Hackers claim they raided sensitive T-Mobile information

Share this article:
Story updated on Monday, June 8 at 3:12 p.m. EST

Hackers are claiming they have plundered T-Mobile computer systems of sensitive company and customer information and are planning to sell it.

The intruders allegedly stole "everything, [including T-Mobile's] databases, confidential documents, scripts and programs from their servers, [and] financial documents up to 2009," according to a note they posted Saturday on the Full Disclosure mailing list.

The anonymous authors of the note left a contact email address, but a message sent to that account by SCMagazineUS.com received an error return message on Monday.

The letter included claims that the hackers are trying to sell the stolen goods to the highest bidder.

"We already contacted with their competitors and they didn't show interest in buying their data -- probably because the mails got to the wrong people -- so now we are offering them to the highest bidder," the post said. "Please, only serious offers. Don't waste our time."

In addition, the letter includes about 10 pages of what appears to be files allegedly stolen from T-Mobile.

A T-Mobile spokeswoman told SCMagazineUS.com on Monday that she could not provide any information about the incident, but the company was looking into it.

Paul Davie, founder of database security firm Secerno, said that if the story is true, the hackers likely pilfered the data in one of two ways: Either they installed data-sniffing malware to capture data as it traversed the network or they somehow exceeded their access rights -- possibly with the help of an insider -- to access the database and dump its stored contents.

But Davie doubts the crooks were able to get away with as much as they claim.

"If [T-Mobile] thought this was a hoax, they'd say that immediately and they haven't yet, which makes me suspect these guys have a small amount of data," he told SCMagazineUS.com on Monday. "But I'd be very surprised if they have all that they're claiming."

Gordon "Fyodor" Lyon, who runs the mailing list, told SCMagazineUS.com on Monday that one should take all posts with a "grain of salt."

"There have been many instances where actual 0-day vulnerabilities and private documents have been posted there, but also many hoaxes too," he said.

In particular, he highlighted a post in 2007 that claimed to contain the conclusion of "Harry Potter and the Deathly Hallows" days before it was released. That post turned out to be false.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.