Hackers claim they raided sensitive T-Mobile information

Share this article:
Story updated on Monday, June 8 at 3:12 p.m. EST

Hackers are claiming they have plundered T-Mobile computer systems of sensitive company and customer information and are planning to sell it.

The intruders allegedly stole "everything, [including T-Mobile's] databases, confidential documents, scripts and programs from their servers, [and] financial documents up to 2009," according to a note they posted Saturday on the Full Disclosure mailing list.

The anonymous authors of the note left a contact email address, but a message sent to that account by SCMagazineUS.com received an error return message on Monday.

The letter included claims that the hackers are trying to sell the stolen goods to the highest bidder.

"We already contacted with their competitors and they didn't show interest in buying their data -- probably because the mails got to the wrong people -- so now we are offering them to the highest bidder," the post said. "Please, only serious offers. Don't waste our time."

In addition, the letter includes about 10 pages of what appears to be files allegedly stolen from T-Mobile.

A T-Mobile spokeswoman told SCMagazineUS.com on Monday that she could not provide any information about the incident, but the company was looking into it.

Paul Davie, founder of database security firm Secerno, said that if the story is true, the hackers likely pilfered the data in one of two ways: Either they installed data-sniffing malware to capture data as it traversed the network or they somehow exceeded their access rights -- possibly with the help of an insider -- to access the database and dump its stored contents.

But Davie doubts the crooks were able to get away with as much as they claim.

"If [T-Mobile] thought this was a hoax, they'd say that immediately and they haven't yet, which makes me suspect these guys have a small amount of data," he told SCMagazineUS.com on Monday. "But I'd be very surprised if they have all that they're claiming."

Gordon "Fyodor" Lyon, who runs the mailing list, told SCMagazineUS.com on Monday that one should take all posts with a "grain of salt."

"There have been many instances where actual 0-day vulnerabilities and private documents have been posted there, but also many hoaxes too," he said.

In particular, he highlighted a post in 2007 that claimed to contain the conclusion of "Harry Potter and the Deathly Hallows" days before it was released. That post turned out to be false.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Skills in demand: Communications and messaging experts

Skills in demand: Communications and messaging experts

The demand for infosec-focused communications and messaging pros is growing.

Company news: New execs at Malwarebytes and an acquisition by VMware

The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.