Hacker Penetrates T-Mobile Systems 396
An anonymous reader writes "SecurityFocus.com reports 'a sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mail, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities.' Demi Moore and Paris Hilton are involved."
The Register has an article too ... (Score:2, Informative)
His Resume is posted online ! (Score:5, Informative)
Re:Get Moore !?! (Score:4, Informative)
Re:Get Moore !?! (Score:5, Informative)
RTFA:
It appears that if you sue, you won't win.
Re:His Resume is posted online ! (Score:5, Informative)
Clicky... AC, so no karma whoring for me. :-)
Re:Argh... (Score:1, Informative)
Words can have multiple meanings.
Picture messages, (Score:2, Informative)
T-Mobile Security (Score:2, Informative)
Re:linkie? and recruitment (Score:3, Informative)
I hate to break it to you, but that's a movie. It is, however, based on a true story. You might want to see how the real Frank Abagnale has been doing lately, though:
http://www.abagnale.com/index2.asp [abagnale.com]
Meet the script kiddie. (Score:3, Informative)
I agree, the most disturbing thing about all of this is the low level of knowledge of the hacker. He was nothing but a script kiddie on his resume and he was caught with obvious mistakes. We can be sure that TMobile and others are still owned by more sophisticated crackers who will not be caught.
The article links to a 2001 resume [securityfocus.com] which never mentions GNU and only once mentions Unix but lots of Windozed based cracker toys and garbage. His efforts, while many, were too narrowly focused.
It does not look like he mastered Windoze cracking or much else by the time he was caught three years later. Besides being dumb enough to try to sell information, he accepted a proxy from a stranger. Someone who knew what they were doing would have a botnet proxy they set up themselves that could never be traced through. What else is windoze cracking good for?
The whole mindset was script kiddie. Own a phone service and collect stuff. What a waste of time.
He got his resume wish in a perverse way. He wanted a job is computer security. Now he's a felon and gets to spend some quality time as a government slave, snitching on his friends till he's all used up. Or he can go to jail and take the usual felon jobs: dishwasher, garbage man and other highly undesirable manual labor in tiny shops that know they can abuse you. Those jobs will be waiting for him when the government is through with him.
Re:SSH on T-Mobile - Not Secure (Score:3, Informative)
That said, I've used the SSH client myself and even glanced through the source briefly, and nothing struck me as suspicious. As for the hiptop lacking the power to do the encryption, that's why it takes the client a good thirty seconds or so just to perform the initial handshake.
Re:Not-so Secret Service (Score:2, Informative)
1 - eliminate the need for 4 different terminal types on one desk.(that was how the idea germinated)
2 - Facilitate the sharing of information beteween gov't contractors and researchers who had ARPA grants.
3 - A way to timeshare systems for researchers who would not oridinarily have access to such systems.
It was US centric at the beginning and ARPA and ARPA's subcontractors/researchers only.
And to head this off at the pass, ARPA net was NOT designed for fault tolerence of command/control during a nuclear war. That was the impetus behind Paul Baran's development of the idea of packet-switching networks (that wasn't his name - the term "packet" came from Davies who sorta developed the same idea concurrently). He could never drum up support for the idea with ATT (really the only entity that could impliment it at the time). They said it was stupid idea. ARPA later grabbed the idea and used it because it lent a robustness to otherwise unlreliable lines of communications and the IMPs that terminated each line. The fact of the fault tolerence in terms of catastrophic destruction due to war is simply a coincidental side effect when you take into account the reasons the ARPA project was using packet switched networks.
Sorry. Got on my high-horse there. I just can't stand when people say that ARPAnet was designed in a distributed manner to survive a nuclear war (and even though no one's said it yet - well, this is Slashdot, so some future comments are predictable). Not true. It was the basis of Paul Baran's conceptual model of a packet switching distributed network.