Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

302 comments

nice! (-1, Redundant)

hh4m (1549861) | more than 5 years ago | (#28243867)

all your data are belong to us!

Notty (1)

Frosty Piss (770223) | more than 5 years ago | (#28244121)

There is no mention of this in the press. Perhaps it's because this is just some trouble makers whipping up a scam story? Is there any real evidence that this hack has actually occurred? No...

Re:Notty (1)

John Hasler (414242) | more than 5 years ago | (#28244149)

After all, the "press" is so fast on the uptake on this sort of thing.

Re:Notty (0)

Anonymous Coward | more than 5 years ago | (#28244349)

I'll bet you're pretty reflective in all your tinfoil.

Scamtastic!? (0)

siloko (1133863) | more than 5 years ago | (#28244167)

Liquid Matrix [liquidmatrix.org] has a link to the same story but they say as of 22 hours ago it has not been confirmed by T-Mobile . . .

Re:nice! (5, Funny)

hurfy (735314) | more than 5 years ago | (#28244501)

Does this mean service will improve?

worthless data! (1, Funny)

hh4m (1549861) | more than 5 years ago | (#28243873)

"We already contacted with their competitors and they didn't show interest in buying their data" LOL... seems like its worthless!

Be warned! (5, Interesting)

siloko (1133863) | more than 5 years ago | (#28243905)

Funny - I get an fraud warning from the link disclosing the breach . . . Opera being over-sensitive I think. "This site is known to distribute malicious software" - NMap has got such a bad name!!

Re:Be warned! (5, Informative)

Ethanol-fueled (1125189) | more than 5 years ago | (#28243925)

Noscript on Firefox throws a "potential XSS attempt" warning.

Re:Be warned! (1)

ae1294 (1547521) | more than 5 years ago | (#28244343)

NMap has got such a bad name!!

HA! It's damn funny when people claim NMap to be a hackers tool. I for one, like checking my system for open ports, DAMNIT.

Re:worthless data! (4, Insightful)

John Hasler (414242) | more than 5 years ago | (#28244183)

What is there in this data that would cause an AT&T executive to risk losing his job and perhaps going to prison?

Re:worthless data! (1)

drinkypoo (153816) | more than 5 years ago | (#28244337)

If you were AT&T, and someone sent you some spam advertising T-Mobile's customer lists, would you be interested? No? Me neither.

Re:worthless data! (5, Insightful)

plover (150551) | more than 5 years ago | (#28244545)

If I were an AT&T official and they contacted me? I'd absolutely be interested. I'd also be on the phone to internal corporate security and the FBI before I finished reading the email.

If this story is true, those are some mighty bold thieves. AT&T probably has more resources than anyone else on the planet for tracking down the originator of that communication. For that matter, AT&T are probably the ones the FBI contacts when they want to hunt down a bad guy, so you know there's a long relationship there, too.

Times may be tough, but various competing corporations often have informal and even friendly relationships with each other when it comes to Loss Prevention departments. They share info on thieves and threats, and despite outward animosity between two competing companies, their L.P. departments do tend to help each other out with situations like these. I know that's the case in retail, where organized crime investigations actually can have cooperation between companies like Walmart and Best Buy. There's definitely an "old boy's network" behind the scenes as these employees shift between companies and don't forget their old friends. It's a lot like the cop brotherhood (in part because many of the L.P. staffs are actually retired cops.) AT&T likely wants these guys caught almost as much as T-Mobile does.

Why.... (1, Interesting)

Darkness404 (1287218) | more than 5 years ago | (#28243877)

Why isn't this stuff encrypted? For the few places that would need the data why not have a special viewer that would decrypt the stuff thats sensitive?

Re:Why.... (5, Insightful)

tftp (111690) | more than 5 years ago | (#28243895)

Why isn't this stuff encrypted?

My guesses: legacy, convenience, lack of care, lack of duty.

Re:Why.... (5, Insightful)

bi_boy (630968) | more than 5 years ago | (#28243915)

My guess is the conversations go like this:

Front-line Manager: We need to encrypt our dataz.
Middle Manager: How much will this cost?
Front-line Manager: (insert any number)
Middle Manager: No.

Re:Why.... (5, Insightful)

N7DR (536428) | more than 5 years ago | (#28244425)

As a purveyor of security software (to a different industry), I've seen countless times that almost always the conversation really does go along an only slightly-less direct route:

A. We need to secure X
B. How much does it cost?
A. (insert any dollars)
B. Do we have to spend that?
A. We do if we want to be reasonably secure.
B (thinks... We're smart people; we can install a few firewalls; that'll keep the Bad Guys out)
B. (Having insight) But this is like insurance, right? If we keep people out of the network, we don't get anything for those dollars.
A. Well, sort of, I suppose so.
B. Right, we'll save those dollars.

---

You have to assume that Bad Guys CAN get into your network if they really want to. Because the truth is, whatever your in-house people have told you, they can. Of you doubt me, talk to people whose job is to break into networks. All the ones I've known will tell you that 100% of targeted commercial networks fall to a concerted attack.

