News

Hacker broke into T-Mobile via vulnerable router

21-year-old hacker John Binns, who lives in Turkey and is possibly a member of ISIS, claims to broke into T-Mobile through a vulnerable router. The head of the T-Mobile company also shared data on how the attack was carried out.

Let me remind you that a large-scale data leak became known in mid-August, when an announcement appeared on a hacker forum about the sale of personal data of approximately 100 million T-Mobile customers. The seller claimed that two weeks ago, he hacked into the company’s servers (production, staging, and development servers, including the Oracle server containing customer data), gaining access to an unsecured T-Mobile GPRS gateway, and stole the data from there.

Hacker estimated the entire dump at 6 bitcoins (about $280,000), claiming that in total the database contains information on 100 million people, including IMSI, IMEI, phone numbers, names, security PINs. Worse, some 30 million more people were given birth dates, driver’s license numbers, and even social security numbers.

Soon, representatives of T-Mobile confirmed that the hack did take place, but the company did not provide any details of what happened at the time. A little later, the company reported that the incident really affected millions of users: in total, records belonging to 50 million people were stolen, including current, former or potential customers of T-Mobile.

In a statement released late last week, CEO Mike Sievert said that while the investigation into the incident is almost complete, he is unable to share in-depth technical details of the incident due to a criminal investigation currently underway by law enforcement. However, Sievert did reveal some details.

Mike Sievert
We can report that, in simple terms, an attacker used technical systems knowledge, as well as specialized tools and tactics to gain access to our test environments, and then used brute force and other methods to penetrate other servers containing client data. In short, this man’s goal was to hack and steal data, and he succeeded.Sievert writes.

Shortly before this statement of the company, the journalists of The Wall Street Journal reported that they managed to get in touch with the hacker who attacked T-Mobile. The responsibility for the attack took 21-year-old John Binns, a US citizen now residing in Turkey.

In an interview that Binns gave via Telegram, he claimed to have hacked company out of revenge and a desire to draw attention to the problem. The fact is that last year he filed a lawsuit against the CIA, FBI and other US government agencies, claiming that he was blackmailed, followed and tortured. Binns claims that the US government suspects him of running the Satori botnet, and also suspects that he is a member of ISIS (Binns denies both charges).

In an interview with The Wall Street Journal reporters, Binns recounted everything that he had previously stated in his lawsuit, and also said that US law enforcement agencies had previously abducted him in Germany and Turkey, and had also been placed in a psychiatric hospital against his will. In response, the hacker decided to “damage US infrastructure.”

I have no reason to make up a fake kidnapping story, and I hope someone from the FBI will leak information about it.says Binns.

Binns also said that he managed to hack T-Mobile through a misconfigured router, which he discovered back in July. He says he found the router using a simple, publicly available tool, and some are suggesting that it is Shodan, Nmap, or Masscan.

Allegedly, this router provided Binns with an entry point to T-Mobile servers located in the data center in Washington state, and from where he was able to develop the attack further, having obtained credentials that gave him access to more than 100 of the company’s servers. Binns described T-Mobile’s security as “appalling,” and said it took him about a week to get to the servers storing customer data and hack it.

I was in a panic because I was able to access something important. Their safety is terrible. Making more noise was one of my goals.Binns said.
The hacker did not say if he was the only one working on this attack, but he admitted that he needed some help in obtaining database login credentials on T-Mobile systems. According to media reports, Binns was not the only one who ended up obtaining and trying to sell T-Mobile customer information. At the same time, Binns stated that he already has several potential buyers.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Kurlibat.xyz pop-up ads (Virus Removal Guide)

Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…

3 hours ago

Remove Initiateintenselyrenewedthe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…

3 hours ago

Remove Wotigorn.xyz pop-up ads (Virus Removal Guide)

Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…

3 hours ago

Remove Initiateintenselyprogressivethe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…

3 hours ago

Remove Nuesobatoxylors.co.in pop-up ads (Virus Removal Guide)

Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…

7 hours ago

Remove Helistym.xyz pop-up ads (Virus Removal Guide)

Helistym.xyz is a site that tries to force you into clik to its browser notifications…

7 hours ago