Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

T-Mobile Hacker Explains How He Breached Carrier's Security (axios.com) 26

Posted by BeauHD from the behind-the-scenes dept.
According to the Wall Street Journal, the person behind T-Mobile's recent security breach that affected more than 50 million customers is a 21-year-old named John Binns. " Binns said he broke through the T-mobile defenses after discovering an unprotected router exposed on the internet, after scanning the carrier's internet addresses for weak spots using a publicly available tool," reports Axios. From the report: "I was panicking because I had access to something big," he wrote in Telegram messages to the Journal. "Their security is awful." "Generating noise was one goal," Binns said. He declined to say whether he sold any of the information he stole, or whether he was paid for the hack.

Some of the information exposed in the breach included names, dates of birth, social security numbers and personal ID information. The breach is being investigated Seattle's FBI office, according to the Journal.
This discussion has been archived. No new comments can be posted.

T-Mobile Hacker Explains How He Breached Carrier's Security More

T-Mobile Hacker Explains How He Breached Carrier's Security

Comments Filter:

  • "Publicly available tool" I think we all know that one.

  • Asshole (Score:5, Insightful)

    by sconeu ( 64226 ) on Thursday August 26, 2021 @06:15PM (#61733799) Homepage Journal

    From what little parts of TFA I read...

    He was scared because of what he found. Did he ever consider telling T-MOBILE rather than breaching the systems and grabbing the data?

    • Re: (Score:1, Troll)

      by iggymanz ( 596061 )

      You're confused, the real criminals here are T-Mobile. They should get the worse punishment.

      • Are you sure? I could swear the router was dressed provocatively.

        • Not only that, it has a reputation for exchanging packets promiscuously.

        • Take that knowledge and help fix something instead making it your "thing" to break stuff. Don't be another Snowden running away and complaining only as you are caught. Yes, there is more to that story than is being reported. But then again maybe you'll love russia....

    • Re:Asshole (Score:5, Insightful)

      by ArchieBunker ( 132337 ) on Thursday August 26, 2021 @09:03PM (#61734223)

      All too often people do the right thing and alert the company. Of course then blame is placed on you for embarrassing said company. If you find something like this then keep your mouth shut. No good deed goes unpunished.

  • All of our formerly private information is completely public by now. Does it really matter that another company exposed our SSN, drivers license, postal address, etc anymore? Freeze your credit lines and move on.

    • Re: (Score:2)

      by darkain ( 749283 )

      Correction: All of our information that we thought was private but wasn't, is now known to certainly not be private.

    • Re: (Score:3, Interesting)

      by BeerFartMoron ( 624900 )

      All of our formerly private information is completely public by now. Does it really matter that another company exposed our SSN, drivers license, postal address, etc anymore? Freeze your credit lines and move on.

      Underpaid Experian Call Center Employee (UECCE): Hello, thank you for calling Experian. How can I help you today?

      Not BeerFartMoron (NBFM): I, uh, "lost" my credit freeze PIN number number.

      UECCE: Oh, I can help you reset that by having you answer a few questions that only you will know the answer. [bankrate.com]

      NBFM: [Hehehe] Sure, go ahead.

      UECCE: What is your SSN?

      NBFM: [Checks Experian data leak] BER-FRT-MORN

      UECCE: And your current employer?

      NBFM: [Checks Dell data leak] DumbStuph, LLC

      UECCE: And your date of birth?

      NBFM:

      • Re: (Score:2)

        by Bert64 ( 520050 )

        It's worse than that... Often the "security" questions are things like "mothers maiden name" or " what school did you attend" etc...
        This data doesn't just leak online through security breaches, people VOLUNTARILY post this information online these days!

        Mothers maiden name? look up your family connections on facebook, your grandparents will still have your mother's maiden name, your uncles and cousins likely will too. Otherwise look up family tree on one of those ancestry sites.
        School? People put the school

        • These companies don't check that the information you give is correct. They only care that you remember what you gave them.

          Mother's maiden name? Miss
          3rd grade school name? Elementary
          Name of your first pet? Helium
          Make of your first car? Oxygen
          City where you met your wife: Carbon

          It does require you to record these answers and not duplicate them at every site, but a data breach doesn't give the bad people any additional personal information.

          --
          All my pets are named after the noble gases.

          • My former boss gave me an even easier technique:

            All of the answers for a given company are the same. So when I'd call up the company's "Enterprise Service Desk", all of the security answers were "blue". I didn't even have to wait for them to ask the question.

            If they had a "what's your favorite color" question, I would've chosen a non-color answer, so that the answers make no sense given what the questions are.

            Then you just need to match up the company to your (single) answers, rather than have to keep tra

      • Americans are strange. In my country there is zero chance that any password or pin or anything security related could be changed over the phone. You can disable credit cards and stuff, but you can never get any new credentials over the phone. All this yankee âoeidentityâ that relies on a photoshopped utility bill is quit hilarious.

    • "We?" I've never applied for, been a customer of, or even used anything associated with them. So if my info got exposed in this hack, then it was already flying around.

  • John Binns (Score:5, Insightful)

    by oldgraybeard ( 2939809 ) on Thursday August 26, 2021 @06:29PM (#61733855)
    a 21-year-old stole private information(mine included) and having no ethics/morals, leaked and sold it for Fame and Profit.
    And is now doing interviews and laughing all the way to the bank?

    Yea I know T-Mobile is at fault for weak security. But this guy is scum of the earth.
    • I suspect this is less of laughing all the way to the bank and more trying to score a little extra cash for his legal defense fund. Laws that punish this are pretty draconian. Not really because they have to be but because you don't screw with mega corporations in America. He's probably going to do several years in jail. Which to be honest is kind of pointless. Be enough to keep them away from computers and he's probably otherwise harmless. Waste of a prison cell. I've got better things to do with my tax do

    • And maybe he gets stabbed on the way to the bus. Who knows. He's pissed off some wealthy people.

  • don't drop the soap and enjoy paying for there upgrade at the $0.15/hr prison work rate.

  • I was very Lucky to have came across these wonderful reliable hackers that helped me fix my credit when i lost hope on fixing it because i have actually searched for the right hackers to help me but all of them that i came across was just after my money and still couldn't get my credit right after paying them until I was introduced to these credit specialist , they took off all the negatives as well boosted up my credit , and the best part of this is that the repair is permanent .. I'm really grateful to th

Slashdot Top Deals

2.4 statute miles of surgical tubing at Yale U. = 1 I.V.League

Close