Results 1 to 5 of 5
  1. #1
    Join Date
    Aug 2004

    T-Movile owned ?

    This was like a "are you kidding me moment"

    The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band, making it the largest 1900 MHz network in the United States. Service is
    available in 98 of the 100 largest markets and 268 million potential customers.

    Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers,
    financial documents up to 2009.

    We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are
    offering them for the highest bidder.

    Please only serious offers, don't waste our time.


    WOW ! i wonder what the CISO must have felt after reading that..

    Btw, all you opera users, the site give's a fraud URL warning ..

    I also found something over at Wikipedia :

    In January 2005 it was revealed that a 21 year old cracker named Nicolas Jacobsen had been charged with intruding into T-Mobile's internal network[23]. Reports indicate that for about a year he had access to customer passwords, address books, Social Security numbers, birth dates, and Sidekick photos but not credit card numbers. He was also able to read customer e-mail including that of the US Secret Service. He was identified by a Secret Service informant as part of Operation Firewall who provided evidence that Jacobsen had attempted to sell customer information to others for identity theft. T-Mobile and the Secret Service did not elaborate on the methods Jacobsen used to gain access but sources close to the case indicated that an unpatched flaw in the Oracle WebLogic Server application software used by T-Mobile was the weakness he exploited[24]. Additional SQL injection vulnerabilities with their web site were reported by Jack Koziol of the InfoSec Institute[25].

    An additional security flaw with their voice mail system passwordless login feature exposes the customer's voice mails to third-parties by way of Caller ID spoofing. T-Mobile recommends that this feature not be used but still offers it by default due to customer demand[26].

    T-Mobile's policy of requiring prepaid phone customers using credit cards to provide the last four digits of their Social Security number has also been criticized.[27] Alternative methods of authentication such as the Card Security Code could be used instead.


    Last edited by ByTeWrangler; June 8th, 2009 at 07:41 AM.
    Parth Maniar,

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    SW MO
    Wow. That is pretty scary. Makes you wonder how much information is being leaked that we don't know about.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"


  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    This was like a "are you kidding me moment"
    Exactly.............there are too many things wrong with it IMO

    We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009.
    1. When you steal stuff you steal stuff you can sell. At least 80% of the corporate data I have ever encountered is of no black market value whatsoever.

    scripts and programs from their servers
    And just what are you going to do with binary executables?

    3. When you steal data in the USA you don't send e-mails offering it to competitors. The US have very strict laws about that sort of thing and you can be 99.99% certain that the matter would be immediately reported to the Feds.

    4. Given the size of T-Mobile, is it feasible that all their data could be accessed and downloaded without someone noticing the traffic?

    5. You don't advertise stolen material on seclists.org; you quietly offload it on the darkside.

    6. Given the relationship between the US and Israel, I wouldn't have chosen an Israeli mail provider for this sort of thing [Incidentally, the e-mail address bounces]

    7. Despite the sloppy reporting T-Mobile have not confirmed that sensitive customer data have been compromised.

    8. If I had really infiltrated T-Mobile I would make sure that I published snippets of information that were obviously personal, confidential, and damaging. Firstly because it would put the fear of God into T-Mobile, and secondly because it would show the potential market that I really had something worth buying?

    My guess would be:

    1. A hoax or prank.
    2. A disgruntled ex-employee.
    3. A disgruntled ex-customer.

    Given that the investigation is bound to have cost T-Mobile more than $5,000 I would say that #2 & #3 are the most likely, as their motivation might be sufficient to risk a Federal investigation.
    Last edited by nihil; June 10th, 2009 at 09:36 AM.

  4. #4
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Quote Originally Posted by nihil View Post
    Johnno, I can make you a lil more paranoid, and i can say that this ain't no hoax..

    T-mobile have somewhat acknowledged the hack... at them admittin' to a little just not all of it

    Last edited by t34b4g5; June 10th, 2009 at 11:39 AM. Reason: maybe Posting it wasn't my best idea

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    I still don't buy it.................all they published were some server details.....big deal. If you are a provider you already know how they work and if you aren't then you couldn't care less?

    If these people were the full Monty they would have published customer name, address, account number and bank details. Easily verified, and then the excrement would really hit the Venturi propeller

    It could be dumpster diving, but my money would be on a former employee/contractor with access to the information, which I doubt would be classed as much more than a low grade of company confidential.

    I am not saying that the information isn't genuine; just that it is worthless and does not provide evidence of any more serious breach.

    My basic take on it is that if you were really attempting to extort T-M or sell the data you would provide much more conclusive evidence and/or be far more circumspect. This looks more like someone wanting to stir up trouble for T-M?

Similar Threads

  1. You got OWNED!
    By Jareds411 in forum Tech Humor
    Replies: 2
    Last Post: May 9th, 2006, 04:28 AM
  2. Owned in 4 mintues
    By fyrewall in forum Miscellaneous Security Discussions
    Replies: 20
    Last Post: December 2nd, 2004, 08:16 PM
  3. Owned
    By MemorY in forum Tech Humor
    Replies: 9
    Last Post: June 5th, 2004, 02:57 AM
  4. owned as we speak
    By Tedob1 in forum Microsoft Security Discussions
    Replies: 16
    Last Post: February 17th, 2004, 04:08 AM
  5. Comp got owned. Need advice.
    By Smiles in forum Miscellaneous Security Discussions
    Replies: 10
    Last Post: October 9th, 2003, 04:21 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.