back to article Hacker cracks Vodafone Germany, steals data of 2 million customers

A hack on a Vodafone Germany server has exposed the personal details – including banking information – of two million of its customers. Hackers accessed names, addresses, bank account numbers and dates of birth. Phone numbers, credit card details and passwords are thought to be safe, but the leaked information is still pretty …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    "Hardly possible"?

    Bad translation. Correct translation for "Es ist für den Täter kaum möglich" would be:

    "It is virtually impossible for the perpetrator"

    1. Charlie Clark Silver badge

      Re: "Hardly possible"?

      Actually, "hardly" is a good translation of "kaum".

    2. Cthonus

      Re: "Hardly possible"?

      "In a statement (in Deutsch) expressing regret over the incident and promising to inform customer[s], Vodafone.de said that police have identified a[n] unnamed suspect and carried out a search."

      It's not that much better in English...

      1. gazthejourno (Written by Reg staff)

        Re: Re: "Hardly possible"?

        Ja, das stimmt. Naechstes Mal sollten wir richtige Deutsch benuetzen. Leider ist is nicht moeglich, alle deutsche uebersetzungen zu lesen. ;-)

        1. RobHib
          Facepalm

          @gazthejourno - - Re: "Hardly possible"?

          Leider ist is nicht moeglich, alle deutsche uebersetzungen zu lesen.

          Korrigieren Sie! - - Of course it's not. It's the same for all languages, exact one-for-one translations are often impossible to translate exactly. Good translation is the art of using words both effectively and sparingly so native speakers interpret meanings as is best possible. Here, the translation is completely clear enough.

          --

          ...Back to the article, this is big and significant attack on an institution whose members (account holders) represent a broad cross section of the community. Phishing such data could reveal all sorts of significant results. Politicians, employees of state security organizations, government and corporate etc. are the types of user accounts to be found here.

          In the light of NSA and GCHQ security revelations, and if telco accounts can be hacked by 'amateurs' (i.e.: non-state operatives), then this is another (and increasingly common) instance of a high profile security violation, and it doesn't bode well for internet users generally.

          I'm just a bit-player with bugger-all info that's useful to anyone other than me. Nevertheless, in recent months, it's become very clear to me that those who've significant and valuable information in cyberspace should consider removing it.

          If customer/user data cannot be secured on Vodafone—one of the largest telcos (and one of the really large companies in the world)—a company that ought to have all the security resources it needs to secure user data, then seemingly there's no real guarantee that it can be secured truly safely anywhere else on the net.

          Perhaps, for the time being anyway, we have to assume that the internet can only be used for securing medium-to low grade data. In recent years, there have been just too many other similar examples of security violations by both cyber criminals and governments to think otherwise.

    3. zb

      Re: "Hardly possible"?

      I doubt if it is a coincidence that when I put the German version into Google translate it came up with:

      "It is hardly possible for the perpetrator"

    4. Hatir Larigo

      Re: "Hardly possible"?

      No, the original translation is correct ("hardly"); virtually would be something like "so gut wie unmöglich / praktisch unmöglich".

      1. gazthejourno (Written by Reg staff)

        Re: Re: "Hardly possible"?

        Would "barely possible" satisfy the panel? The literal translation and the meaning are two slightly different things here - "kaum moeglich" isn't quite idiomatic but does suffer a bit when rendered into English.

  2. btrower

    Don't walk. Run.

    Re: "It is hardly possible to use the data to get directly access to the bank accounts of those affected"

    Say the people who need you to believe that, especially if it is not true. This would not even be a discussion if they had not been wrong the last time they made a security estimate. Hmmmm.

  3. Robin

    Riding through the desert on a horse with no name

    "Vodafone.de said that police have identified a unnamed suspect and carried out a search."

    Identifying someone without a name deserves bonus points, surely?

  4. MyHandle123

    Hacker?

    If that's what you call the activities of corporate contractors working for the NSA.

  5. RainForestGuppy

    Not a Hack

    On the Beeb news site:

    A suspect has now been identified and his home searched, said Vodafone, which meant it could now talk about the incident and inform the two million victims. In total, Vodafone Germany has about 36 million mobile customers.

    "This attack could only be carried out with high criminal intent and insider knowledge and was launched deep inside the IT infrastructure of the company," said the operator

    Basically an employee inside the company copied the data onto a USB key and walked out with it. Calling it a hack is just Vodafails way of trying to convince people that they actually had some security on there systems.

    1. RainForestGuppy
      Headmaster

      Re: Not a Hack

      their systems.

    2. Robert Helpmann??

      Re: Not a Hack

      Insider threats are the most likely to succeed. There are well-established ways of implementing security to deal with these, but they are just so darn much trouble...

  6. i like crisps
    Big Brother

    'ACHTUNG BABY'

    Ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha .........That is all.

  7. Anonymous Coward
    Anonymous Coward

    Ho hum DLP n DPA

    I presume that Deutchland has an equivalent to the Data Protection Act.

    That's the UK legislation whereby an organisation *cough* Glasgow Council/MoD *cough* (int. al.) gets some bad press and a bit of a fine that tax payers get to pay for losing huge wodges of data on kiddies or Top Secret thingies.

    Data Loss Prevention is not impossible but generally tricky. Part of it can be automated: encryption of all systems, USB n stuff control etc but it also needs administering and also a corp/org policy.

    Those bloody annoying policy things and auditors are there for a reason (if they exist) but an org that has no real financial or other implication of failing to comply with something like a DPA wont bother. It's a simple commercial decision compounded with ignorance.

    This is doubly amusing from a firm that _provides_ internet access for millions of folk via their phones.

    Cheers

    Jon

  8. Anonymous Coward
    Anonymous Coward

    eRRoR

    This should hardly never happen.

  9. Sir Barry

    "It is virtually impossible to use the data to get directly access to the bank accounts of those affected,"

    I do like it when words like "virtually" are used, it is either possible or impossible there should be no grey areas.

    1. John Brown (no body) Silver badge

      "it is either possible or impossible there should be no grey areas."

      That's what risk assessments are all about. Balancing cost against risk. Make as hard as possible up to a financial limit based on the value of the data. "Impossible" in data security in not achievable but the closer you get, the more costly it is and that's pretty much an exponential curve.

  10. Luther Blissett

    Now why would they say they that?

    "other countries were not affected". And howTF would Voda Germany know about the status of servers in other countries anyway? Since when has Germany taken over the EU, lol?

    It turns out this is not the first time that Vodaphone have been seriously deep pwned. Here: http://www.theregister.co.uk/2007/07/11/greek_mobile_wiretap_latest/

    Fingers in the security budget again?

This topic is closed for new posts.

Other stories you might like