Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacker Penetrates T-Mobile Systems

timothy posted more than 9 years ago | from the sounds-like-a-movie-plot dept.

Security 396

An anonymous reader writes "SecurityFocus.com reports 'a sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mail, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities.' Demi Moore and Paris Hilton are involved."

cancel ×

396 comments

Sorry! There are no comments related to the filter you selected.

At first ... (1, Funny)

isometrick (817436) | more than 9 years ago | (#11333980)

At first, I got "Nothing to see here" ... but Paris Hilton? Sounds like that guy had plenty to see ;-)

Re:At first ... (1)

Maestro4k (707634) | more than 9 years ago | (#11334471)

  • At first, I got "Nothing to see here" ... but Paris Hilton? Sounds like that guy had plenty to see ;-)
Nah, everyone's already seen plenty of Paris Hilton, a few grainy cell phone camera shots aren't worth anything. ;)

linkie? and recruitment (5, Insightful)

BoldAC (735721) | more than 9 years ago | (#11333982)

Genovese provided SecurityFocus with an address on his website featuring what appears to be grainy candid shots of Demi Moore, Ashton Kutcher, Nicole Richie, and Paris Hilton.

Okay, all my Karma points for a link. :)

The same source also offers an explanation for the secrecy surrounding the case: the Secret Service, the source says, has offered to put the hacker to work, pleading him out to a single felony, then enlisting him to catch other computer criminals in the same manner in which he himself was caught. The source says that Jacobson, facing the prospect of prison time, is favorably considering the offer.


As much as we make fun of the computer knowledge of our governments, they finally seem to be on the right track. You must have some of these guys in your pocket to really have a chance. Can you trust them? Probably not completely... but if they bring you some knowledge, skills, and some of the most damaging players, then it's worth it.

Re:linkie? and recruitment (3, Insightful)

JaffaKREE (766802) | more than 9 years ago | (#11334243)

I don't understand why he asked for a proxy from this dude he had just met. Really, really stupid, especially when it turned out to be a government monitoring server.

Re:linkie? and recruitment (1)

Walkiry (698192) | more than 9 years ago | (#11334342)

>Okay, all my Karma points for a link. :)

If his aren't enough I'll add my own to the lot.

Good thing he doesn't live in Soviet Russia. . . (-1)

Anonymous Coward | more than 9 years ago | (#11333988)

Because there cell networks penetrate hackers.

Criminals? (-1)

Anonymous Coward | more than 9 years ago | (#11333989)

Demi Moore and Paris Hilton are involved.

Did they write the scripts?

I'm first (-1, Offtopic)

codeconfused (834856) | more than 9 years ago | (#11333992)

I did it #1....yehaaa I'm gonna play the lottery today

Re:I'm first (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11334061)

Go ahead, more winnings for me and my welfare babies when you FUCKING FAIL IT! Not-GNAA, but word to their mothers.

Paris Hilton? (-1)

Anonymous Coward | more than 9 years ago | (#11333997)

She seems to attract "unauthorized" pictures. Sheesh, talk about an attention whore.

Get Moore !?! (4, Interesting)

rednip (186217) | more than 9 years ago | (#11333998)

Most troubling...
T-Mobile, which apparently knew of the intrusions by July of last year, has not issued any public warning.

Q: If I were a customer and I found out that my identity has been stolen, could I sue T-Mobile for any damages since they knew of the problem, or perhaps for just having breakable security?

BTW, the Black Hat's email address (and online identity) is ethics@netzero.net [mailto] and at one point was looking for work as a security administrator. Not a big surprise that he was interested in the field, but 'Ethics'!

Re:Get Moore !?! (3, Informative)

ack154 (591432) | more than 9 years ago | (#11334077)

This might be why (though there's no stating if it's the actual reason or not):
but may be postponed if a law enforcement agency determines that the disclosure would compromise an investigation
That would be my guess anyways.

Not Fair (1)

mfh (56) | more than 9 years ago | (#11334111)

Not to wear a tinfoil hat, but I think it's fair to assume that if a blackhat managed to compromise a whole system, he may have also managed to find a patsy for the whole thing. I'm not seeing the word "confessed" anywhere in that article, so perhaps they got the wrong guy? Only a proper trial will tell if he is actually the right guy or not. Geez you'd think the guy never heard of Tor or privoxy before...

If *you* are going to read the Secret Service's email, wouldn't you do it better than this?

