Feeds

back to article Hackers claim T-Mobile scalp

Hackers claim to have stolen all T-Mobile US's corporate data, customer accounts, network infrastructure - the whole lot. According to emails from "pwnmobile": "We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009." The mail, sent to The Reg, claims …

COMMENTS

This topic is closed for new posts.
Stop

Really.

So, Hackers with access to many terabytes of storage space have a copy of every bit of data that TMUS have. I'm not sure I really believe that.

They appear to have a (genuine) list of servers. While slightly worrying, that doesn't mean that those servers have been compromised. Could easily have come from some Ops monkey leaving their lappy behind in a bar...

Do they have any actual proof?

0
0

Re: Really

They don't need all those terabytes of data - just names, CC numbers and social security would be sufficient...

They said that they "pwned" the servers for some time - looks like some kind of rootkit being installed and work being done from there.

Still no confirmation from anywhere, but if it is true, T-Mobile and their services arm - T-Systems, will take a big blow.

0
0
Alien

Hate the advert dont care

That T-mobile advert with every idiot singing annoys the hell out of me so I hope T-mobile is crushed just for that alone.

Harsh? Dont care I hate adverts and death to all that make them.

0
0
Ian

Share scam?

I couldnt track down their stock online. Probably not listed under something obvious like T-Mobile US...

If anyone else does find it. Whats its price done in the last day or 2? Curious if it dropped a bunch on this rumour.

0
0
Anonymous Coward

pwned DNS server more likely

get the MAC address and see what server type etc. Not impressive, not clever.

Goes to show they should be running Windows rather than pwn-able *nix boxes.

0
0
Stop

Good Luck To Them

The list of servers might be correct, but who cares. Having experience working with network operator backends, it's not an easy task compiling information from the DB. Not to mention that these idiots have no way of transferring all of the data, since most systems are spread over 3/4 different solutions, the billing system alone is normally beyond any logical comprehension.

Guess the clock is ticking for a resolution between them finding something usable/profitable and law enforcement agencies finding them.

0
0
Anonymous Coward

RE Share Scam

They are listed under DEUTSCHE TELEKOM N( XETRA: DTE.DE / ISIN DE0005557508 )

Last Trade: 7.99 €

Trade Time: 11:56am

Change: 0.03 (0.31%)

Prev Close: 7.96

Open: 8.05

Bid: 7.98

Ask: 7.99

1y Target Est: 10.59 €

Day's Range: 7.89 - 8.06

52wk Range: 8.91 - 12.03

Volume: 7,716,313

Avg Vol (3m): 23,675,500

Market Cap:

All seems normal...

0
0
Bronze badge

T-Mobile is 'aware of the claim'

I'm a T-mobile US customer and just contacted them. They're 'aware' of the 'claim' and are 'investigating'.

This should be interesting.

0
0
Pirate

Unpatched servers?

... I see an awful lot of HP-UX 11.11 on that list. That's pretty old and fulla holes.

0
0
Joke

HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

"Goes to show they should be running Windows rather than pwn-able *nix boxes."

Man you kill me, that's got to be the funniest thing I've heard for ages............

0
0

LDAP

The listing looks like a LDAP cache dump.

As already mentioned LDAP like DNS is usually publically readable (internally) and all it takes is one windows box infected and hey presto they have the above listing.

Of course, this does not mean they have *access* to any of these systems = the windows box is very likely is probably one or two firewalls away from production systems.

Jacqui

0
0
Flame

Internal leak, no one actually hacked in!

This looks like the excel list of servers to be patched, no where near the full list of servers. They do have windows servers, just the person who leaked this may not have the list of server names....sounds like a pissed of Unix SA who got lynched in the reorg/corp location closings..............

0
0
Black Helicopters

They refused

Email bounced as undeliverable

Don't you just hate it when that happens?

