T-Mobile Hacker Watches Secret Service Watching Him

from the the-secret-service-isn't-so-secret,-apparently dept

The Secret Service has been investigating various computer crimes lately, and Security Focus has a fascinating article about how one of the people they were going after was simultaneously tracking them back by accessing an agent’s T-Mobile Sidekick account. The details are fairly complex, but basically, this hacker got his hands on the entire T-Mobile user database, including passwords and other private info, allowing him to access anyone’s web-based Sidekick account. It just so happens that one of the Secret Service agents working on the case uses a Sidekick, and the hacker got various Secret Service documents by logging into that agent’s account. If this brings up the question of: “what the hell is a Secret Service agent doing using a T-Mobile Sidekick and allowing it to receive sensitive documents?” you’re not alone. One of the Sidekick’s “nice” features from a user perspective is that it automatically syncs with T-Mobile’s web server in real time. So any info on the device is accessible via the web. That’s useful for a normal user, but also opens it up to hackers. You would think the Secret Service would be a bit more careful. This is an organization that has “secret” in their name, after all. Anyway, they eventually tracked down this guy, but have been very quiet about it. Also very quiet is T-Mobile — which may be against the law. California has this data privacy law that says a company needs to tell people if their personal info may have been compromised. Apparently, T-Mobile doesn’t think the law applies to them. Update: The Associated Press has more details, claiming that the hacker only had access to 400 names. This seems unlikely, as he appeared to hit the “jackpot” with those 400 names including a number of celebrities and this Secret Service agent. They also claim they informed those 400. The Secret Service admits the agent screwed up by using the Danger device to access his work email, but said it was the best way to get information to him when he was on the go (the Secret Service can’t afford their own mobile email systems?!?). They also claim that nothing too important was available to the hacker.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “T-Mobile Hacker Watches Secret Service Watching Him”

Subscribe: RSS Leave a comment
Mick says:

Re: Bound to happen

This makes me wonder how secure the US is when SS (I mean secret service) agents send secret documents unencrypted via e-mail.

If you don’t know what I mean? E-mail is unsecure, anyone can intercept it and read it, unless you use tools to secure it so only the people U want can read it.

Plus, this make the T-Mobile admins look like dummies. Make’s me consider moving my phone service else where. But, will this mean that T-Mobile’s security will become more secure?

anonymouse says:

Re: Re: Bound to happen

It is too bad that there is no Test for Intelligence, within the intelligence community.

Obviously, this tool just had NO clue that his/(her) email could be intercepted.

That is just SO sad, especially in this day and age.

The only mitigating factor is that unless htis person was Watched, they could maybe get away with public transmission.

The bright part?, maybe it was Planned…

Yeah, ok, I don’t think so either!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...