a mass exodus from T-Mobile within the hour, and they would effectively go broke by the end of the month. If I was them, I'd be coordinating teams to vet every single one of the machines to be sure - not adding to the potential for a public hysteria in already troubled environments.
Even if this is a hoax, which it may well be, you don't want to be talking about it until afterwards when you can say something like "We had hackers breach our perimiter systems, but our superb security teams saw and stopped them before they were able to get anything but our publically available user manuals". It might be bullshit, but it sounds better than "we've been hacked, you're in the shit". Your average person could deal with the former, but doubtful that they could deal with the latter.
Me failed English...
FreeBSD over Linux. If my comments seem odd, this may explain...
I am working for a Relatively Large Teleco in Europe and can say from the list of server names that this is a plausible hack.
Whether or not however they have real information or just DNS entries however is yet to be seen.
What is the basis for this conclusion?
protib02 Prod IHAP TIBCO 582 Tibco 10.1.81.21 HP-UX 11.11 BOTHELL_7 582 #N/A 1 - Tibco. An application layer messaging bus used heavily in FAB (Fulfilment Assurance Billing) area of large telecos
proetl02 Prod IHAP Teradata 576 teradata 10.133.17.51 HP-UX 11.11 NEXUS #N/A #N/A 1 - Teradata.... another product I know we are using (unknown however exactly what it does)
prowac06 Prod IHAP EAI 151 EAI - Middleware 10.1.80.91 HP-UX 11.11 BOTHELL_7 151 #N/A 1 - EAI - Middleware application used also in telecos.
Similarly the SAP Naming convention used roughly translates to some deployments I have seen in the past.
What does this whole thing give away....
Looking at the naming conventions they have three "defined" network zones:
TAMPA - Management (HP OVO, DNS, Backup Servers)
BOTHELL - Application Server zone with all sorts of stuff. Big flat topology....(ugly with lots of different services using the same subnets and DB Servers not seperated from AS)
NEXUS - Another Application Server Zone with a mix of stuff within it. This appears smaller and newer than the other from the server names.
What does this show from a security perspective?
- No clear Security Architecture ... No 3 tier architecture DMZ/Application Server/DB Server split.
- No clean separation of Backup network (backup mixed with Management functions... this should be in a seperate network).
- No clean separation of Management Network (SAN/Backup/OVO located together)
In any Teleco situation with thousands of servers it is impossible to prevent a security breach. There is always going to be servers somewhere which are unpatched, legacy, forgotten etc.
What is important is a "defence in depth" principle to limit any disclosure. In this instance that appears not to have been followed. The topology is "Flat" with an emphasis on easier communications between systems rather than minimizing communications to minimum required. This essentially stopped any chance of them being able to limit a breach.
Hopefully someone will get some lessons learned out of this. I know I will be presenting some points to our management where we should be focusing based upon this. Our security is definitely better but nothing is perfect.
I'm interested in any points that anyone else could offer here, I have not discussed all points however I am interested in the perspective of others from what they can mine there.
Please more comments!
http://streetstyles.ch/ - Schweiz Band & Fashion Tshirts
Hello world, The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band, making it the largest 1900 MHz network in the United States. Service is available in 98 of the 100 largest markets and 268 million potential customers. Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009.
All your database are belong to U.S.
All your BTS are belong to us
We forget these guys are no different than the robbers and thugs you see on "cops"
I do. I cheered for the handstanding midget that was climbing that pole.
Stop Computers/Cars Analogies on S
Just an update....Teradata is usually used as a DWH solution.
So they can offer 3-5gig on 3g for like $10 or $15 extra on your plan.
Yet to get the cheapest voice rates you must pay $100+, even though unlimited voice
if spoken 8hrs talk per 24hrs, would equal no more than 750MEGbytes of data. Thats
about $2.50 of data.
Can one ask for 100% data plan for flat $10pm and use 100% VOIP?
If industry makes averate $30 per client, then if the max ever possible was to change $10, they would loose billions!! (of the over charges)
Liberty freedom are no1, not dicks in suits.
People cannot choose different rates, because of arcane stupid plan systems.
They should ban all plans except the paying of phone rate.
Plans have wierd rates of nnn free per month for y plan, then xx free for same network, then others at b prices.
People have no freedom to 'keep plan' but move to different price schemes.
Two year plans should be banned, since most phones die within 18 months instead.
Liberty freedom are no1, not dicks in suits.
Yes, Imagining yourself as Walter Mitty the 733t hacker is an entertaining daydream that many of us have while piling numbers into excel. There is though one very important distinction you and i don't don't act on it. The phone is a utility that lives depend on.
15TW = 15,000 Nuclear Reactors. (Approx. one accident a month.)
We forget these guys are no different than the robbers and thugs you see on "cops" or the evening news
When thieves rob ordinary citizens, it's sad.
When thieves rob other thieves, it's schadenfreude.
They have a large european presence. the big names in the USA (e.g. AT&T, Sprint) are US only which makes them significantly smaller.
As a wild stab I'd almost guarantee the largest cell phone company will be either Vonage (since they are almost everywhere) or whichever Chinese company you've never heard of has the most market share in China. And if Vonage isn't in China, it's going to be that Chinese company in first place.
No one cheers on the armed gunman, robbing a convenience store. It bothers me these guys aren't viewed in the same light.
