Old news.
--- Phillip Tombs <[EMAIL PROTECTED]> wrote: > > > > T-Mobile Hacked > Hacker breaches T-Mobile systems, reads US Secret Service email > By Kevin Poulsen, SecurityFocus > Published Wednesday 12th January 2005 09:47 GMT > A sophisticated computer hacker had access to servers at wireless > giant T-Mobile for at least a year, which he used to monitor US > Secret Service email, obtain customers' passwords and Social Security > > numbers, and download candid photos taken by Sidekick users, > including Hollywood celebrities, SecurityFocus has learned. > > Twenty-one year-old Nicolas Jacobsen was quietly charged with the > intrusions last October, after a Secret Service informant helped > investigators link him to sensitive agency documents that were > circulating in underground IRC chat rooms. The informant also > produced evidence that Jacobsen was behind an offer to provide T- > Mobile customers' personal information to identity thieves through an > > Internet bulletin board, according to court records. > > Jacobsen could access information on any of the Bellevue, Washington- > based company's 16.3 million customers, including many customers' > Social Security numbers and dates of birth, according to government > filings in the case. He could also obtain voicemail PINs, and the > passwords providing customers with web access to their T-Mobile email > > accounts. He did not have access to credit card numbers. > > The case arose as part of the Secret Service's "Operation Firewall" > crackdown on internet fraud rings last October, in which 19 men were > indicted for trafficking in stolen identity information and > documents, and stolen credit and debit card numbers. But Jacobsen was > > not charged with the others. Instead he faces two felony counts of > computer intrusion and unauthorized impairment of a protected > computer in a separate, unheralded federal case in Los Angeles, > currently set for a 14 February status conference. > > The government is handling the case well away from the spotlight. The > > US Secret Service, which played the dual role of investigator and > victim in the drama, said Tuesday it couldn't comment on Jacobsen > because the agency doesn't discuss ongoing cases - a claim that's > perhaps undermined by the 19 other Operation Firewall defendants > discussed in a Secret Service press release last fall. Jacobsen's > prosecutor, assistant US attorney Wesley Hsu, also declined to > comment. "I can't talk about it," Hsu said simply. Jacobsen's lawyer > didn't return a phone call. > > T-Mobile, which apparently knew of the intrusions by July of last > year, has not issued any public warning. Under California's anti- > identity theft law "SB1386," the company is obliged to notify any > California customers of a security breach in which their personally > identifiable information is "reasonably believed to have been" > compromised. That notification must be made in "the most expedient > time possible and without unreasonable delay," but may be postponed > if a law enforcement agency determines that the disclosure would > compromise an investigation. > > Company spokesman Peter Dobrow said Tuesday that nobody at T-Mobile > was available to comment on the matter. > > Cat and mouse game > According to court records the massive T-Mobile breach first came to > the government's attention in March 2004, when a hacker using the > online moniker "Ethics" posted a provocative offer on muzzfuzz.com, > one of the crime-facilitating online marketplaces being monitored by > the Secret Service as part of Operation Firewall. > > "[A]m offering reverse lookup of information for a t-mobile cell > phone, by phone number at the very least, you get name, ssn, and DOB > at the upper end of the information returned, you get web > username/password, voicemail password, secret question/answer, sim#, > IMEA#, and more," Ethics wrote. > > The Secret Service contacted T-Mobile, according to an affidavit > filed by cyber crime agent Matthew Ferrante, and by late July the > company had confirmed that the offer was genuine: a hacker had indeed > > breached their customer database, > > At the same time, agents received disturbing news from a prized > snitch embedded in the identity theft and credit card fraud > underground. Unnamed in court documents, the informant was an > administrator and moderator on the Shadowcrew site who'd been > secretly cooperating with the government since August 2003 in > exchange for leniency. By all accounts he was a key government asset > in Operation Firewall. > > On 28 July the informant gave his handlers proof that their own > sensitive documents were circulating in the underground marketplace > they were striving to destroy. He had obtained a log of an IRC chat > session in which a hacker named "Myth" copy-and-pasted excerpts of an > > internal Secret Service memorandum report, and a Mutual Legal > Assistance Treaty from the Russian Federation. Both documents are > described in the Secret Service affidavit as "highly sensitive > information pertaining to ongoing USSS criminal cases". > > At the agency's urging, the informant made contact with Myth, and > learned that the documents represented just a few droplets in a full- > blown Secret Service data spill. The hacker knew about Secret Service > > subpoenas relating to government computer crime investigations, and > even knew the agency was monitoring his own ICQ chat account. > > Myth refused to identify