June 7th, 2009, 05:41 PM
T-Movile owned ?
This was like a "are you kidding me moment"
The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band, making it the largest 1900 MHz network in the United States. Service is
available in 98 of the 100 largest markets and 268 million potential customers.
Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers,
financial documents up to 2009.
We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are
offering them for the highest bidder.
Please only serious offers, don't waste our time.
WOW ! i wonder what the CISO must have felt after reading that..
Btw, all you opera users, the site give's a fraud URL warning ..
I also found something over at Wikipedia :
In January 2005 it was revealed that a 21 year old cracker named Nicolas Jacobsen had been charged with intruding into T-Mobile's internal network. Reports indicate that for about a year he had access to customer passwords, address books, Social Security numbers, birth dates, and Sidekick photos but not credit card numbers. He was also able to read customer e-mail including that of the US Secret Service. He was identified by a Secret Service informant as part of Operation Firewall who provided evidence that Jacobsen had attempted to sell customer information to others for identity theft. T-Mobile and the Secret Service did not elaborate on the methods Jacobsen used to gain access but sources close to the case indicated that an unpatched flaw in the Oracle WebLogic Server application software used by T-Mobile was the weakness he exploited. Additional SQL injection vulnerabilities with their web site were reported by Jack Koziol of the InfoSec Institute.
An additional security flaw with their voice mail system passwordless login feature exposes the customer's voice mails to third-parties by way of Caller ID spoofing. T-Mobile recommends that this feature not be used but still offers it by default due to customer demand.
T-Mobile's policy of requiring prepaid phone customers using credit cards to provide the last four digits of their Social Security number has also been criticized. Alternative methods of authentication such as the Card Security Code could be used instead.
Last edited by ByTeWrangler; June 8th, 2009 at 07:41 AM.
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
June 7th, 2009, 11:51 PM
Wow. That is pretty scary. Makes you wonder how much information is being leaked that we don't know about.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
June 10th, 2009, 09:34 AM
Exactly.............there are too many things wrong with it IMO
This was like a "are you kidding me moment"
1. When you steal stuff you steal stuff you can sell. At least 80% of the corporate data I have ever encountered is of no black market value whatsoever.
We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009.
And just what are you going to do with binary executables?
scripts and programs from their servers
3. When you steal data in the USA you don't send e-mails offering it to competitors. The US have very strict laws about that sort of thing and you can be 99.99% certain that the matter would be immediately reported to the Feds.
4. Given the size of T-Mobile, is it feasible that all their data could be accessed and downloaded without someone noticing the traffic?
5. You don't advertise stolen material on seclists.org; you quietly offload it on the darkside.
6. Given the relationship between the US and Israel, I wouldn't have chosen an Israeli mail provider for this sort of thing [Incidentally, the e-mail address bounces]
7. Despite the sloppy reporting T-Mobile have not confirmed that sensitive customer data have been compromised.
8. If I had really infiltrated T-Mobile I would make sure that I published snippets of information that were obviously personal, confidential, and damaging. Firstly because it would put the fear of God into T-Mobile, and secondly because it would show the potential market that I really had something worth buying?
My guess would be:
1. A hoax or prank.
2. A disgruntled ex-employee.
3. A disgruntled ex-customer.
Given that the investigation is bound to have cost T-Mobile more than $5,000 I would say that #2 & #3 are the most likely, as their motivation might be sufficient to risk a Federal investigation.
Last edited by nihil; June 10th, 2009 at 09:36 AM.
June 10th, 2009, 10:59 AM
Johnno, I can make you a lil more paranoid, and i can say that this ain't no hoax..
Originally Posted by nihil
T-mobile have somewhat acknowledged the hack... at them admittin' to a little just not all of it
Last edited by t34b4g5; June 10th, 2009 at 11:39 AM.
Reason: maybe Posting it wasn't my best idea
June 10th, 2009, 12:19 PM
I still don't buy it.................all they published were some server details.....big deal. If you are a provider you already know how they work and if you aren't then you couldn't care less?
If these people were the full Monty they would have published customer name, address, account number and bank details. Easily verified, and then the excrement would really hit the Venturi propeller
It could be dumpster diving, but my money would be on a former employee/contractor with access to the information, which I doubt would be classed as much more than a low grade of company confidential.
I am not saying that the information isn't genuine; just that it is worthless and does not provide evidence of any more serious breach.
My basic take on it is that if you were really attempting to extort T-M or sell the data you would provide much more conclusive evidence and/or be far more circumspect. This looks more like someone wanting to stir up trouble for T-M?
By Jareds411 in forum Tech Humor
Last Post: May 9th, 2006, 04:28 AM
By fyrewall in forum Miscellaneous Security Discussions
Last Post: December 2nd, 2004, 08:16 PM
By MemorY in forum Tech Humor
Last Post: June 5th, 2004, 02:57 AM
By Tedob1 in forum Microsoft Security Discussions
Last Post: February 17th, 2004, 04:08 AM
By Smiles in forum Miscellaneous Security Discussions
Last Post: October 9th, 2003, 04:21 AM