Speculation about hacker break-in at T-Mobile USA

Following an ominous posting on the Full Disclosure security mailing list, it's now widely rumoured that T-Mobile USA's systems have been compromised. Unidentified perpetrators claim to be in possession of database content (including client databases), confidential documents and programs from T-Mobile servers. The post says that they've offered to sell the data to competitors, but "they didn't show interest", so now they're on sale to the highest bidder. A list of server and database systems attached to the post, showing names, operating systems and IP addresses, was provided as evidence of the validity of the claim.

The Washington Post is reporting that T-Mobile USA has already started investigating the matter. The results obtained so far tend to take the wind out of the hackers' sails, as T-Mobile says that the data listed came from a document that was identified during the investigation. The company believes that the possession of the document data doesn't represent a threat or endanger the security of customers' data. Nevertheless, T-Mobile says it has taken additional measures to protect customers and systems and, if further investigation shows "any evidence that customer information has been compromised, we would inform those affected as soon as possible."

The way in which the unknown parties are offering the data, however, suggests it to be a scam, as potential buyers are unlikely to respond in a public forum. Professional hackers would have offered that kind of data on the underground black market. In 2008, the same unknown parties claimed to have broken into Checkpoint networks, the Israeli firewall and VPN manufacturer, and offered to sell information on Full Disclosure in the same way.

(crve)