Hackers are back in the news this week. This time, cellular carrier T-Mobile, which is used by 104 million people on a daily basis, was hit with a massive breach. This breach exposed the data of almost 50 million T-mobile users. This attack was not limited to current users, with former and prospective user data being compromised as well. Reported on August 15th, this breach was one of the largest attacks on a cellular carrier in recent memory. T-Mobile, the second largest cellular carrier in the country, apparently was lax when it came to
securing their network.
A 21 year old named John Binns, an American citizen living in Turkey, claimed responsibility for the attack and was able to provide proof to the Wall Street Journal and top cyber security professionals. Binns was able to access the network via an unsecured router at a T-mobile facility in Washington. This allowed for him to navigate through over one hundred T-mobile servers to find the information that he was looking for. Like many hackers, Binns was looking for any way he could to gain access into the network. While it took a bit of time, within a week Binns had access to millions of pieces of valuable customer data.
This data consisted of full names, birthdates, credit card numbers, social security numbers, drivers license numbers and bank account information. “I was panicking because I had
access to something big. Their security is awful,” Binns recounted to the Wall Street Journal. “Generating noise was one goal.” Unlike many hackers who wish to hide behind anonymity, Brinns was more brazen, speaking to reports from both Motherboard and Bleeping Computer, two of the countries top tech publications. He explained that he had routed around the servers and found the treasure trove, an Oracle database server full of customer information. He even shared screenshots showing his connection to the server to prove he was the man behind the attack.
T-Mobile eventually recognized they were breached and forced Binns out of the server. This isn’t before he made copies of what he claims is 106 GB of customer data. In fact, he did drop a trove of data onto the dark web, which is where most stolen data ends up, which he sold for six Bitcoin, which as of this writing has a value of three hundred thousand dollars. Binns reasoning for the attack is as follows. He claims that he was accused of being part of a botnet gang by the FBI and the CIA. From there he further alleges that the agencies removed him from Turkey and brought him to Germany where he was tortured for days. In fact, he went as far as to file suit against the agencies that alleges he was subject to illegal break-ins and wire-tapping by the agencies and accused of being a member of ISIS, which he fervently denies. In a message relating to the attack shared via Twitter Binns said “The breach was done to retaliate against the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019. We did it to harm US infrastructure.” While he has neither confirmed or denied being tied to a hacking group, he did acknowledge that he needed help getting into the servers.
Unit221B LLC, a cyber-security company, made T-mobile aware of the attacks after finding the data on the dark web. T-Mobile officials have stated that they are currently cooperating with law enforcement in an ongoing investigation. Due to this attack T-Mobile has partnered with cyber-security agency Mandiant to conduct a full scale investigation of the attack. They have also claimed to have notified most if not all current and past customers as well as prospectives that were affected by the hack. The carrier has stepped
up security features offered to their customers, including two free years of identity theft protection, a scam sweeper app, and are now offering what they refer to as “Account Takeover Protection”. They have urged all their customers to reset their passwords on all platforms.
While this is the biggest attack to be carried out on T-Mobile it isn’t the first. In fact the company has been breached four times since 2018, the largest previously being a breach of 200,000 users data. Another attack saw the logins of company employees being released to the dark web. Attacks such as these have seen nearly a 500% increase since 2019. The methods of these hackers are becoming more evolved and more invasive by the day. This is why proper cyber-security for your enterprise is invaluable. While there are many steps that you can take on your own, such as proper password maintenance and running firewalls and anti-malware software, it is no longer enough to stop there. Partnering with a security minded MSP, such as Delval Technology Solutions, can make the difference between having a minor hiccup or losing thousands if not millions of dollars in data, as well as the trust of your employees and clients. For more information, a system assessment, and a free dark web report, where the dark web is scoured to see if any of your data has been compromised, reach out to Delval Technology Solutions today.