Seems like they have the wrong guy to me. /Tinfoil Hat

Re:Get Moore !?! (5, Informative)

lucabrasi999 (585141) | more than 9 years ago | (#11334119)

Q: If I were a customer and I found out that my identity has been stolen, could I sue T-Mobile for any damages since they knew of the problem, or perhaps for just having breakable security?

RTFA:

T-Mobile, which apparently knew of the intrusions by July of last year, has not issued any public warning. Under California's anti-identity theft law "SB1386," the company is obliged to notify any California customers of a security breach in which their personally identifiable information is "reasonably believed to have been" compromised. That notification must be made in "the most expedient time possible and without unreasonable delay," but may be postponed if a law enforcement agency determines that the disclosure would compromise an investigation.

It appears that if you sue, you won't win.

Re:Get Moore !?! (5, Interesting)

lucabrasi999 (585141) | more than 9 years ago | (#11334146)

As I read even more of the FA:

According to court records the massive T-Mobile breach first came to the government's attention in March 2004, when a hacker using the online moniker "Ethics" posted a provocative offer on muzzfuzz.com, one of the crime-facilitating online marketplaces being monitored by the Secret Service as part of Operation Firewall.
"[A]m offering reverse lookup of information for a t-mobile cell phone, by phone number at the very least, you get name, ssn, and DOB at the upper end of the information returned, you get web username/password, voicemail password, secret question/answer, sim#, IMEA#, and more," Ethics wrote.

It appears the feds knew about this months ago.

Re:Get Moore !?! (1)

Trigun (685027) | more than 9 years ago | (#11334315)

Do a google search on the e-mail. He's offered to sell private info to debt collectors, and appears to be quite active on the neohapsis sites as well.

Interesting reading.

Re:Get Moore !?! (0)

Anonymous Coward | more than 9 years ago | (#11334357)

lkots of wannabes and ankle biters want this...

no not to do what everyone does and work up to administrator but start off at the >$150K level.

Duh you fucktards, NO company on this planet will hire you that way.

how can they be smart enough to hack yet too damn stupid to know anything else?

yes he was VERY stupid, bordering on the retard level.

no repsect and nothing but a HUGE diss from me and everyone else that knows that cracking is not that hard.

social engineering... that is fricking hard. Cracking your fellow humans is certianly the realm of the genius.

Sophisticated Hackers (4, Funny)

randalx (659791) | more than 9 years ago | (#11334001)

Didn't know Demi Moore and Paris Hilton were that good with computers.

Re:Sophisticated Hackers (-1)

Anonymous Coward | more than 9 years ago | (#11334242)

How else would they check the latest breast surgery prices?

Candid Photos (0)

Anonymous Coward | more than 9 years ago | (#11334007)

...and download candid photos taken by Sidekick users, including Hollywood celebrities.' Demi Moore and Paris Hilton are involved.

Bleaugh! That's punishment enough for the guy, don't you think?

Demi Moore and Paris Hilton are involved. (4, Funny)

Dragoon412 (648209) | more than 9 years ago | (#11334013)

Demi Moore and Paris Hilton are involved.

Can't it just be assumed, at this point, that if there's some major event involving porn, that Paris Hilton is involved?

Re:Demi Moore and Paris Hilton are involved. (1, Offtopic)

Stevyn (691306) | more than 9 years ago | (#11334056)

This whole thing was probably conceived to give Paris Hilton more publicity. Who cares? Why does anybody care about her?

T&A (0, Offtopic)

RLiegh (247921) | more than 9 years ago | (#11334224)

Re:T&A (1)

H3lldr0p (40304) | more than 9 years ago | (#11334386)

Neither of which she has in any amount great enough to cause a stir.

Re:Demi Moore and Paris Hilton are involved. (1)

ack154 (591432) | more than 9 years ago | (#11334168)

Can't it just be assumed, at this point, that if there's some major event involving porn, that Paris Hilton is involved?

Likely, yes. But where's the porn? They just said some candid snapshots...

The Register has an article too ... (2, Informative)

un1xl0ser (575642) | more than 9 years ago | (#11334032)

The Register's Article [theregister.co.uk]

Re:The Register has an article too ... (1)

yasth (203461) | more than 9 years ago | (#11334128)

By Kelly Martin, SecurityFocus ===== Look at the byline.

Yeah that is right syndication.

