T-Mobile net reportedly hit by hacker/extortion attack

T-mobile customers are awakening this morning to reports that hacker/extortionists have victimized the cellular carrier through a massive network breach resulting in the theft of untold amounts of corporate and customer data, which they're threatening to sell to the highest bidder.

T-Mobile says it is investigating.

(Tuesday update: T-Mobile says fear not.)

There is also speculation among observers online that the incident, which became public Saturday, could be a hoax.   

I have an inquiry in to T-Mobile's public relations department this morning. Secure Channel blogger Larry Walsh reports receiving this response from the company over the weekend:

"The protection of our customers' information, and the safety and security of our systems, is absolutely paramount at T-Mobile. Regarding the recent claim, we are fully investigating the matter. As is our standard practice, if there is any evidence that customer information has been compromised, we would inform those affected as soon as possible."

The extortion threat was reportedly sent to the Full Disclosure mailing list and is posted at Insecure.org. It includes data purportedly stolen from T-Mobile's network and reads:

Like Checkpoint Tmobile has been owned for some time. We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009.

We already contacted with their competitors and they didn't show interest in buying their data -probably because the mails got to the wrong people- so now we are offering them for the highest bidder.

Australian security firm Sunnet Beskerming offers this analysis on its blog:

Claims have been made by an unknown party that they have compromised the US cellular network carrier T-Mobile and have managed to extract all of the corporate data, including databases, confidential documents, scripts and programs from company servers and full financial data up to the present time.

Issuing the public announcement over a weekend means that it is going to take some time for T-Mobile to investigate the claims and make a formal statement, but already there are elements which suggest scam, and some which suggest that the material is legitimate.

Leaning towards scam is the claimed ignorance by T-Mobile's competitors when they were approached with the data the hackers claim to have. This might just be that the hackers relied upon emails to reach the competitors, and with the email address pwnmobile@... they were likely to end up in the spam bin before anyone would be able to see the material on offer. There are better ways to reach people than through unsolicited email, but there are increased risks with taking this approach.

Slashdot has reported the claim and its readers there are discussing the possibilities and ramifications here. Same at Twitter.

(Disclosure: I was until recently a T-Mobile customer.)

(Update: One data-breach expert says he believes the reported network intrusion may prove to have been real, despite questions he has about how the hackers say they went about their business.

"I suppose it's possible that this is the real deal," says Kelly Todd, secretary/CCO of the Open Security Foundation, which maintains the DataLossDB. "The list provided in the F-D post looks like a legitimate document (to my eyes, anyway) but offering the info to T-Mobile competitors directly seems somewhat stupid; if they were good enough to get into T-Mobile, why not use one of the seemingly gazillion black markets out there to minimize the risk of getting caught?")

(Update 2, 3:30 p.m.: Just got an e-mail from T-Mobile public relations with the same statement you see above, nothing more.)  

Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.

2009's 25 Geekiest 25th Anniversaries.

5 online "marketing opportunities" hospitals are missing.

Don't know when to go? RunPee.com fills the void.

Google ran out of bandwidth? ... No, we're talking failure to communicate.

4chan users trigger DDoS attack ... against 4chan?

What does security software have to do with swine flu?

Snopes.com gets an "A" from fellow fact-checkers.

Reason No. 2 to resist filing a complaint with the FCC.

Tweeting with "Star Trek" actor sparks kitchen fire?

40% of geeks surveyed admit to working ... how many hours?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.