<< South Korean File Sharing System Left Alone By Courts  |  Blue LED Inventor Gets His Millions >>

Scams

Scams

by Mike Masnick

Wed, Jan 12th 2005 12:45am




T-Mobile Hacker Watches Secret Service Watching Him

from the the-secret-service-isn't-so-secret,-apparently dept

The Secret Service has been investigating various computer crimes lately, and Security Focus has a fascinating article about how one of the people they were going after was simultaneously tracking them back by accessing an agent's T-Mobile Sidekick account. The details are fairly complex, but basically, this hacker got his hands on the entire T-Mobile user database, including passwords and other private info, allowing him to access anyone's web-based Sidekick account. It just so happens that one of the Secret Service agents working on the case uses a Sidekick, and the hacker got various Secret Service documents by logging into that agent's account. If this brings up the question of: "what the hell is a Secret Service agent doing using a T-Mobile Sidekick and allowing it to receive sensitive documents?" you're not alone. One of the Sidekick's "nice" features from a user perspective is that it automatically syncs with T-Mobile's web server in real time. So any info on the device is accessible via the web. That's useful for a normal user, but also opens it up to hackers. You would think the Secret Service would be a bit more careful. This is an organization that has "secret" in their name, after all. Anyway, they eventually tracked down this guy, but have been very quiet about it. Also very quiet is T-Mobile -- which may be against the law. California has this data privacy law that says a company needs to tell people if their personal info may have been compromised. Apparently, T-Mobile doesn't think the law applies to them. Update: The Associated Press has more details, claiming that the hacker only had access to 400 names. This seems unlikely, as he appeared to hit the "jackpot" with those 400 names including a number of celebrities and this Secret Service agent. They also claim they informed those 400. The Secret Service admits the agent screwed up by using the Danger device to access his work email, but said it was the best way to get information to him when he was on the go (the Secret Service can't afford their own mobile email systems?!?). They also claim that nothing too important was available to the hacker.

9 Comments | Leave a Comment..

 
 

Reader Comments

(Flattened / Threaded)

Add Your Comment

Have a Techdirt Account? Sign in now.
Get Techdirt’s Daily Email
Plain Text HTML
Save me a cookie
  • Plain Text: A CRLF will be replaced by break <br> tag, all other allowable HTML is intact
  • HTML: No formatting of any kind is done without explicitly being written in
  • Allowed HTML Tags: <b> <i> <p> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Close
Have a Techdirt Account? Sign in now.
Get Techdirt’s Daily Email
Plain Text HTML Save me a cookie

<< South Korean File Sharing System Left Alone By Courts  |  Blue LED Inventor Gets His Millions >>

Search Techdirt
And now, a word from our Sponsors..
San Francisco Music Tech 2009
15% off discount for Techdirt Readers



Subscribe to Techdirt's Daily Email Newsletter

Techdirt's Daily Email Newsletter

Related Stories

Crackdown On Loyalty Program Scams Shows How Ridiculously Successful They Were (11)

Advance Fee Scams Are Based On Greed, So Their New Favorite Target? Lawyers! (24)

Patent Office Insider Funnels $500k To Minister (10)

Is It ID Theft Or Was The Bank Robbed? (31)

Looks Like The Guy Who Set The Record For Largest Credit Card Breach Was Breaking His Own Record (9)

Close
E-mail It