Candid and intimate photos of Paris? (0)

i_want_you_to_throw_ (559379) | more than 9 years ago | (#11334040)

Dear God what have we become?!!!! Barbarians,..one and all....

Argh... (0, Redundant)

Azrel666 (842460) | more than 9 years ago | (#11334041)

Hacker... you mean cracker?

Re:Argh... (5, Funny)

Anonymous Coward | more than 9 years ago | (#11334093)

you mean cracker?

How do you know he's white?

Re:Argh... (1, Informative)

Anonymous Coward | more than 9 years ago | (#11334185)

No, hacker. The hacker/cracker distinction is only for the inner geek circles. Hacker in the mainstream means both.

Words can have multiple meanings.

Indeed ... (1)

magicianuk (446906) | more than 9 years ago | (#11334410)

... why in some groups a "hacker" is someone who breaks into computer systems, while in others it's someone who "hacks" code fast and well (but not necessarily pre-plans the code)

And "cracker" is often used for someone who breaks the copy-protection on software products.

------------
The great thing about standards, is that there are so many of them

If a thread doesn't include pictures? (1, Funny)

gimpimp (218741) | more than 9 years ago | (#11334042)

does it really exist?

Demi Moore and Paris Hilton are involved? (1)

Atrax (249401) | more than 9 years ago | (#11334044)

Why am I not surprised?

good words (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11334048)

'Penetrates' and 'Paris Hilton' in one post. Congrats.

His Resume is posted online ! (5, Informative)

Anonymous Coward | more than 9 years ago | (#11334058)

http://lists.jammed.com/securityjobs/2001/09/att-0 059/01-RESUME_OF_NICHOLAS_JACOBSEN.txt

from his resume: (0)

circletimessquare (444983) | more than 9 years ago | (#11334226)

Email: ethics@netzero.net

ethics?

Re:from his resume: (-1)

Anonymous Coward | more than 9 years ago | (#11334424)

He offers massage, too.

Massage: (503) 287-4812

Not-so Secret Service (3, Interesting)

Vollernurd (232458) | more than 9 years ago | (#11334060)

Surely the Secret Service would encrypt anything important? I would have though that they would not have used a commercial network service like that. But then again mum always told me not to think too much.

Re:Not-so Secret Service (4, Funny)

lucabrasi999 (585141) | more than 9 years ago | (#11334256)

I would have though that they would not have used a commercial network service like that.

In other news, The President had to be reminded (again) that the White House Lobby Pay Phone should not be used to call Ariel Sharon.

Re:Not-so Secret Service (5, Insightful)

fizban (58094) | more than 9 years ago | (#11334324)

Hello? Welcome to the United States. The internet infrastructure is built and controlled by companies. It's not like our government agencies have their own internet. If a Secret Service Agent needs to send an email to the home office, he'll pick up his sidekick, his Blackberry, his Palm, his laptop, etc., connect to a service provider like T-mobile, Verizon, Comcast, etc. and send his message or store his files. Probably encrypted, but maybe not always if it's not a considered a very sensitive communication.

A lot of people have crazy delusions that secret agencies live in some far off technical wonderhome, where all communications are encrypted with some super 733t MD67 algorithm never before seen by any other person in the world, all access is controlled by handprint and retinal scan identification and everyone walks around with James Bond gadgets in their pockets. It's just not so. These people live and work in normal offices and normal homes and deal with the same crappy, bug-ridden and insecure hardware and software that the rest of us do. It's probably a bit better than your normal corporate office, but not by much.

Re:Not-so Secret Service (2, Insightful)

visualight (468005) | more than 9 years ago | (#11334459)

I don't know what they're complaining about. I thought we weren't supposed to have an "expectation of privacy" with email. So it's legal to read anyones email without violating their privacy right?

That's cracker... (-1, Redundant)

GillBates0 (664202) | more than 9 years ago | (#11334068)

"Cracker penetrates T-Mobile Systems".

Re:That's cracker... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11334148)

How do you know he wasn't black? Racist fuck.

Paris Pictures (-1, Redundant)

amightywind (691887) | more than 9 years ago | (#11334071)

Can somebody please post the Paris Hilton photos?

Re:Paris Pictures (2, Funny)

jokell82 (536447) | more than 9 years ago | (#11334109)

Can somebody please post the Paris Hilton photos?

Where is the -1 Disgusting mod when you need it?