When they do fall, security's job is to make sure, at a minimum:
    1) the Bad Guys can't learn anything useful
    2) the Bad Guys can't interfere with the service you're selling
    3) there's a high probability that you'll detect the event and be able to track the Bad Guys

B's insight isn't a bad one at all... security *is* a kind of insurance. Which means that most of the time, if you have a well-designed system you really are "wasting" the dollars. But one day you or your successor will regret those "saved" dollars.

B's job really is to make a proper cost/benefit analysis. My experience is that that almost never happens. They either just "save" the dollars without thinking or, more often, either a) look to what their competition is doing or b) assume that the risk is so small ("we haven't been hacked so far") that it's not worth spending any money.

Re:Why.... (5, Insightful)

Tanktalus (794810) | more than 5 years ago | (#28243931)

What stuff? You mean the raw database? Theoretically, there are various layers of security here: firewalls to the outside, authentication to particular views on the inside where only data you Need To Know is available to you, and proper firewalls on each database server to limit access to the database port(s) and probably ssh.

If the hackers could get through all of this, they must be *very* good. More likely, however, is that they have someone on the inside which bypasses all of this. And it would bypass the encryption on the data anyway since s/he obviously already had Need To Know to get at the data anyway, and thus would have the decryption key. There isn't much a corporation can do against an insider that needs that info just to perform the job they were hired to perform.

Re:Why.... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#28244009)

If the hackers could get through all of this, they must be *very* good.

Practical computer security typically has more to do with those responsible for maintaining the security getting sloppy or being un-knowledgeable than with some extreme degree of skill or knowledge on the part of those penetrating the system.

Re:Why.... (0)

Anonymous Coward | more than 5 years ago | (#28244117)

They are a bunch of kids with an insider. Just read the disclosure.

"We already contacted with their competitors and they didn't show interest in buying their data
Please only serious offers, don't waste our time.

Contact: pwnmobile@safe-mail.net"
Yea, good luck with that Mr Pwnmobile. Do you accept paypal?

Re:Why.... (3, Funny)

AuMatar (183847) | more than 5 years ago | (#28244235)

I emailed them with my very serious offer. And from another account asking them to plz send me teh codez. No response yet :(

Re:Why.... (1)

SharpFang (651121) | more than 5 years ago | (#28244333)

Once you have access to the filesystem of the machine that runs the database, all the Need To Know restrictions are null and void, you just grab the database file. And that tends to be one firewall + one host away from The Wild.

Re:Why.... (1)

Brian Gordon (987471) | more than 5 years ago | (#28243955)

Well for one thing they have to actually use a lot of this data on a day-to-day basis. And if hundreds of call operators have to know to what address to dispatch repair crews et al, there's really no securing it.

I'm not surprised by breaches like this at all. So many people have access to this data it's unreasonable to assume it's secure. I just huddle in the herd of helpless millions and hope that sheer numbers protect me. Oh, and it helps to live the student lifestyle with only a few transactions a month on my bank account.

Re:Why.... (4, Interesting)

jythie (914043) | more than 5 years ago | (#28243977)

Who said it was not encrypted?

Re:Why.... (4, Funny)

ae1294 (1547521) | more than 5 years ago | (#28244393)

Who said it was not encrypted?

Yes, they used CSS encryption but those damn hackers broke the law and circumvented it using something called DeCSS...
When is the government going to put a stop to this sort of thing and protect us!

Re:Why.... (2, Insightful)

blitzkrieg3 (995849) | more than 5 years ago | (#28244419)

There is no way to know and it's a moot point. Presumably they attacked the systems while they were live, so the information would have been decrypted anyway in order for the database system to access it. There is also the inside job scenario that someone outlined above.

Encryption doesn't really matter in this type of break in, it's more for "oh shit I left my hard drive and laptop in an airport" type of scenarios.

Using the data for good purposes (1, Insightful)

otter42 (190544) | more than 5 years ago | (#28243897)

Now, I'm not going to cheer crackers breaking into a private corporation's data services. The breech has tremendous privacy implications, and a lot of these fall squarely on the head of the consumer. However, I'd like to see a silver lining to this by seeing the data employed to put paid to the idea that SMSes have to cost so much. Time after time, the data has shown that SMSes *should* be giant cash cows for these monopolistic entities, but lacking internal financial data it has always been difficult to make an issue out of this at Congress. Of course the cell companies have every interest to keep this data private, but maybe in this case T-Mobile won't have the choice.

Re:Using the data for good purposes (5, Insightful)

93 Escort Wagon (326346) | more than 5 years ago | (#28243963)

However, I'd like to see a silver lining to this by seeing the data employed to put paid to the idea that SMSes have to cost so much.

Yeah, the hackers have sure demonstrated their high ideals by offering the data for sale to the highest bidder. I'm sure they're all just wonderful people who are only thinking of the greater good.

