T-Mobile Hacker Watches Secret Service Watching Him
from the the-secret-service-isn't-so-secret,-apparently dept
The Secret Service has been investigating various computer crimes lately, and Security Focus has a fascinating article about how one of the people they were going after was simultaneously tracking them back by accessing an agent’s T-Mobile Sidekick account. The details are fairly complex, but basically, this hacker got his hands on the entire T-Mobile user database, including passwords and other private info, allowing him to access anyone’s web-based Sidekick account. It just so happens that one of the Secret Service agents working on the case uses a Sidekick, and the hacker got various Secret Service documents by logging into that agent’s account. If this brings up the question of: “what the hell is a Secret Service agent doing using a T-Mobile Sidekick and allowing it to receive sensitive documents?” you’re not alone. One of the Sidekick’s “nice” features from a user perspective is that it automatically syncs with T-Mobile’s web server in real time. So any info on the device is accessible via the web. That’s useful for a normal user, but also opens it up to hackers. You would think the Secret Service would be a bit more careful. This is an organization that has “secret” in their name, after all. Anyway, they eventually tracked down this guy, but have been very quiet about it. Also very quiet is T-Mobile — which may be against the law. California has this data privacy law that says a company needs to tell people if their personal info may have been compromised. Apparently, T-Mobile doesn’t think the law applies to them. Update: The Associated Press has more details, claiming that the hacker only had access to 400 names. This seems unlikely, as he appeared to hit the “jackpot” with those 400 names including a number of celebrities and this Secret Service agent. They also claim they informed those 400. The Secret Service admits the agent screwed up by using the Danger device to access his work email, but said it was the best way to get information to him when he was on the go (the Secret Service can’t afford their own mobile email systems?!?). They also claim that nothing too important was available to the hacker.
Comments on “T-Mobile Hacker Watches Secret Service Watching Him”
There were only 400, T-Mobile has tracked the hackers movements and was working with the SS from day 1.
Bound to happen
This makes me wonder how secure my cell phone really is. Do we have any privacy?
Re: Bound to happen
This makes me wonder how secure the US is when SS (I mean secret service) agents send secret documents unencrypted via e-mail.
If you don’t know what I mean? E-mail is unsecure, anyone can intercept it and read it, unless you use tools to secure it so only the people U want can read it.
Plus, this make the T-Mobile admins look like dummies. Make’s me consider moving my phone service else where. But, will this mean that T-Mobile’s security will become more secure?
Re: Re: Bound to happen
It is too bad that there is no Test for Intelligence, within the intelligence community.
Obviously, this tool just had NO clue that his/(her) email could be intercepted.
That is just SO sad, especially in this day and age.
The only mitigating factor is that unless htis person was Watched, they could maybe get away with public transmission.
The bright part?, maybe it was Planned…
Yeah, ok, I don’t think so either!
Re: Bound to happen
You’re kidding me, Right?
More Deets
The AP via Yahoo! has more details. Allegedly, only 400 customers were effected and they have been notified. Scary.
http://story.news.yahoo.com/news?tmpl=story&ncid=738&e=1&u=/ap/20050113/ap_on_hi_te/cellular_hacker
Please I need som help
After greeting ,
I look for a special program for a cellular telephone to send messages to any cellular telephone, and I can through these messages penetrate the victim’s cellular telephone and knowledge of all data stored in a victim of numbers and letters only script
Hello
I did your open
Megaupload downloading
Usually I use the best file searcher- http://megaupload.name/