Re:Paris Pictures (-1)

Anonymous Coward | more than 9 years ago | (#11334211)

Here you go. [southparkstudios.com] .

Wanting to know (1)

psychoandy (797773) | more than 9 years ago | (#11334079)

That notification must be made in "the most expedient time possible and without unreasonable delay," but may be postponed if a law enforcement agency determines that the disclosure would compromise an investigation.
If I was a T-mobile customer I don't know if I would be upset or not. On one hand, I understand they wanted to catch the guy. OTOH, if my account was compromised I would want to know.

Re:Wanting to know (1)

yasth (203461) | more than 9 years ago | (#11334174)

Yeah March until October 27th seems a bit long to me. (And at the time of the breach I was a Tmo subscriber).

I mean I wasn't a sidekick user, and didn't say or send anything all that important over the wap or sms, but still. Oh well doesn't look like they had the CC database compromised, though the identity theft situation is chilling.

Re:Wanting to know (1)

451 (827283) | more than 9 years ago | (#11334353)

I am a T-mobile cust. and I hope to hear if there are more than one of me out there.

I work for fraud at a bank, so I get to see some of the "handywork" that can be done with just a couple of numbers (SSN and b-date). Every application that is "fishy" is picked out, and the true owners are called to verify. Here's to hoping for a call soon (or maybe not...)

The News (5, Insightful)

DrugCheese (266151) | more than 9 years ago | (#11334086)

I bet the American public will be more flabergasted over the fact that he has pictures of Demi Moore and Paris Hilton that haven't been released then the fact he was spying on the Secret Service.

Some days I'm proud to be american, but then the drugs wear off.

Secret Service?! (1)

Raven42rac (448205) | more than 9 years ago | (#11334107)

Why are secret service members sending out e-mail from unsecured wireless access points?

Re:Secret Service?! (0, Offtopic)

Raven42rac (448205) | more than 9 years ago | (#11334251)

Bah, I misread.

Re:Secret Service?! (-1)

Anonymous Coward | more than 9 years ago | (#11334328)

MTFA

Misread the fucking (Can i say fuck here? Fuck I just said it again!) article.

This post has been made anonymously to protect the karma whores.

Re:Secret Service?! (1)

Raven42rac (448205) | more than 9 years ago | (#11334365)

ROFL. That's actually funny. One of the handful of time I have literally laughed out loud at internet jokes.

Secret Service Mail Encryption (3, Interesting)

dnno (773903) | more than 9 years ago | (#11334112)

Just because he is reading Secret Service mail doesn't mean it is important. For all we know the mail could read like this: On todays lunch menu we are not going to be having the chicken fajita due to a lack of chicken, we will be having PB & J's. Surely they have secure transmission lines (& methods of encryption) , so why would they send anything of importance over T-Mobiles network?

But how could he NOT get caught? (5, Insightful)

HawkinsD (267367) | more than 9 years ago | (#11334124)

FA says that he was offering ssn, dob, passwords, etc. for sale.

So... let's say that I want to patronize his obviously grossly illegal service. How do you consummate a transaction like this? Cash in a Fedex envelope? Sent to whom? A P.O. box?

Who performs first? Are there criminal escrow services?

And how stupid do you have to be to take out an ad online, in a known criminal hangout, announcing your secret power, and providing contact info?

Is there something I'm missing here?

No, really.

Re:But how could he NOT get caught? (1)

lucabrasi999 (585141) | more than 9 years ago | (#11334406)

And how stupid do you have to be to take out an ad online, in a known criminal hangout, announcing your secret power, and providing contact info?

Well, it might have been stupid on his part, but he was smarter than the SS agent that used a public mobile network to transmit files.

Re:But how could he NOT get caught? (1)

Quixote (154172) | more than 9 years ago | (#11334465)

E-Gold, maybe? I'm sure there are others offering "untraceable" cash transfers. Probably cash in an envelope works too.

Hmm... (5, Insightful)

404 Clue Not Found (763556) | more than 9 years ago | (#11334133)

So the guy hacks in to the network, steals personal information, downloads private pictures, sells all this stuff... and then he's able to get away with just one felony, no jail time, and even a work offer for the Secret Service?

I mean, it's not like he found a flaw and just experimented with it briefly. He deliberately exploited it over the course of a year and even attempted to profit from it. Doesn't that seem... wrong?