And yes, that was sarcasm. In truth, my opinion of these guys couldn't be much lower than it currently is.

Re:Using the data for good purposes (1)

repvik (96666) | more than 5 years ago | (#28244033)

Time after time, the data has shown that SMSes *should* be giant cash cows for these monopolistic entities, but lacking internal financial data it has always been difficult to make an issue out of this at Congress.

Why should Congress bother with SMS pricing? Isn't that what competition is for?

Re:Using the data for good purposes (2, Insightful)

WhatAmIDoingHere (742870) | more than 5 years ago | (#28244085)

Except that's not what's happening. Instead of competing, everyone's saying "we'll charge the same rate per message" while that same rate is still insanely high.

Re:Using the data for good purposes (1)

stephanruby (542433) | more than 5 years ago | (#28244323)

Actually no, there are several providers who provide unlimited SMS for a small fixed price.

Re:Using the data for good purposes (1)

LilGuy (150110) | more than 5 years ago | (#28244533)

$10 a month isn't that small..

Re:Using the data for good purposes (4, Insightful)

otter42 (190544) | more than 5 years ago | (#28244185)

Why should Congress bother with SMS pricing? Isn't that what competition is for?

Why? Because the cell providers are monopolies, created in part through the (very necessary) restriction of broadcast frequencies. Contrary to popular opinion, government *is* supposed to do good things for its citizens. I really admire that the EU has chosen to take the cell providers over there head-on, forcing them to lower rates. I disagree with how they did it, but that's only because they chose to regulate maximum prices instead of just breaking the monopolies up.

So when there were sufficient cell companies to have competition, American cell prices were the lowest in the world by far. Now that all the small players have been gobbled up, and we're only left with effectively three companies, there is no more competition.

Re:Using the data for good purposes (0, Troll)

cdrguru (88047) | more than 5 years ago | (#28244247)

Well, I think DVD's cost too much. Shouldn't the government step in there as well? How about cars? They cost too much, don't you think?

While the government is at it, shouldn't all prices have to be approved, regulated and reviewed periodically by the government? I mean if one grocery store in LA is charging $0.15 for an apple and one in Seattle is charging $0.30 isn't there some gouging going on here? Shouldn't we just have the goverment set all prices for all goods and services? Wouldn't that be more fair?

Short answer: no.

Re:Using the data for good purposes (2, Insightful)

otter42 (190544) | more than 5 years ago | (#28244299)

Ah, but these are not governmental-backed monopolies that are essential to life, now are they? Don't like GM, but something else (everyone else sure did). DVD too expensive? Rent it, watch another movie, or just pass it up.

Telephone, internet, electricity, or water too expensive? Too bad, suck it up and pay, because by all normal metrics, these are the basic tenets of modern life.

So when the few remaining cell phone operators pretty much simultaneously raised rates on SMSes, at a time when the whole gov't was turning a blind eye to any form of regulation (thus leading to the current world-wide crisis), smacks strongly of collusion. Which is when the gov't is supposed to intervene.

Guys, busting up AT&T was the *best* thing that ever happened to American telecommunications. To believe some people here on /., that should never have happened.

Re:Using the data for good purposes (2, Informative)

vlm (69642) | more than 5 years ago | (#28244443)

Well, I think DVD's cost too much. Shouldn't the government step in there as well?

One, two, maybe three cellphone providers here, with the number of competitors artificially limited by government regulation to prevent interference and/or accept bribes. That is no free market and has no competition because of government force. So it needs price regulation.

Seven pages of DVD manufacturers here to scroll thru:
http://en.wikipedia.org/wiki/List_of_DVD_manufacturers [wikipedia.org]
Now that is a free market... No need for price regulation due to intense competition.

How about cars? They cost too much, don't you think?

One, two, maybe three cellphone providers here, with the number of competitors artificially limited by government regulation to prevent interference and/or accept bribes. That is no free market and has no competition, because of the government licenses. So it needs regulation.

This page lists "44 top automobile manufacturers" Presumably there are far more than 44, if this is only the top 44. That is a free market, no need for price regulation due to extreme competition.
http://en.wikipedia.org/wiki/Automotive_industry [wikipedia.org]

While the government is at it, shouldn't all prices have to be approved, regulated and reviewed periodically by the government? I mean if one grocery store in LA is charging $0.15 for an apple and one in Seattle is charging $0.30 isn't there some gouging going on here?

Three, maybe four cellphone providers provide service here, with the number of competitors artificially limited by government regulation to prevent interference and/or accept bribes. That is no free market and no competition because of the government license structure. So it needs government price regulation to fix the problem the government caused.

http://local.yahoo.com/CA/Los+Angeles/Food+Dining/Grocery+Stores [yahoo.com]
Lists 5106 grocery stores in LA. Plenty of competition and free market. No need for price regulation due to intense competition.

http://local.yahoo.com/WA/Seattle/Food+Dining/Grocery+Stores [yahoo.com]
Only lists 897 grocery stores in Seattle. Plenty of competition and free market. No need for price regulation due to intense competition.

