T-Mobile Hacker Watches Secret Service Watching Him

from the the-secret-service-isn't-so-secret,-apparently dept

Wed, Jan 12th 2005 12:45am — Mike Masnick

The Secret Service has been investigating various computer crimes lately, and Security Focus has a fascinating article about how one of the people they were going after was simultaneously tracking them back by accessing an agent's T-Mobile Sidekick account. The details are fairly complex, but basically, this hacker got his hands on the entire T-Mobile user database, including passwords and other private info, allowing him to access anyone's web-based Sidekick account. It just so happens that one of the Secret Service agents working on the case uses a Sidekick, and the hacker got various Secret Service documents by logging into that agent's account. If this brings up the question of: "what the hell is a Secret Service agent doing using a T-Mobile Sidekick and allowing it to receive sensitive documents?" you're not alone. One of the Sidekick's "nice" features from a user perspective is that it automatically syncs with T-Mobile's web server in real time. So any info on the device is accessible via the web. That's useful for a normal user, but also opens it up to hackers. You would think the Secret Service would be a bit more careful. This is an organization that has "secret" in their name, after all. Anyway, they eventually tracked down this guy, but have been very quiet about it. Also very quiet is T-Mobile -- which may be against the law. California has this data privacy law that says a company needs to tell people if their personal info may have been compromised. Apparently, T-Mobile doesn't think the law applies to them. Update: The Associated Press has more details, claiming that the hacker only had access to 400 names. This seems unlikely, as he appeared to hit the "jackpot" with those 400 names including a number of celebrities and this Secret Service agent. They also claim they informed those 400. The Secret Service admits the agent screwed up by using the Danger device to access his work email, but said it was the best way to get information to him when he was on the go (the Secret Service can't afford their own mobile email systems?!?). They also claim that nothing too important was available to the hacker.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

9 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 12 Jan 2005 @ 12:45am

There were only 400, T-Mobile has tracked the hackers movements and was working with the SS from day 1.
[ link to this | view in chronology ]
Jim, 12 Jan 2005 @ 8:47am

Bound to happen
This makes me wonder how secure my cell phone really is. Do we have any privacy?
[ link to this | view in chronology ]
- Mick, 12 Jan 2005 @ 6:39pm
  
  Re: Bound to happen
  This makes me wonder how secure the US is when SS (I mean secret service) agents send secret documents unencrypted via e-mail.
  
  If you don't know what I mean? E-mail is unsecure, anyone can intercept it and read it, unless you use tools to secure it so only the people U want can read it.
  
  Plus, this make the T-Mobile admins look like dummies. Make's me consider moving my phone service else where. But, will this mean that T-Mobile's security will become more secure?
  [ link to this | view in chronology ]
  - anonymouse, 12 Jan 2005 @ 9:15pm
    
    Re: Bound to happen
    It is too bad that there is no Test for Intelligence, within the intelligence community.
    
    Obviously, this tool just had NO clue that his/(her) email could be intercepted.
    
    That is just SO sad, especially in this day and age.
    
    The only mitigating factor is that unless htis person was Watched, they could maybe get away with public transmission.
    
    The bright part?, maybe it was Planned...
    
    Yeah, ok, I don't think so either!
    [ link to this | view in chronology ]
- anonymouse, 12 Jan 2005 @ 9:11pm
  
  Re: Bound to happen
  You're kidding me, Right?
  [ link to this | view in chronology ]
Slim, 12 Jan 2005 @ 9:17pm

More Deets
The AP via Yahoo! has more details. Allegedly, only 400 customers were effected and they have been notified. Scary.

http://story.news.yahoo.com/news?tmpl=story&ncid=738&e=1&u=/ap/20050113/ap_on_hi_te/cellular_h acker
[ link to this | view in chronology ]
ASSAD, 23 Jan 2007 @ 1:48am

Please I need som help
After greeting ,

I look for a special program for a cellular telephone to send messages to any cellular telephone, and I can through these messages penetrate the victim's cellular telephone and knowledge of all data stored in a victim of numbers and letters only script
[ link to this | view in chronology ]
Danielle Warren, 4 Jul 2008 @ 9:40am

Re: Hello
I did your open
[ link to this | view in chronology ]
fred, 2 Aug 2008 @ 8:14am

Megaupload downloading
Usually I use the best file searcher- http://megaupload.name/
[ link to this | view in chronology ]