I understand that he would be very useful to the investigators, but what about the victims? Were there actually any? Were they affected? If so, it sure seems like the punishment was rather light. Almost encourages people to try the same thing. Is the message here "crime pays, as long as you work for the government once you're caught"?

On the other hand, how can he work as a mole when so much about his identity is already revealed? If the entire world now knows his name, has access to his resume, etc., isn't he at great risk of being identified?

And it's not just him... with all the information revealed in the news article, how can the SS's original snitch stay hidden? Wouldn't whatever hackers he made contact with obviously know who he is, now?

It's almost like watching a spy movie. Heh, well, what do I know. It all just seemed rather strange to an outsider like me, but I must admit I don't know how these things usually work. Someone wanna explain?

Also, it was interesting that they called ICQ "Microsoft ICQ". Just a mistake or did MS secretly buy AOL?

Re:Hmm... (2, Insightful)

phats garage (760661) | more than 9 years ago | (#11334208)

What, you're somehow expecting corporations and governments to be non-evil?

Re:Hmm... (1)

404 Clue Not Found (763556) | more than 9 years ago | (#11334220)

Well, I'd at least expect them to do a better job of covering it up.

Re:Hmm... (0)

Anonymous Coward | more than 9 years ago | (#11334312)

This is why they were playing this case close to their chest.

Re:Hmm... (1)

Trillan (597339) | more than 9 years ago | (#11334335)

I noticed the Microsoft ICQ point, too. Seems like the reporter made a mistake there. I'm also not sure the term "honeypot [wikipedia.org] " is appropriate.

Re:Hmm... (3, Interesting)

pegr (46683) | more than 9 years ago | (#11334378)

So the guy hacks in to the network, steals personal information, downloads private pictures, sells all this stuff... and then he's able to get away with just one felony, no jail time, and even a work offer for the Secret Service?

If you think the Secret Service won't use his skills in exactly the same way he was offering to the public before he got busted, you are mistaken. That is to say (explicitly), the Feds will use this guy to break into private computer networks and steal information of interest to them. They will keep him at arms length in case he gets caught. This is the way law enforcement (unfortunately) works...

My question is (1)

rmoonsong (848924) | more than 9 years ago | (#11334136)

How could he access the pictures taken by users? Those are only stored on the device itself not t-mobiles servers. Unless they were sent to another device but this goes on all the time and I doubt t-mobile would waste storage space keeping every picture sent on their servers. Of course I am at work and behind firewall so I could not RTFA. maybe it went more into detail on this

Picture messages, (2, Informative)

ambrosen (176977) | more than 9 years ago | (#11334206)

are uploaded to a phone company server and a link is sent to the recipient's phone, which then downloads the picture. So the content is by default stored on the company's server.

Re:My question is (1)

narf (207) | more than 9 years ago | (#11334374)

The pictures were from Sidekick devices that T-Mobile sells. Most data stored on the Sidekick is also stored on T-Mobile's servers, and is accessible through the T-Mobile website. This is sold as a security-blanket feature: if you lose your Sidekick, you can get a new sim and your new device will redownload all your information from T-Mobile.

The article did talk about how he had access to website usernames/passwords of T-Mobile users, and that was how the pictures were obtained.

Re:My question is (1)

n1ywb (555767) | more than 9 years ago | (#11334416)

Actually the pictures you take are ONLY stored on T-Mobile's servers (well technically Danger Inc.'s servers). The version you see on your phone is a low res (not that the pics aren't low res anyway) preview.

Are budget cuts that severe? (5, Insightful)

motherjoe (716821) | more than 9 years ago | (#11334140)

Why on earth is the Secret Service of the United States using T-Mobile as an ISP/Email provider?

What's next? The FBI, CIA, etc is compromised while using hotmail, Yahoo, or Google mail?

Are Gov IT cutbacks so severe they have to turn to places like this to send messages?

Re:Are budget cuts that severe? (1)

joshmccormack (75838) | more than 9 years ago | (#11334458)

...one of the crime-facilitating online marketplaces being monitored by the Secret Service as part of Operation Firewall.

They were monitoring sites that did illegal business and found out about this.

It just occured to me... (0)

Anonymous Coward | more than 9 years ago | (#11334158)

It's a known fact that whenever "penetrate" is in a sentence it results in immediate sexual enuendo. But when "hacker" is also involved it just smashes that theory all together.