Shouldn't we just have the goverment set all prices for all goods and services? Wouldn't that be more fair?

For cellphone service, it sets all the operational rules and FCC regulations and basically controls the company with no difference between the small number of providers except capital structure, so the govt has the responsibility to complete it's work and set the price so as not to screw the customer, because it is an inherently non-capitalistic non-free market non-competitive system due to government interference (more so that usual, anyway).

Short answer: no.

Short answer: yes.

Re:Using the data for good purposes (1)

AuMatar (183847) | more than 5 years ago | (#28244275)

If it was an internet service I'd agree with you, because anyone could start a competing service. But the airwaves are a limited resource overseen by the government. It's within the government's purview to oversee pricing on services using them, to keep things fair for the consumer and ensure efficient utilization of the resource. Although with the availability of unlimited text plans and data plans (IM is a substitute for text), even though the rates are rip off level I don't think its needed here.

Re:Using the data for good purposes (4, Insightful)

Anonymous Coward | more than 5 years ago | (#28244051)

However, I'd like to see a silver lining to this by seeing the data employed to put paid to the idea that SMSes have to cost so much.

They don't have to cost so much. In fact, the cost of providing SMS service is next to nothing - it's an afterthought that runs in the cell phone control channel.

HOWEVER, in the real world, the price of a product/service doesn't depend on the cost to provide the service, it depends on what people are willing to pay. The fact that so many people are willing to pay high prices for SMS reflects supply & demand.

Personally, I never send SMS. If I want to talk to you, I'll call you. Otherwise I'll send email. But I seem to be in the minority.

A better question is why is there so little competition in SMS prices - is there collusion to avoid competition?

Re:Using the data for good purposes (4, Interesting)

bnenning (58349) | more than 5 years ago | (#28244191)

A better question is why is there so little competition in SMS prices - is there collusion to avoid competition?

Yes. The marginal cost is very close to zero, so when all the telecoms raise prices nearly simultaneously as they did a few years ago, collusion is by far the most likely explanation.

Re:Using the data for good purposes (2, Insightful)

Anonymous Coward | more than 5 years ago | (#28244579)

Also, since customers can't easily switch companies due to contract terms, there is not enough fluidity in the market such that a company which lowers prices can quickly attract customers from another corp, and lead to a price war or reduction in prices.

Re:Using the data for good purposes (1)

Brian Gordon (987471) | more than 5 years ago | (#28244071)

I'd like to see the press try to publish analyses of the data. Admitting you have a copy of it is probably about as good as burning down your server farm because you'll never see any of your computers again.

Re:Using the data for good purposes (1)

DaveV1.0 (203135) | more than 5 years ago | (#28244125)

Time after time, the data has shown that SMSes *should* be giant cash cows for these monopolistic entities

Please do so now, in detail, with references containing verifiable data on the costs.

Re:Using the data for good purposes (4, Informative)

otter42 (190544) | more than 5 years ago | (#28244259)

Please do so now, in detail, with references containing verifiable data on the costs.

I'm guessing you don't understand how SMSes work. You do realize that they are effectively free for the cell phone company, right? Your cell phone is already sending this kind of message every time it reports back to a tower. It's just that most of the message is empty, but the bandwidth is still used. So, by piggy-backing a human-to-human message onto the cell-to-tower report, you get an SMS that has an effectively $0.00 incidental cost.

That's point #1. Point #2 is that an SMS is an amazingly small amount of bandwidth compared to voice, and yet it costs far more than voice.

Point #3 is linking back to /. http://tech.slashdot.org/article.pl?sid=08/01/29/0244208 [slashdot.org]

Of course, I could go on and on, but that would be saving you all the fun of independent research. I'm certain that if there are still things bothering you after you've read this (and don't miss the EU's current action against the European cell pseudo-monopolies!), people here will be happy to help.

Re:Using the data for good purposes (-1, Flamebait)

DaveV1.0 (203135) | more than 5 years ago | (#28244475)

Well, shithead, I do know how they work, because I work in the industry. Do you?

Oh, and that article you linked to, it is wrong. I notice he left out about 90% of the costs of a text message, and if you worked in the industry you would know that.

Until you want to answer the fucking question, shut the fuck up.

Re:Using the data for good purposes (1)

drinkypoo (153816) | more than 5 years ago | (#28244263)

It takes one or two packets to send a short message and it takes thousands of packets per minute to do voice. They are sent on and routed by the same network as the voice communications. YOU do the math.

Re:Using the data for good purposes (-1, Troll)

DaveV1.0 (203135) | more than 5 years ago | (#28244513)

Do as I said or admit you are an ignorant shithead and shut the fuck up. As of now, those are you only two options, dumbass.

Re:Using the data for good purposes (2, Insightful)

cdrguru (88047) | more than 5 years ago | (#28244139)

So what? Are you just complaining because the price is high, or are you prevented from using SMS services because of the pricing?

