Categories: Hacking

T-Mobile Hacked. Hacktivism strikes again

The year 2012 has started in the worst way in terms of cyber security, because we have observed several attacks settled successfully against military organizations and private companies. After the sensational case of the Zappos data breach and of the cyber escalation which Israel is a victim, also the company T-Mobile has suffered an attack.
A few evidences of the hack in internet, except a list of credentials published in recent days on Pastebin. Pastebin is now the site considered by hackers showcase through used to advertize their own exploits in the world, a phenomenon in serious growth.

The origin of the gesture yet another protest made by a group of hacktivist called TeaMp0isoN who breached the official website of T-Mobile, one of the largest wireless communications providers in the world, leaking sensitive information regarding its staff.

The group accuses the company of providing support to monitoring activities of government, supporting
the application of the “Patriot Act law.”
The hackers have decleared:

“One of the main Reasons for the hack is Because They are corrupted, but we wanted to show how weak Also Their security is.”

The type of attack used is SQL injection, a vulnerability was exploited in the t-mobile.com and newsroom.t-mobile.com web site that have exposed the personal data of the company staff(eg names, email addresses, phone numbers and passwords of the administrators and staff members).

Hackers have also mocked the site administrators denouncing the usage of vulnerable credentials.

TeaMp0isoN is a well known group famous for other operations such as “Op Robin Hood”, “Op Free Palestine” and of the United Nations servers violation occurred in November.

The technique is always the same, to ridicule the opponents to show their inability, to express disagreement with the decisions and policies pursued by companies and government organizations.

Pierluigi Paganini

References

http://pastebin.com/HhaPZ1BE

T-Mobile Hacked by TeaMp0isoN, Administrators and Staff Exposed (Exclusive)

2012 – 01 -17  – Update

According to T-Mobile, the problem was limited to the T-Mobile USA newsroom. This claim seems plausible, with spot testing by The H’s associates at heise Security finding that the published credentials did indeed belong to newsroom staff. This would limit the scale of any problems arising as a result – the intruders may be able to publish fake press releases. Based on the information provided, private customer data was never at risk. Most of the passwords consist of a simple six-digit number composed of two numbers repeated such as “112112”. T-Mobile USA says that it has now fixed the vulnerabilities.

http://www.h-online.com/security/news/item/T-Mobile-USA-hacked-1414307.html

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 hour ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

13 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

17 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

23 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.