14 DAY TRIAL // On Saturday, wireless telecommunications giant T-Mobile was faced with a grim prospective, after hackers publicly announced that they successfully stole all of the corporate data from its U.S. branch. The unknown perpetrators claim they initially attempted to sell the sensitive information to the company's competitors without success.
With a total number of 128.3 million subscribers across the globe, T-Mobile is the eighth largest mobile telecommunications provider in the world. The company, headquartered in Bonn, Germany, operates in eleven European countries and the United States.
The hack is said to affect only T-Mobile USA, which is the fourth largest mobile network operator in the country, with almost 33 million customers. "We have everything, their databases, confidental [sic.] documents, scripts and programs from their servers, financial documents up to 2009," the hackers write in a message to the Full-Disclosure mailing list.
The group, identifying themselves only with a Pwnmobile@ e-mail address, suggest that they are also responsible for stealing the source code of Checkpoint's VPN1 firewall. "Like Checkpoint Tmobile has been owned for some time," they add.
As far as motives go, the hackers claim it was and still is monetary gain. "We already contacted with their competitors and they didn't show interest in buying their data – probably because the mails got to the wrong people – so now we are offering them for the highest bidder," they announce.
T-Mobile has immediately started an investigation, noting through a spokesperson that, "As is our standard practice, if there is any evidence that customer information has been compromised, we would inform those affected as soon as possible."
To prove that they indeed breached T-Mobile's network security, the cyber-thieves posted a long list of servers, applications, internal IP addresses, databases, etc. According to Security Fix, the company later updated its statement and explained that, "We've identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers."
The alleged hack has received mixed responses from security professionals, as there are both reasons to believe that it is a hoax and that it is a legitimate claim. For once, extracting so much data from the company's servers without the network administrators becoming suspicious is rather unlikely.
Furthermore, most of T-Mobile's competitors denied that they were offered any data and it is reasonable to assume that, if they had been, they would have contacted the authorities, rather than assume the huge risks involved with corporate espionage.
On the other hand, some of the former T-Mobile workers confirmed that at least some of the servers listed in the document released by the hackers were real and the associated information was accurate. However, it is possible that all the info was copied from an official document mapping the network, like the company suggests.
The hackers might be now forced to release more evidence in order to back up their claim and, if the hack proves legitimate, this might as well be one of the largest data breaches and leaks in Internet history. Not to mention that this would be a significant blow for T-mobile, which is no stranger to such incidents.
Back in October 2008, the German branch of T-Mobile admitted to a 2006 data breach, which compromised the personal details of 17 million subscribers. The incident, which the company kept secret for almost two years, was uncovered by reporters from German publication Der Spiegel, who wrote that the customer data had been put up for sale on the black market.
Update: We were contacted by a T-Mobile representative, who confirmed that the document published by the unknown individuals belonged to the company, but stressed that no personal details had been compromised. "Investigation continues into how the document was obtained," he noted.
"Following a recent online posting that someone allegedly accessed T-Mobile servers, the company is conducting a thorough investigation and, at this time, has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected. T-Mobile continues to monitor this situation and, as a precaution, has taken additional measures to further ensure our customers' information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible," the latest official T-Mobile statement reads.
Since the alleged hackers failed to produce additional proof to back up their claim, we have also updated the title of the article, so as to reflect the company's denial of a security breach.