Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Claims of T-Mobile Hack Raise More Questions Than Answers

Claims have been made by an unknown party that they have compromised the US cellular network carrier T-Mobile and have managed to extract all of the corporate data, including databases, confidential documents, scripts and programs from company servers and full financial data up to the present time.

Issuing the public announcement over a weekend means that it is going to take some time for T-Mobile to investigate the claims and make a formal statement, but already there are elements which suggest scam, and some which suggest that the material is legitimate.

Leaning towards scam is the claimed ignorance by T-Mobile's competitors when they were approached with the data the hackers claim to have. This might just be that the hackers relied upon emails to reach the competitors, and with the email address pwnmobile@... they were likely to end up in the spam bin before anyone would be able to see the material on offer. There are better ways to reach people than through unsolicited email, but there are increased risks with taking this approach.

Previous cases where there have been attempts to sell company secrets, especially for major public companies, have ended with major law enforcement attention and the approached company often aiding law enforcement in stopping the attempt. With greater corporate and public awareness of data loss and theft, it is more likely in the modern environment that competitors will call law enforcement and gain positive PR than to risk prosecution and damages by purchasing their competitor's secrets.

Leaning towards legitimacy are anonymous online comments from people claiming to have worked for T-Mobile in the past verifying that at least some of the details posted correlate with the systems and servers that they knew existed within the company. The other aspect which suggests legitimacy is the level of detail in the material posted, which amounts to a tabulated network description.

So far, based on the table of possible servers, applications, IPs and locations, there is nothing that can be done to further verify the accuracy of the claims by this unknown group. Not enough information is available to say either way, and it is now up to T-Mobile or the group to release further information that will clarify the situation. The arguments for an actual compromise are much weaker than the arguments for it not being real and it is considered much more likely that it is a hoax.

It doesn't matter which one is actually true at the moment. The very public offer for sale of the material is going to cause more harm than good for the group behind it. For the seventh largest telecommunications provider in the world (Morgan Stanley, 2008), with 32 million customers in the US alone, T-Mobile is a very large target to be taking on, and the use of an anonymising email service may not be as secure as the group thinks it is, with Safe-mail keeping their client data protected up to the point it is necessary to comply with legal requirements, something that is probably going to happen soon.

It is staggering to think how much data is represented by what the hackers have claimed and how long it must have taken to exfiltrate that information from the corporate networks, if the hackers do have it, all without the awareness of T-Mobile's Information Security staff.

Other claims have been made that the group responsible is the same one that claimed to have penetrated Checkpoint, extracting the full source code for VPN1.

At the end of the day it could just be another bit of drama played out on the Full-Disclosure mailing list, but it could also be the first public sign of one of the most significant network breaches in recent history.

Update : Looking for more up-to-date information? A follow-on article has been published and can be read here.

8 June 2009

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.