What possible relationship should the price to the consumer have to what is really costs? Do you believe there is any relationship between consumer products and the price charged? If you do, you are sadly mistaken. The prices to the consumer have nothing to do with "costs", especially material costs. It has to do with what the market will pay. If they charge $1 a message and people will pay it, that is the price.

And why would you want the government to get involved? Do you think the government should regulate all prices? Did you think the price of a car is closely tied to the cost of the materials? How about books? Do you think a 100 page book absolutely has to cost less than a 200 page book? Aren't you confused when you go to the store and the prices do not reflect this? Should the government fix this problem?

No, the government shouldn't have anything to do with this. A bit of education will teach you that prices have nothing whatsoever to do with costs - lots of stuff is sold for less than it costs to make it. Plenty more stuff is sold for way, way more than it costs to make it.

Re:Using the data for good purposes (2, Interesting)

otter42 (190544) | more than 5 years ago | (#28244357)

Why am I complaining? Because I believe very firmly that in the past few years the telecommunications market has fallen victim to collusion.

It seems that many /.ers confuse the price people will pay with the correct price. See, the price you will pay is NOT the right price. The maximum price you will pay, correlated to the minimum price the supplier will charge, is the right price. That's where monopolies, duopolies, and collusion break things up. They make it so that the minimum price the supplier will charge is never reached, as they intentionally limit supply.

If you want a more abstract example of the harm that high SMS prices do, in a market where it's nigh impossible to break in, ask yourself why SMSes aren't more integrated into everyday life. I don't just mean human-to-human messages. I mean things like controlling your home thermostat. Or having your bike or car report its location, speed, etc. There are lots of uses for these kinds of short messages, but the insanely high cost per byte makes it completely prohibitive.

Re:Using the data for good purposes (0)

Anonymous Coward | more than 5 years ago | (#28244441)

breech (brch)
n.
1. The lower rear portion of the human trunk; the buttocks.
2.a. A breech presentation or delivery. b. A fetus in breech presentation.
3. breeches - a. Knee breeches. b. Informal Trousers.
4. The part of a firearm behind the barrel.
5. The lower part of a pulley block.

Which of these definitions fit?

Look on the bright side.. (5, Insightful)

nanospook (521118) | more than 5 years ago | (#28243899)

Maybe the hackers can offer better service?

Re:Look on the bright side.. (1)

samexner (1316083) | more than 5 years ago | (#28244575)

Works fine here in Denver.

Like competitors would ever pay for this (4, Insightful)

VampireByte (447578) | more than 5 years ago | (#28243909)

From the "hackers" We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are offering them for the highest bidder. Seriously, how do they think T-Mobile's competitors are going to legally pay and use such information?

Re:Like competitors would ever pay for this (0)

Anonymous Coward | more than 5 years ago | (#28243935)

They don't expect them to "legally" pay for it...

Re:Like competitors would ever pay for this (1, Insightful)

Anonymous Coward | more than 5 years ago | (#28243941)

Seriously, how do they think T-Mobile's competitors are going to legally pay and use such information?

Well, what is the value of the information? I can't see it being that useful to a competing carrier.

The only thing that might be useful is a list of good customers getting close to their end of contract, so you could have a good shot at stealing their business.

Re:Like competitors would ever pay for this (2, Insightful)

jack2000 (1178961) | more than 5 years ago | (#28243959)

You think they offered it legally to the competitors?

Re:Like competitors would ever pay for this (1)

Brian Gordon (987471) | more than 5 years ago | (#28243961)

Certainly not legally...

Seems a little far-fetched to me too, but I suppose they would know better than me.

Re:Like competitors would ever pay for this (1)

hlh_nospam (178327) | more than 5 years ago | (#28244097)

I suppose there are ways to hide the transaction, but if somebody wanted to catch these thieves, couldn't they just follow the money? I do hope they are caught. I have a Tmo account.

Re:Like competitors would ever pay for this (1, Informative)

cdrguru (88047) | more than 5 years ago | (#28244179)

I think if T-Mobile isn't going to pay ransom, the hackers should just make this public and make it clear what they can do with the data they have and the access they have. To all the media. So the TV News and newspapers run with stories about how your billing records are now public information and how to look up anyone's phone records. Then add on how data can be changed by these folks with their access. Maybe you get a $10,000 bill next month if you have T-Mobile service just because. Or you get a credit. Make it random, just to confuse people.

Maybe the general public would understand that these folks pose a real risk.

Of course, what is likely to happen is ... nothing. Nothing at all.

They're in luck! (5, Funny)

Anonymous Coward | more than 5 years ago | (#28243917)

I happen to know a Nigerian Prince who would be *very* interested in their offer.

typo in summary (-1, Troll)

Anonymous Coward | more than 5 years ago | (#28243939)

claiming to own T-Mobile USA's servers

Don't you mean pwn?

If you were smart, you used a prepaid phone (0, Troll)

Anonymous Coward | more than 5 years ago | (#28243945)

If you were a T-Mobile user and smart, you didn't trust T-Mobile in the first place and used a prepaid phone and so there isn't a whole lot of data on you in the first place.