the source of his informational largesse, > but agreed to arrange an introduction. The next day Myth, the snitch, > > and a third person using the nickname "Anonyman" met on an IRC > channel. Over the following days, the snitch gained the hacker's > trust, and the hacker confirmed that he and Ethics were one and the > same. Ethics began sharing Secret Service documents and emails with > the informant, who passed them back to the agency. > > Honeypot proxy > By 5 August the agents already had a good idea what was going on, > when Ethics made a fateful mistake. The hacker asked the Secret > Service informant for a proxy server - a host that would pass through > > web connections, making them harder to trace. The informant was happy > > to oblige. The proxy he provided, of course, was a Secret Service > machine specially configured for monitoring, and agents watched as > the hacker surfed to "My T-Mobile," and entered a username and > password belonging to Peter Cavicchia, a Secret Service cyber crime > agent in New York. > > Cavicchia was the agent who last year spearheaded the investigation > of Jason Smathers, a former AOL employee accused of stealing 92 > million customer email addresses from the company to sell to a > spammer. The agent was also an adopter of mobile technology, and he > did a lot of work through his T-Mobile Sidekick - an all-in-one > cellphone, camera, digital organizer and email terminal. The Sidekick > > uses T-Mobile servers for email and file storage, and the stolen > documents had all been lifted from Cavicchia's T-Mobile account, > according to the affidavit. (Cavicchia didn't respond to an email > query from SecurityFocus Tuesday.) > > By that time the Secret Service already had a line on Ethic's true > identity. Agents had the hacker's ICQ number, which he'd used to chat > > with the informant. A web search on the number turned up a 2001 > resume for the then-teenaged Jacobsen, who'd been looking for a job > in computer security. The email address was listed as > [EMAIL PROTECTED] > > The trick with the proxy honeypot provided more proof of the hacker's > > identity: the server's logs showed that Ethics had connected from an > IP address belonging to the Residence Inn Hotel in Buffalo, New York. > > When the Secret Service checked the Shadowcrew logs through a > backdoor set up for their use - presumably by the informant - they > found that Ethics had logged in from the same address. A phone call > to the hotel confirmed that Nicolas Jacobsen was a guest. > > Snapshots compromised > Eight days later, on 27 October, law enforcement agencies dropped the > > hammer on Operation Firewall, and descended on fraud and computer > crime suspects across eight states and six foreign countries, > arresting 28 of them. Jacobsen, then living in an apartment in Santa > Ana in Southern California, was taken into custody by the Secret > Service. He was later released on bail with computer use > restrictions. > > Jacobsen lost his job at Pfastship Logistics, an Irvine, California > company where he worked as a network administrator, and he now lives > in Oregon. > > The hacker's access to the T-Mobile gave him more than just Secret > Service documents. A friend of Jacobsen's says that prior to his > arrest, Jacobsen provided him with digital photos that he claimed > celebrities had snapped with their cell phone cameras. "He basically > just said there was flaw in the way the cell phone servers were set > up," says William Genovese, a 27-year-old hacker facing unrelated > charges for allegedly selling a copy of Microsoft's leaked source > code for $20.00. Genovese provided SecurityFocus with an address on > his website featuring what appears to be grainy candid shots of Demi > Moore, Ashton Kutcher, Nicole Richie, and Paris Hilton. > > The swiped images are not mention in court records, but a source > close to the defense confirmed Genovese's account, and says Jacobsen > amused himself and others by obtaining the passwords of Sidekick- > toting celebrities from the hacked database, then entering their T- > Mobile accounts and downloading photos they'd taken with the wireless > > communicator's built-in camera. > > The same source also offers an explanation for the secrecy > surrounding the case: the Secret Service, the source says, has > offered to put the hacker to work, pleading him out to a single > felony, then enlisting him to catch other computer criminals in the > same manner in which he himself was caught. The source says that > Jacobsen, facing the prospect of prison time, is favorably > considering the offer. > > > > > > > > > > > ------------------------ Yahoo! Groups Sponsor > --------------------~--> > In low income neighborhoods, 84% do not own computers. > At Network for Good, help bridge the Digital Divide! > http://us.click.yahoo.com/EpW3eD/3MnJAA/cosFAA/G6uqlB/TM > --------------------------------------------------------------------~-> > > > - - - - > > > Yahoo! Groups Links > > > > > > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------ Yahoo! Groups Sponsor --------------------~--> In low income neighborhoods, 84% do not own computers. At Network for Good, help bridge the Digital Divide! http://us.click.yahoo.com/EpW3eD/3MnJAA/cosFAA/G6uqlB/TM --------------------------------------------------------------------~-> - - - - Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/T-Mobile-US/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
