T-Mobile confirms hackers' info is legit
The information posted over the weekend by hackers who claimed to have hacked T-Mobile is legit, T-Mobile now says. But, it's not clear that the hackers have the full access to T-Mobile systems they claim.
On Saturday, hackers posted what appear to be logfiles taken from T-Mobile's networks to the Full Disclosure mailing list, claiming to have hacked the carrier "We have everything, their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009." they wrote.
Earlier today T-Mobile said it was investigating the hack, but they've now updated their statement, saying that they've identified the file that was copied, but noting that the fact that the hackers got this file doesn't necessarily mean that they have "everything," as claimed.
An e-mail I sent to the pwnmobile@safe-mail.net address listed by the hackers bounced, so I can't ask them questions directly.
Here's T-Mobile's latest statement:
"To reaffirm, the protection of our customers' information and the security of our systems is paramount at T-Mobile. Regarding the recent claim on a Web site, we've identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers. We continue to investigate the matter, and have taken additional precautionary measures to further ensure our customers' information and our systems are protected. At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible."
If they really do have access to everything, why didn't they post a sample of the really good data? These guys claim they're trying to sell the information. Wouldn't that drive up the value?
The real question, though, is do they have any customer data?
Paul Davie, founder of data security specialist Secerno says probably not though. He told me, "If I were a customer of theirs I wouldn't immediately be worried. If these guys have personally identifiable information, then they would have exposed enough of that to give credibility to the story, because it's going to massively increase the value of what they're going to sell. So I suspect that they don't have that kind of thing."
Who knows, maybe they got the info from an insider? Maybe it came from a computer they bought on E-Bay? Still, a little more disclosure from T-Mobile would reassure me, if I were a customer.
UPDATE TUESDAY JUNE 9 -- 11:53 AM PACIFIC
T-Mobile has now isued a new statement, dropping the reference to them identifying the file in question and saying there is no evidence that their information has been compromised. It looks like they've gone the "little less disclosure" route. So what was this document they were talking about? Emphasis in the statement is mine.
"Following a recent online posting that someone allegedly accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected. T-Mobile continues to monitor this situation and as a precaution has taken additional measures to further ensure our customers' information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible."
Print
On Saturday, hackers posted what appear to be logfiles taken from T-Mobile's networks to the Full Disclosure mailing list, claiming to have hacked the carrier "We have everything, their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009." they wrote.
Earlier today T-Mobile said it was investigating the hack, but they've now updated their statement, saying that they've identified the file that was copied, but noting that the fact that the hackers got this file doesn't necessarily mean that they have "everything," as claimed.
An e-mail I sent to the pwnmobile@safe-mail.net address listed by the hackers bounced, so I can't ask them questions directly.
Here's T-Mobile's latest statement:
"To reaffirm, the protection of our customers' information and the security of our systems is paramount at T-Mobile. Regarding the recent claim on a Web site, we've identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers. We continue to investigate the matter, and have taken additional precautionary measures to further ensure our customers' information and our systems are protected. At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible."
If they really do have access to everything, why didn't they post a sample of the really good data? These guys claim they're trying to sell the information. Wouldn't that drive up the value?
The real question, though, is do they have any customer data?
Paul Davie, founder of data security specialist Secerno says probably not though. He told me, "If I were a customer of theirs I wouldn't immediately be worried. If these guys have personally identifiable information, then they would have exposed enough of that to give credibility to the story, because it's going to massively increase the value of what they're going to sell. So I suspect that they don't have that kind of thing."
Who knows, maybe they got the info from an insider? Maybe it came from a computer they bought on E-Bay? Still, a little more disclosure from T-Mobile would reassure me, if I were a customer.
UPDATE TUESDAY JUNE 9 -- 11:53 AM PACIFIC
T-Mobile has now isued a new statement, dropping the reference to them identifying the file in question and saying there is no evidence that their information has been compromised. It looks like they've gone the "little less disclosure" route. So what was this document they were talking about? Emphasis in the statement is mine.
"Following a recent online posting that someone allegedly accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected. T-Mobile continues to monitor this situation and as a precaution has taken additional measures to further ensure our customers' information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible."
Previous Post: Here's a new one: the blackout caused a virusNext Post: Was T-Mobile hit with Kaminsky DNS attack?
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