If you choose to trust a company with an enormous amount of your data, it's not a question of whether that will be abused. It's just a question of which will happen first: whether crackers will acquire it or whether the company will get into financial trouble and sell that data (or use it itself to try and make a return somehow).

Re:If you were smart, you used a prepaid phone (0)

Anonymous Coward | more than 5 years ago | (#28244223)

If you were a T-Mobile user and smart, you didn't trust T-Mobile in the first place and used a prepaid phone and so there isn't a whole lot of data on you in the first place.

Yes, but in case you didn't notice, prepaid rates are normally much higher than postpaid rates. And some types of service (like blackberry) aren't offered at all with prepaid.

Plus, you have to keep recharging your prepaid service. Are you going to do that online with a credit card? Or are you going to pay cash every time while wearing a disguise?

All UNIX/UNIX-likes (5, Funny)

Anonymous Coward | more than 5 years ago | (#28243965)

All of their production servers are running UNIX- or UNIX-like operating systems. Had they been running a Windows-only setup, this would not have happened.

Ever heard of a high-profile Windows shop being compromised during the last five years? No? Didn't think so.

Re:All UNIX/UNIX-likes (0)

Anonymous Coward | more than 5 years ago | (#28243991)

Maybe its a compromise between uptime and security..no wait, doesn't windows lose on both of those fronts?

Re:All UNIX/UNIX-likes (-1)

Anonymous Coward | more than 5 years ago | (#28244047)

Yeah, Unix is like 40 now. They should try something new like Android.

Re:All UNIX/UNIX-likes (-1)

Anonymous Coward | more than 5 years ago | (#28244111)

W0T!

Re:All UNIX/UNIX-likes (5, Funny)

2phar (137027) | more than 5 years ago | (#28244165)

You do realize you can register for free Steve, right?

Re:All UNIX/UNIX-likes (5, Funny)

BronsCon (927697) | more than 5 years ago | (#28244331)

Ever heard of a high-profile Windows shop being compromised during the last five years? No? Didn't think so.

Of course we don't hear about it anymore. It's not news!

Is that the list of compromised servers? (2, Insightful)

jsveiga (465473) | more than 5 years ago | (#28244041)

Interesting. I only saw HP-UX, SunOS, AIX and Linux. No Windows used in T-Mobile, or they could not be cracked? Or T-Mobile just don't put anything important on Windows servers?

Re:Is that the list of compromised servers? (1)

Depili (749436) | more than 5 years ago | (#28244129)

The machines seem to be the database back-ends, and most of the large scale commercial billing/accounting/whatever applications like SAP want to have a unix backend. The users were probably all using windows workstations and windows apps that just communicate with the back-ends.

Re:Is that the list of compromised servers? (1)

codepunk (167897) | more than 5 years ago | (#28244373)

Interesting, how do you think they got through the firewall in the first place?

Millions of credit cards, unprecedented access (5, Insightful)

Anonymous Coward | more than 5 years ago | (#28244073)

And the best thing they can think of doing with it all is to offer it to T-Mobiles competitors? Seriously? I can think of tons of ways to profit off of all that information.

However not one of those ways involves attempting to sell the information to companies that are legally required to report it. Or when that fails, announcing it to the public and getting every police agency in the world on my trail.

Re:Millions of credit cards, unprecedented access (1)

cdrguru (88047) | more than 5 years ago | (#28244207)

I don't think there can be much in the way of law enforcement action. No damages, yet. No idea where they might be operating from, so jurisdiction is an open question.

Re:Millions of credit cards, unprecedented access (2, Informative)

eimsand (903055) | more than 5 years ago | (#28244351)

It's my understanding that unauthorized access to a computer system is a crime in and of itself. The misuse of data and/or facilities after the hack just add separate charges and penalties. (It should be clear that I'm not a lawyer...)

Re:Millions of credit cards, unprecedented access (1)

cdrguru (88047) | more than 5 years ago | (#28244427)

Yes, but take it from someone that has many, many "unuthorized access attempts" made every day and a few that have been successful. Law enforcement begins when you can prove $25,000 (or more) in damages. No proof = no action.

Similarly, unless you know where it is coming from they aren't much interested. Even the FBI is pretty much powerless to stop a Romainian hacker until there are really major damages in the millions of dollars. And most foreign law enforcement just laughs at US companies. Sucks to be you, ha ha ha.

Re:Millions of credit cards, unprecedented access (1)

Voyager529 (1363959) | more than 5 years ago | (#28244445)

And the best thing they can think of doing with it all is to offer it to T-Mobiles competitors? Seriously? I can think of tons of ways to profit off of all that information.

So buy it from them for $10,000 and make your millions.

T-Mobile Customer? (3, Interesting)

cdrguru (88047) | more than 5 years ago | (#28244083)

If you are, you better start thinking about where to go next. Their service is now wide open. Anything transferred through their network is now questionable.

