Hacker comes forward, insults T-Mo’s ‘awful’ security

hacker-insults-t-mobile

T-Mobile continues to conduct its research into the recent customer data breach. And so far, the Un-Carrier has discovered that the information of over 50 million customers have been compromised. To add insult to the injury, a hacker who claims to be responsible for the attack has stepped up and called T-Mobile’s security “awful.”

The hacker, named John Binns, apparently went on an interview on how he was able to get through T-Mobile’s servers. Binns shared that he used a readily available tool to locate an exposed router. It took him a week to penetrate the customer data stored in T-Mobile’s data center near East Wenatchee, Washington. 

The hacker was able to provide apparent evidence to support his claim of being responsible for the attack. Binns revealed that he stole data from T-Mobile to create “noise” and get attention. He alleged that he was kidnapped in Germany and put into a fake mental hospital. This allegation, however, did not have enough evidence to be supported. 

When asked to comment on Binns’ claims, T-Mobile declined. But they are confident that they already closed any of the security holes used in the breach. 

 

Source: 1

Tags: ,

  • Ben

    When you’ve been breached 3-4 time in around 5 years, calling their “security” awful is putting it mildly. It’s gross incompetence. No external audits? Vulnerability assessment and testing? Pen testing? I know these things happen but leaving PII exposed and not masked or encrypted is just elementary. Looking forward to the FCC’s findings. I’m sure they’ll just keep throwing out freebies like the Apple+ subscription to distract customers.

  • Shaun Michalak

    One thing that makes me wonder is.. Is this a hole in the T-Mobile network, or was it a hole that was there because of them merging with Sprint?? Mistakes can happen, but, if this was not a Sprint merger problem, if I ran the company, I would get a hold of those hackers that hacked Apple and have them go over their system to find any holes to fix their security.

    Either way, the way that I look at it.. You can have the worst security in the world, and if no one targets you, then you will never get hacked.. Things only come to light when they do happen. This kind of makes me wonder.. Are the hackers trying to hack the other cell companies as much too?? and not finding any way in?? or are they specifically targeting T-Mobile?? Maybe because of the merger, and with it going on, them might figuring that there were be holes to make it easier to get in because of it?? Apple is a good example of all of this.. It was within the last year that a bunch of hacker hacked Apple and found dozens of holes.. But, did they have problems because of it?? Nope.. Because they were not targeted by malicious hackers.

    Either way, in this case.. Like what was said.. It took him a week to get in.. If it took that long, it was not a simple direct and easy path to get to the data.. This tells me that while their security may not be the best.. It is not really open to where it is easily hacked to get to stuff either.

    • Ben

      Most of what you’ve described is required in today’s world of business. Internal/external audits, vulnerability assessment and testing, penetration testing, etc. If they were done by competent people, they most likely would’ve found the unencrypted and unmasked PII, the excessive storage of unnecessary data, and the exposed router the Hacker exploited. Most hackers go after the low hanging fruit, and T-Mobile continues to make itself the easy target. I’m sure the other carriers have been targeted, but have not been breached because they have better defenses. T-Mobile has had a pattern of laxed security even before the merger with Sprint.

      • Shaun Michalak

        The thing is, not all companies do this.. For example.. look at apple.. They have a program that regular people, like you and me, can try and hack their system, and if you do, you report it to them with details of the event, and if all is good and true, they will pay you for finding these vulnerabilities.. The key thing is, the people doing this are not people hired by Apple to do the assessment.. They are people that just get up one day and decide to try their luck.. No contract.. Find nothing, get paid nothing.. The end of last year?? they found 55 vulnerabilities through apple.. 55!! and all ones that apple knew nothing about that were open that any malicious hacker could of have used.. To quote:

        “During our engagement, we found a variety of vulnerabilities in core
        portions of their infrastructure that would’ve allowed an attacker to
        fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.”

        Now if these hackers did not take it upon themselves, and apple did not directly go out and get people to do this.. Well, just how is that any better then what T-Mobile is going through.. Which proves my point.. 55 “found” openings in apple.. But no real viscous attack.. Why?? because they were not targeted by those types of people.. If anything, if these companies are not going to hire outside sources to check their security.. or, if they are only going to rely on one source that may not do that good of a job.. Maybe they should start up a program like Apple did to give honest hackers a way to make money, and help companies fix their security at the same time.. Something I think would be much more beneficial to T-Mobile right now..

  • SneakyPete

    Jon is very talented.