This past weekend hackers posted a message on the Full Disclosure Vunerability Message Board and claimed they had stolen confidential documents, programs, and financial data from T-Mobile’s servers. The hackers posted this offer: “We already contacted with their competitors and they didn't show interest in buying their data - probably because the mails got to the wrong people- so now we are offering them for the highest bidder.“
Today, T-Mobile USA, the fourth largest US mobile carrier, put out a statement that “the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised,” and that “reports to the contrary are inaccurate”. Normally, a hacker doesn't try to immediately sell their booty to the highest bidder with an open posting. This made several security experts think there isn't very much of value behind the hackers brazen claims.
US President Barack Obama, whose own presidential campaign computers were hacked, recently said such attacks are so widespread that they have cost more than $8 billion in damages over the past two years in the United States. Every company has to watch their security logs to make sure someone hasn't slipped under the protective umbrella. Some companies have been hit more often than others. The healthcare firm, Kaiser Permanente, has been hit multiple times due to employee laptops being stolen.
The only positive things that can be said for the posting on the Full Disclosure vulnerability message board is that T-mobile USA security staff are getting overtime pay and their press people are busy answering a lot of phone calls and emails. We bet the management of the mobile carrier’s security staff also asked questions about how good a job they were really doing to protect the company data.
The self-proclaimed hackers close their offer with the following statement: “Please only serious offers, don't waste our time.” Our only reply is: “Ditto.”