Can you afford to send an email from a smartphone and have a couple of bytes changed, say from "no" to "yes"? Or from $100 to $10,000?

Can you afford to have your phone records available to everyone on the Internet? How far back could T-Mobile's records go? Two years? Five years?

I'd say if this was played right to the media it could shut T-Mobile down in about two weeks. After all, wouldn't that be a great goal? Their inability to keep hackers out equals no reason to be in business.

Of course this was almost certainly an inside-assisted job. But then you better watch who your employees are. If you're employing people that have access to potentially sensitive data, how do you know they aren't in a financial bind and will do anything to make next month's mortgage payment? Or have some gambling debts that they have to pay or their wife will work off?

I won't be happy to see T-Mobile (really Vodaphone from Germany) go under, but if these hackers have half a brain they will take the company down. If they are just your average script kiddies this will not make to the nightly news and will have no effect on the company.

Re:T-Mobile Customer? (1)

SinShiva (1429617) | more than 5 years ago | (#28244177)

this is why IT should be paid more. 40k/y sysadmin salaries is currently the biggest joke to date, considering the creative/destructive power of the positition

Re:T-Mobile Customer? (1)

cdrguru (88047) | more than 5 years ago | (#28244345)

The problem is that the average secretary or even call center worker might have enough access to pass along just enough to allow a breakin like this.

Sure, the IT people can really hurt a company if they so choose. Which means background checks, credit reports and monitoring are all things that company are going to have to think about. They can decide to do them and piss off employees but be safer, or they can reject this and take their chances. One thing I have learned is that clearly once employees think things aren't perfect for them stuff is going to start walking out the door. Computers. Records. Lamps. Chairs. Just about anything that isn't nailed down.

Problem is, this isn't confined to IT people. Anyone that has access to do their job is a potential threat. How does a company mitigate that threat? Or do they just hope that everyone has the company's best interest at heart?

I think we are entering an age where everyone knows the employee's loyality goes just as far as the permanence of their job, and no job is permanent anymore. So everyone is out for themselves, and if they see a chance to grab some kind of a big payoff they are going to take it. Or toss a wrench into the works just to see what happens.

Re:T-Mobile Customer? (1)

SinShiva (1429617) | more than 5 years ago | (#28244423)

i thought about some of what you said after i made my post, which brought something else to mind. as you said, secretaries with information can prove to be just as damaging. even more damaging would be when it's somebody that should have an IT profession but has been unable to find such a position that pays more than the salary of peon in one fashion or another. i certainly believe this type of job required inside help, but i'd love to know what kind of position the person held. perhaps the position was closer to the distribution level, even.

Re:T-Mobile Customer? (1)

stickystyle (799509) | more than 5 years ago | (#28244367)

Are you talking USD?
I've never heard anyone offering 40k/year for an actual sysadmin, I was making that when I was 18 doing front line help desk. Heck, a quick google says the median is ~70k and I'm willing to bet the t-mobile sysadmins make a bit more than that (well, if this story is true - they are pulling in unemployment now).

Re:T-Mobile Customer? (1)

SinShiva (1429617) | more than 5 years ago | (#28244467)

USD, yes. i suppose i was referencing the smaller companies, particular in the 50-500 employee range. these are the companies that seem to think they can skim the most off the IT department.

Re:T-Mobile Customer? (5, Informative)

117 (1013655) | more than 5 years ago | (#28244231)

T-Mobile (really Vodaphone from Germany)

No, really T-Mobile (whose parent company is Deutsche Telekom) from Germany. Vodafone (not 'Vodaphone') are a UK-based company and T-Mobile's biggest rival.

Re:T-Mobile Customer? (1)

cdrguru (88047) | more than 5 years ago | (#28244293)

My mistake. I knew they were offshore and from Germany.

Yup, I am on T-Mobile, until the hackers shut them down, if they do. I'd really like to see a demonstration of "hacker power" It might get people to wake up. But we are far more likely to see nothing come from this at all. Which means that everyone gets to bear the brunt of folks like this. And law enforcement yawns and ignores everything until something really, really bad happens.

Re:T-Mobile Customer? (0)

Anonymous Coward | more than 5 years ago | (#28244295)

This does not chage the fact that email in itself is not a secure medium. Even if this were on a 'non wide-open' service provider, you can never say the same for the other end receiving the messages.

Bottom line, if you want secure communication, use an encryption mechanism like PGP and your carrier's security is not an issue.

Mod Parent Up (1)

gregarei (1001697) | more than 5 years ago | (#28244353)

Now!

Re:T-Mobile Customer? (0)

Anonymous Coward | more than 5 years ago | (#28244311)

I always hated it how other people would correct me in comments on /. It always came off very conceited and obnoxious, so forgive me if I sound the same. But Vodafone, and Deutsche Telekom are competators, and Deutsche Telekom is the parent company of T-Mobile USA. And I'm a customer of the USA affiliate and I'm very concerned.

