Between warrantless wiretaps, the ability to listen in on you via your turned off cell phone, prisoners using cell phones to run their criminal enterprises from prison, and so on, that someone may have hacked a carrier’s customer database seems so 90’s. Almost quaint. Almost.
And that picture to the left? Click it to order a book on hacking cell phones.
Claims have been made by an unknown party that they have compromised the US cellular network carrier T-Mobile and have managed to extract all of the corporate data, including databases, confidential documents, scripts and programs from company servers and full financial data up to the present time.
Issuing the public announcement over a weekend means that it is going to take some time for T-Mobile to investigate the claims and make a formal statement, but already there are elements which suggest scam, and some which suggest that the material is legitimate.
[…]
So far, based on the table of possible servers, applications, IPs and locations, there is nothing that can be done to further verify the accuracy of the claims by this unknown group. Not enough information is available to say either way, and it is now up to T-Mobile or the group to release further information that will clarify the situation. The arguments for an actual compromise are much weaker than the arguments for it not being real and it is considered much more likely that it is a hoax.
[…]
It is staggering to think how much data is represented by what the hackers have claimed and how long it must have taken to exfiltrate that information from the corporate networks, if the hackers do have it, all without the awareness of T-Mobile’s Information Security staff.
It probably was an inside job. There’s an employee or a previous employee who took the information with him/her.
This kind of data theft happens at an astounding rate and continues to happen on a daily basis, so it’s certainly within the realm of possibility. Companies should be liable if customers’ information is not competently secured.
My issue is that even for an emplyee to get more than some of it seems unlikely.
People have access on a need to know bases and if you are in one department you do not need to know what some other department is doing.
Only someone at the top would have access to all accounts and maybe not directly then. It would not all be saved in the same places, the same machines, or the same data bases.
..”It’s good to be The King”
-not for nothing, but the potential for this problem has been around for at least least a decade.
who needs to hack??
me being a private contractor for small companies, i’ve set up about a dozen small company computer systems [and taken over computer system maintenance for half as many] (11 nodes or less)
my typical policy with backups is “cover yourself, cover yourself, cover yourself”
3 backups. -one stays on site, one goes home with the boss and one comes home with me. if the data set is small, a fourth [weekly] goes home with the “trusted employee”
i know several people with high end law firms that have several years of case work at home (myself -3 years worth of law and company data)
it’s nothing for a private tech to “go rogue” or perhaps, have his car or home broken into and have this data stolen during a clean sweep..
IMO..stories like these are being thrown out into the public mindset so people bend over and grab their ankles with glee when the new policies around the corner dictate that you can be stopped and have your car or person searched if some storage medium is seen in plain sight.
Call me paranoid, but this is the writing on the wall. soon, a USB key around your neck will be probable cause.
–you know, because it might be Clinton’s lost archive data or some other malarkey in the name of National (or personal) Security.
-s
On Amazon, “Only one left in stock, …”. I have patched my 2G mobile to send me it’s location, using cell tower triangulation data, but using one as a bug or a surveillance camera, is quite something else in complexity. It looks like an interesting book.
The register is posting that the hack is genuine.
I use T-Mobile but I didn’t give T-Mobile hardly any personal information, and they didn’t ask for it luckily.
T-Mobile is mostly a good company.
Their main problem is that they outsourced support to the Philipines and those people speak atrocious English.
#7 i would have to agree in part..
i use T-Moble as well, and never have any problems with transmission service.
I’ve never had the need to deal with customer support, so i have no experience there and cannot comment in good faith.
I have only ever used Burners, or Throwaway Phones. I have never owned a Mobile on contract.
(i waited very patiently for throw away phones to finally go to the one year roll over minute model before i ever bothered with Mobiles..)
-Being behind the scenes in the computer domain since the late 70’s i know how *lax* security technically is and as such, have always actively made an effort to keep the smallest possible foot print where anything attached to my name is concerned.
End result: no paper trails if possible. i don’t use credit cards and transact in cash or (money orders) whenever possible.
you know, KISS-Keep it Simple Stupid.
works for me.. 😀
-s