Jun 07

This is not how you do it… T-Mobile Hacked

T-Mobile Hackers trying to sell Network and Customer data…

Wow.  That’s all I can say.  T-Mobile is hacked BIGTIME and from the looks of things, I’d say they knew about it.   Typically in these sorts of situations, the hackers will contact the company they just owned and try to buy their silence.  Now, if the company refuses, then that data gets shopped around.

Now, if there’s no buyer after that, the hacker isn’t just going to walk away, especially on a large scale hack like this.  They’re either going to A: Auction your data off to the highest bidder, or B: Publicly release it for the fame/glory/etc.

I think the biggest thing that concerns me about this, being a T-Mob customer and all, is that even after being contacted by the hackers (assumed at this point), I’ve seen ZERO notice from T-Mobile about this.   Given the scale of their operations, and the control they have over your private data, this is quite concerning.

Let’s think about this for just one second, here’s a bit of info T-Mobile has on you…

  • Full Name
  • Home Address
  • Phone Number
  • Answers to private security questions (commonly reused by people from site to site)
  • Social Security Number
  • Birthdate
  • Credit Card Number
  • Credit Card Expiration Date
  • Credit Card CCV Value (possibly, vendors aren’t supposed to store, but you never know)
  • Billing address if it differs from your Main acct address.

Now, that’s just the billing info alone, and if they hackers do have root access on the machines in that URL above, which contains quite a few billing machines, we can assume they have this data in some form.  Let’s look at the other data they have on you…  Here’s where things start to get even freakier than simple credit card fraud and identity theft potential of the situation.

  • Your Phone Number
  • Your Phones IMEI (numerous repercussions from this)
  • Your Call History (Inbound and Outbound)
  • Radio Tag Number
  • GPS Tag (Yes, your phone has a GPS/Cell location unit.   Yes it can be used to track you without your knowledge)
  • Text Message History (inbound and outbound)
  • Email History
  • Access to your cam-phone pictures (most phones upload and store these online now)

Now, the above list is all stuff that your cell provider logs and tracks.  We know this, it’s public knowledge, etc.  Let’s go ahead and put on the SUPAR BIG tinfoil hat now…   With the advent of government pushes into call logging/tracing/information tracking, we know for a fact that several of the big telcos already record phone calls, fully log all data communications, and have active taps on all of this information.

As more or less of a mental exercise, what do you think the repercussions from this hack look like now?   How far did the intrusion go, and what is the extent of the data turnover?

Spooky, isn’t it.  The even spookier part is that I doubt we’ll ever get a public acknowledgment from T-Mobile regarding this intrusion, any turnover of customer data, nothing.

If you don’t want to end up like T-Mobile, it might be time to look into a proper security audit of your network.
serveradmins.NET