T-Movile owned ?

[ByTeWrangler]

This was like a "are you kidding me moment"

The U.S. T-Mobile network predominately uses the GSM/GPRS/EDGE 1900 MHz frequency-band, making it the largest 1900 MHz network in the United States. Service is
available in 98 of the 100 largest markets and 268 million potential customers.

Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers,
financial documents up to 2009.

We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are
offering them for the highest bidder.

Please only serious offers, don't waste our time.

http://seclists.org/fulldisclosure/2009/Jun/0062.html

WOW ! i wonder what the CISO must have felt after reading that..

Btw, all you opera users, the site give's a fraud URL warning ..



I also found something over at Wikipedia :

In January 2005 it was revealed that a 21 year old cracker named Nicolas Jacobsen had been charged with intruding into T-Mobile's internal network[23]. Reports indicate that for about a year he had access to customer passwords, address books, Social Security numbers, birth dates, and Sidekick photos but not credit card numbers. He was also able to read customer e-mail including that of the US Secret Service. He was identified by a Secret Service informant as part of Operation Firewall who provided evidence that Jacobsen had attempted to sell customer information to others for identity theft. T-Mobile and the Secret Service did not elaborate on the methods Jacobsen used to gain access but sources close to the case indicated that an unpatched flaw in the Oracle WebLogic Server application software used by T-Mobile was the weakness he exploited[24]. Additional SQL injection vulnerabilities with their web site were reported by Jack Koziol of the InfoSec Institute[25].

An additional security flaw with their voice mail system passwordless login feature exposes the customer's voice mails to third-parties by way of Caller ID spoofing. T-Mobile recommends that this feature not be used but still offers it by default due to customer demand[26].

T-Mobile's policy of requiring prepaid phone customers using credit cards to provide the last four digits of their Social Security number has also been criticized.[27] Alternative methods of authentication such as the Card Security Code could be used instead.


http://en.wikipedia.org/wiki/T-Mobil...ecurity_issues



http://www.securityfocus.com/news/10271
http://www.wired.com/politics/securi.../2005/02/66735

[westin]

Wow. That is pretty scary. Makes you wonder how much information is being leaked that we don't know about.

[nihil]

This was like a "are you kidding me moment"

Exactly.............there are too many things wrong with it IMO

We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009.

1. When you steal stuff you steal stuff you can sell. At least 80% of the corporate data I have ever encountered is of no black market value whatsoever.

2.

scripts and programs from their servers

And just what are you going to do with binary executables?

3. When you steal data in the USA you don't send e-mails offering it to competitors. The US have very strict laws about that sort of thing and you can be 99.99% certain that the matter would be immediately reported to the Feds.

4. Given the size of T-Mobile, is it feasible that all their data could be accessed and downloaded without someone noticing the traffic?

5. You don't advertise stolen material on seclists.org; you quietly offload it on the darkside.

6. Given the relationship between the US and Israel, I wouldn't have chosen an Israeli mail provider for this sort of thing [Incidentally, the e-mail address bounces]

7. Despite the sloppy reporting T-Mobile have not confirmed that sensitive customer data have been compromised.

8. If I had really infiltrated T-Mobile I would make sure that I published snippets of information that were obviously personal, confidential, and damaging. Firstly because it would put the fear of God into T-Mobile, and secondly because it would show the potential market that I really had something worth buying?

My guess would be:

1. A hoax or prank.
2. A disgruntled ex-employee.
3. A disgruntled ex-customer.

Given that the investigation is bound to have cost T-Mobile more than $5,000 I would say that #2 & #3 are the most likely, as their motivation might be sufficient to risk a Federal investigation.

[t34b4g5]

SNIP

Johnno, I can make you a lil more paranoid, and i can say that this ain't no hoax..

T-mobile have somewhat acknowledged the hack... at them admittin' to a little just not all of it

snipppp*

[nihil]

I still don't buy it.................all they published were some server details.....big deal. If you are a provider you already know how they work and if you aren't then you couldn't care less?

If these people were the full Monty they would have published customer name, address, account number and bank details. Easily verified, and then the excrement would really hit the Venturi propeller

It could be dumpster diving, but my money would be on a former employee/contractor with access to the information, which I doubt would be classed as much more than a low grade of company confidential.

I am not saying that the information isn't genuine; just that it is worthless and does not provide evidence of any more serious breach.

My basic take on it is that if you were really attempting to extort T-M or sell the data you would provide much more conclusive evidence and/or be far more circumspect. This looks more like someone wanting to stir up trouble for T-M?