Actually in The Netherlands, there were a number of robber gangs that targeted strongboxes of companies and municipalities. These were seen as modern Robin Hood-types, stealing from the rich (as opposed to regular burglars that stole from the common people). They drove around in fancy cars and even flaunted with the gas cylinders (of cutting torches) sticking out of the back windows of their cars.
I can't really imagine admiring a robber, but I do remember that some ten years ago, hackers were seen in much the same light. Grandparent poster is probably stick in that era.
8 of 13 people found this answer helpful. Did you?
This seems to be a small node of servers, but a lot of them seem to have integrated backups of databases. Either the person is on the inside, and got a backup of info from them without them noticing, or someone on the outside was able to fingerprint all the servers, and this can only be done if you have access into the network, either way, this is not good!!!
As an out of work GM software engineer, I would hack t-mobile, but I got a raid in 20min...
I kid, I kid.
Although I do play WOW now and again. I just had a thought. Most hackers in the past I had always thought were those individuals who are interested, pretty smart, and have a lot of time on their hands, like kids, and out of work people.
Now of course both those groups of people can spend inordinate amounts of time playing WOW! I just kind of wonder how big a dent WOW is putting into the Hacking community? :)
'Leet Haxxor 1: We are taking down t-mobile this weekend! OK so Phiber Optik you...
Phiber Optik: Whoa whoa! Soory Braa! I got Uldar content to do! Gots to get me raid on if you know what I am sayin'! Booya!
BlackHatz: Ya I got a guild run too, sorry. Maybe next week.
'Leet Haxxor 1: Fine fine, I might as level my death knight then...
I think the "good job" attitude we refer to in situations like this is not because of the actual property / data compromised but the fact it sheds light to the public that computer security is not being scaled as it should. Mom & Pop shops getting hacked likely happens quite a bit but for a much larger company (that specializes in data) to get touched like this is a wake up call. If we talk about bank robbers it would be similar to some kid taking all the money out of a bank with out having to walk into it and no one noticing it was gone, for something like that to happen it is not legally the banks fault but in reality they should taken to the wood shed and smacked around. I think the mentality behind this is that the "hackers" want to be caught and get somewhat disappointed when they don't that's why they raise all this bs. It's kinda like saying this shouldn't be happening what's going on. I'm almost happy this has happened since if there are vectors that can be exploited to result in this, these guys were not likely the first ones to do it. Now all we need is for each T-Mobile customer to dispute their bill based on this for them to really start to take this stuff seriously.
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
If lives depend on this service then would you rather these guys bring this flaw to light or wait until someone wants the system to fail takes it from under you with out a word of warning?
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
What I enjoy about Hackers is this: they are a check to the system, regardless of the system, the system's owner, or how much money/resources that system's owner has at his disposal.
Now, if only all hackers acted with "Robbin Hood" mores rather than juvenile pumpkin-smashing vandals...
[Insert pithy line of moxie here.]
Not Yet.
leather-dog muksihs
Blog: @muksihs
If they were interested in doing a public service they would notify TMobile of the problem and we never would have heard about it. They aren't trying to make the network more stable, they're trying to steal and sell the data. This isn't exactly a Robin Hood scenario.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
I tried to reach TMo customer service using their "Live Chat" service this morning, and the first time I tried, I couldn't get through. Then I saw this story and wondered if it was related. But probably all the reps were getting donuts.
Well said. If this turns out to be true, and people have all their billing info, usage info, etc. compromised... I feel bad for those people.
Silly poster. Don't you know that the United States is the only country that matters, and that since T-Mobile is #4 or 5 here, they've gotta be a small fry altogether?
My blog. Good stuff (when I remember to update it). Read it.
According to the Wikipedia link above, China Mobile grabs the number one spot (shocking). Vodafone, a UK company, has the number two spot, presumably because of an Indian presence. T-Mobile, a German company, is 8th. The highest US company is Verizon, at number 14, AT&T at 15.
When you want to send an e-mail to a T-Mobile user, you address it to [10-digit-number]@tmomail.net But many (including myself) address it to [10-digit-number]@tmobmail.net (there should not be a "b"). So I registered @tmobmail.net and have an auto-reply that informs the sender of the mistake. I would not believe the amount of sexting messages I receive through it. When I tried to contact T-Mobile folks (unsolicited e-mail) to see if they cared / wanted it, etc, I received no replies.
I think he means it's (vaguely) hard to spell out the URL of the site to someone who doesn't know of it. Say it out loud: "slash-dot-dot-org" Er... "/..org?" What? If you add in the protocol scheme it's even worse: "h-t-t-p-colon-slash-slash-slash-dot-dot-org." Ugh. (Ok, so no one would add on the http:/// prefix when telling someone a URL... but it's still kinda funny.)
Xfce: Lighter than some, heavier than others. Just right.
The people who stand to lose here are the T-Mobile customers who have their billing data stolen, their credit card numbers traded, and so on.
There's way more money in having the data than the actual content of the data. I'm sure these guys couldn't be bothered with all the work involved in identity theft or credit card fraud. Too many small deals, too much exposure. Not to mention all those cards will be quickly flagged and effectively useless.
According to the article, these guys wanted to make one big sale to a competitor. Sprint or Verizon or their ilk won't care about your credit card numbers, either. They're more interested in knowing what "the other guy" is using for a database, or what kind of hardware they use, or their backup policy, or the vendors they use... fairly mundane stuff to you or I, but a huge competitive advantage for them.