Power to the nerds!

microsoft icq (1)

djb6 (158779) | more than 9 years ago | (#11334159)

Did anyone else notice them refering to microsoft icq?
At the agency's urging, the informant made contact with Myth, and learned that the documents represented just a few droplets in a full-blown Secret Service data spill. The hacker knew about Secret Service subpoenas relating to government computer crime investigations, and even knew the agency was monitoring his own Microsoft ICQ chat account.

Demi Moore and Paris Hilton are involved. (1, Funny)

aluminumcube (542280) | more than 9 years ago | (#11334173)

Ohh, well... that makes it terribly important then!

In soviet America (-1, Offtopic)

91degrees (207121) | more than 9 years ago | (#11334179)

which he used to monitor U.S. Secret Service e-mail,

In soviet russia

The criminals spy on the secret service.

Flamebait... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11334181)

In Capitalist America, you spy on the Secret Service!

How very nice of T-Mobile to not let us know (1)

gorbachev (512743) | more than 9 years ago | (#11334186)

I'm a T-Mobile customer (not for long, after this).

I already sent them a nastygram over this. What kind of irresponsible piece of s*** company not let their customers know all their information is in the hands of a hacker???

Re:How very nice of T-Mobile to not let us know (-1)

Anonymous Coward | more than 9 years ago | (#11334366)

haha your funny :D

the feds wanted to bust some big fish and they did. if tmobile had notified every customer mister ethics would have stopped to access the tmobile systems. without the evidence they gathered he would have walked free. there was no real danger to the public so them sitting by and observe was the right thing to do.

Funniest quote (3, Funny)

davetrainer (587868) | more than 9 years ago | (#11334192)

"He basically just said there was flaw in the way the cell phone servers were set up," says William Genovese, a 27-year-old hacker facing unrelated charges for allegedly
selling a copy of Microsoft's leaked source code for $20.00."

I hope it came with an 18-dollar bill.

cracker you dumb fuck! (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11334199)

it's cracker, not hacker!

Re:cracker you dumb fuck! (0)

Anita Coney (648748) | more than 9 years ago | (#11334265)

Yeah, and gay means happy too!

Re:cracker you dumb fuck! (0)

91degrees (207121) | more than 9 years ago | (#11334269)

Nope. It's a hacker. The term has been in common use since 1984. The fact that a load of geeks desperately want to reclaim it doens't mean the usage is wrong.

I have no idea why any geek would want to reclaim it though. After Jurassic park, any positive connotations are clearly lost.

You Mean (1)

cheezemonkhai (638797) | more than 9 years ago | (#11334223)

He Actually made it to and then through customer services!?!

Thats amazing :)

His resume (0)

Anonymous Coward | more than 9 years ago | (#11334244)

In his resume, one of the applications he boasts knowledge of is ... Notepad! In addition, he wants a job in IT security and manages to mention nmap way after MS Office and Photoshop in apps he knows how to use.

All in all, a strange and somewhat irrelevant resume for a guy striving to become Network Manager in the IT security field.

Re:His resume (-1)

Anonymous Coward | more than 9 years ago | (#11334418)

And now he's working for the secret service! Oh boy, I feel secure! HE KNOWS PHOTOSHOP!

Re:His resume (0)

Anonymous Coward | more than 9 years ago | (#11334439)

poser and cracker...

he will NEVER get a job doing it, companies do not care that you can pull cat-5 cable out of your ass as well as new cisco network gear.

if you are an asshole (like this one is) you do not get the jobs let alone start off at the top rung? plueese...

he needsto start at the absolute bottom... Compusa or Best Buy in house IT/computer tech.

then up to fast food then up from there.

T-Mobile Security (2, Informative)

GJSchaller (198865) | more than 9 years ago | (#11334252)

My guess is that the Secret Service was using Blackberries, which uses encrypted transmissions between the Blackberry server and the device, and even multiple encryptions, if I remember correctly (one for the message, one for the Wireless). I doubt that they were stupid enough to use unencrpyted service, when regular non-Govt. customers can have encryption (We have it here at our job on our BBs). Note that they say "emails" and not "SMS" or "Text Messages."

We know what follows now (1, Funny)

Walkiry (698192) | more than 9 years ago | (#11334263)

Cue in virus spreading under the pretense of Paris' new nude haxx0red pictures in five, four, three, two...