Re:T-Mobile Customer? (1)

cdrguru (88047) | more than 5 years ago | (#28244381)

Yes, it Vodafone is wrong and Deutsche Telekom is correct.

You are right to be concerned. The key will be something like an article in WSJ or similar business-oriented publications. No story probably means either a hoax or just some script kiddies with no real agenda.

Re:T-Mobile Customer? (1)

MrMista_B (891430) | more than 5 years ago | (#28244383)

The claim itself is damaging. If these hackers are lying, with the sole intent to damage T-Mobile's reputation, then they've already wildly succeeded, and the evidence they'd have to provide wouldn't require a very deep penetration at all.

Re:T-Mobile Customer? (1)

Jah-Wren Ryel (80510) | more than 5 years ago | (#28244461)

Of course this was almost certainly an inside-assisted job. But then you better watch who your employees are. If you're employing people that have access to potentially sensitive data, how do you know they aren't in a financial bind and will do anything to make next month's mortgage payment? Or have some gambling debts that they have to pay or their wife will work off?

You can never know for certain. Even if you could know, how do you know that one of the people whose job is to watch other people isn't compromised?

Rather than require that employees have absolutely zero privacy, a far better approach is to implement business processes that are inherently self-checking. Kind of like the two-man switch for nuclear missile launches as seen in the movies. That way you limit the damage that a single compromised employee can do. While it may be possible to compromise one arbitrary employee, it is significantly more difficult to compromise one employee and the exact other employee that happens to be the one who is the other part of the process. With this approach you also gain the benefit of being more resistant to simple errors too.

Re:T-Mobile Customer? (1)

antdude (79039) | more than 5 years ago | (#28244495)

Where to though? All companies have problems. :(

Re:T-Mobile Customer? (1)

eison (56778) | more than 5 years ago | (#28244599)

What makes you think it's different anywhere else?

Expect to see... (-1)

Anonymous Coward | more than 5 years ago | (#28244161)

some hackers, killed in a shootout with police. And by police, I mean the police say they were there and heard lots of gunfire.

Scam? (1)

O'Nazareth (1203258) | more than 5 years ago | (#28244229)

We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are offering them for the highest bidder.

Does not it sound just like a scam? What about sending them one of these 419eater funny guys?

Honey Pot? (1)

mehemiah (971799) | more than 5 years ago | (#28244271)

what if they just got a very convincing Honey Pot ?

Re:Honey Pot? (1)

kabloom (755503) | more than 5 years ago | (#28244313)

What if they just invented the list of machine names as a hoax, how would anyone know that these hackers have been successful? What kind of proof is there that this was an actual computer hack, and not just a consumer panic hack by someone who has no access to T-Mobile's network?

Before I hit the panic button (5, Insightful)

forgottenusername (1495209) | more than 5 years ago | (#28244405)

I'll wait for some validation. Cuz, you know;

prodsrv1|192.168.1.200|root@cia.gov sekret files|for realz|RHEL4

isn't especially convincing.

Even if it's a real list, it could be something as simple as a pilfered company document off a laptop, a script-kiddie wannabe hacker employee showing off to his friends on IRC, or any of a hundred scenarios.

Do I doubt it's difficult to own a bunch of HP-UX boxes? Nah.

Have I learned to not spastically freak out every time some random people claim they hacked something? Yah.

Trouble is, T-Mobile wouldn't exactly be forthcoming with any confirmations.

At the end of the day, you just have to plan around being hacked. You have to ensure your payment method associated with external services can handle being owned. You have to be ready for people getting your SSN and private info, since it's moronically being used for frivolous purposes everywhere.

Which is not to say you shouldn't do your best to keep your data protected and secure - I just try to plan around any data I give out to various companies being owned.

Why is this a story? (0)

Anonymous Coward | more than 5 years ago | (#28244509)

If I posted to some well-respected security mailing list that "i hacked slashdot!" and posted a bunch of gibberish....would slashdot post a story about it?

Seriously, unless there is some _real_ information (like T-mobile acknowledgment), this story doesn't belong here.

"Hackers Claim To Hit T-Mobile Hard" (0)

Anonymous Coward | more than 5 years ago | (#28244535)

Hacker: T-Mobile? I'd hit it. Hard.

So many in the black community using safe mail (0)

Anonymous Coward | more than 5 years ago | (#28244601)

Why so many in the black community using safe mail? Is it really as safe as it seems to be?
I remember some years ago, I saw a forum where there was a guy offering thousands of E tablets over his "Safe Mail" account. He was a regular supplier.

"PRIVACY: Safe-mail will not disclose information about you or your use of the Safe-mail system, unless Safe-mail believes that such action is necessary to comply with its legal requirements or process; enforce these terms; or protect the interests of Safe-mail, its members or others. You agree that Safe-mail may access your account, including its contents, for these reasons or for service or technical reasons. Please note that your Internet Protocol address is transmitted with each message sent from your account." From Safemail web site.

I wonder if Safe Mail cares about so many crimes committed used by their customers..

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...