0
0
Black Helicopters

I've made an offer they cant refuse

£25.00 for the lot then I can delete it

everyone will be safe again

Anyone wanna contribute, I'm broke at the moment

0
0
Boffin

Um, I think what they are showing is just an example of what they have

They aren't going to publicize everything they have, then ask people for cash. There are people out there that can look at what they are publicizing and see it for the potential threat it is, not just recognize what it came from :P

Anyway I've worked for 2 kind of big companies recently with full access to their customer data interfaces. If they are good examples of other corps customer databases and how they are run; the windows systems have internet access, and with windows they can be infected easily; they tend to be secured by the popular anti viruses to hack around, so really no security there; if someone were to actually get into the system itself through a windows terminal (as all clients have it turned on by default so the IT guys can fix and admin the computers easily (yey windows) then all they need to do is run the same program I do to access customer data and just export the database contents slowly over time, or better yet, use my profile to do it while I'm already using it, as I can log into more than one PC to do this at the same time if I really wanted to on most customer database systems. They can learn all this by just watching what we are all doing for a week or two remotely.

To do this is well within the power of the hackers that do it for a living, and with people VPN'ing from home and such with full access to the data, the hackers could just as easily go through the corporate presidents VPN'ed from home system if they get lucky enough to take it over. I've worked remotely on user's systems where they use it as their home computer, with family member users created on it and everything. Or the users that use their own home computers to access data on the corporate network... over home wireless (everyone should know by now NO ONE really knows how to secure their wireless network). There's about as many geeks out there that can take a car engine apart and put it back together as there are home users that know anything about wireless, or any kind of basic security, or basic PC tech of any kind really. But they all own them. I own a car, but if it broke I use AAA, I try not to pretend to know what it's doing inside just because I own one :P If we as tech's don't make things as simple as putting a button on the computer, that when you press it, it lights up showing your security is turned on your computer, then we can't expect people to know what the "right thing" to do is. Especially when the best of us have all gotten a virus (or hundreds, when we find our AV has completely failed), our advantage is some of us know how to clean it off without reinstalling everything from scratch. But the average person is very used to having to blow their system away and start over, after the first time(s) it happens to them. I really shouldn't have to explain any of this :P

I'm actually surprised something like this didn't happen sooner, or maybe this is just the first company they went public with.

The companies I mention having worked for are Bausch & Lomb and Globalcrossing, both take their security very seriously, but like most (or all if they are big) companies, they bought into windows faster than they knew how. Ease of use has been more important than security for a loooong time. At least Globalcrossing has people who hover over the servers and network making sure nothing strange is going on. Non-IT companies have to rely on faith that the security is actually working properly, because they go cheap on the IT staff that only knows how to play with windows, not actually use it :-P When your IT can't explain to your boss that it isn't you who is popping the porn up on your computer screen, the company is pretty much relying on borrowed time.

So what I was getting at initially is, showing they can see what the DNS knows is just an example, what should be a BIG example as it is one of the key servers for any functioning network. If they have the same access to the rest of the network, which is I think what they are trying to get at, then they literally could have everything on every customer that has ever existed. And people who do this for a living have plenty of cash to buy HDD to store the DB data. I probably have enough cash to buy the HDD to store the data, it's not like it's mine, I'm not going to set up a raid array to keep it safe ;P lol maybe burn a couple hard copies though if I wanna make money off of it. But this is all common sense kind of things, or should be to the IT crowd.

Anonymous because I said and know waay too much, between the required IT classes I have taken, and the radio communications -> wireless networking course taught by an ex Navy radio man, and ham radio officio, and working so much helpdesk for home and corporate users, the main thing I have learned is ignorance is really bliss. And the idea that there are a lot of people who know enough to be dangerous, but not enough to be helpful, has never been more appropriate than today ;-P Best thing about when the present gets this crazy is that it will be our past soon enough.

Boy I had a lot of hot air backed up in there.

0
0
This topic is closed for new posts.