Most impressive that it took them a year to find him, and unsirprisingly they catched him when he tried to make a mint out of his exploiting. Remember kiddies, bragging is not good for you.

Michael Powell loves you. (1)

gelfling (6534) | more than 9 years ago | (#11334298)

The chairman of the FCC Michael "I have no idea what the public interest is" Powell is right on the case making sure your privacy is protected.

Bank on it.

ms icq? (0)

Anonymous Coward | more than 9 years ago | (#11334299)

The hacker knew about Secret Service subpoenas relating to government computer crime investigations, and even knew the agency was monitoring his own Microsoft ICQ chat account.

wow is it me or does MS own more everyday you read /.

Gets ya thinking... (2, Interesting)

jchawk (127686) | more than 9 years ago | (#11334305)

You know it seems like the reason this guy got caught was because he was sloppy with his own identity online... If he would have been more careful with the names / icq numbers / people he trusted online, it's very unlikely that he would have gotten caught.

I think he let his greed / ego get in the way when trying to offload this information that he obtained.

This really makes you wonder about the guys you never hear about, the ones that don't get caught. :-/

Re:Gets ya thinking... (0)

Anonymous Coward | more than 9 years ago | (#11334443)

This really makes you wonder about the guys you never hear about, the ones that don't get caught. :-/

Nope. Move along. No such guys. You're perfectly safe. The government catches all the bad guys. Don't worry about it.

I smell FUD (0)

shumacher (199043) | more than 9 years ago | (#11334336)

After reading about the E911 documents, and the way the intrusions surrounding them were mischaracterized, I doubt there was any Secret Service connection. At best, he intercepted a Secret Service employee text message:
PLS GO 2 MCD 4 DINNR L8 AGAN

standards board (4, Insightful)

shameus_burp (848522) | more than 9 years ago | (#11334345)

Even though I am not a T-Mobile subcriber, it's distrubing to me that my personal information is protected by the whim of a corporation and not by any standards. I think everyone is in agreement that corporations are driven by cost of security and not the security of it's subscribers. The government should fine T-Mobile for inadequet IT security and a security standards board should be created to set baseline security measures for corporations and other institutions. I'm not sure such a committee exists but it's clear to me that there are no defined rules to protect information. We have rules from the FDA in regards to food, rules to handle securities etc. Why not rules and laws to protect customer and employee information?

Re:standards board (2, Insightful)

nberardi (199555) | more than 9 years ago | (#11334409)

I agree that T-Mobile should be fined for the lack of security and anybody that has a T-Mobile should be able to drop the account with out the early fees. But setting up another level of bueracracy to do something is never the answer, and the data was probably protected by some kind of standards. But as we have seen in the last week even an Open Standard such as Linux has holes in it. I don't know what T-Mobile uses, but this problem was due to a whole in security not a lack of security.

There is always going to be some enterprising person that can get by any measure of security that you put in place, so setting up more buercracy to look at standards just makes it easier, because now the world knows how you store/protect data and thus makes it easier to find exploits.

Anyone know what to do? (1)

ThePolkapunk (826529) | more than 9 years ago | (#11334427)

I am a T-Mobile customer, and frankly I'm a bit worried. I've always been very anal about keeping my SSN etc. secret, and now it could potentially be out there in the open and fair game for anyone to use. I called up T-Mobile, but they denied that their systems had ever been compromised.

Does anyone know what I can do to find out more information about this? If my personal information has been compromised, I need to go through the whole new SSN rigmorale. I'd really appreciate it if anyone could give me some advice on how to find out for certain if this has happened.

Well, they used the right word. (1)

CFD339 (795926) | more than 9 years ago | (#11334447)

Penetration definitely occurred. And not just to T-Mobile.

Pretty much anyone who uses that services got "Penetrated" pretty well -- and if you weren't doing your work over a good vpn with encryption, well, lets just say that it probably hurt.

Resume sucked. (0, Offtopic)

Horse Rotorvator JAD (834524) | more than 9 years ago | (#11334451)

Did anyone read the "hackers" resume linked at the SecurityFocus site? It really sucked. What is it with so many people having such shitty resumes? It is no wonder that people cannot get jobs in the IT field with resumes like that.

He did not have access to credit card numbers. (1)

matth (22742) | more than 9 years ago | (#11334476)

Oh well that's a relief... had access to social security numbers, but not credit cards... weeeeeee.. I'm put at ease now...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?