Jun 12 2009 7:30PM GMT
Posted by: Robert Westervelt
Data Breaches and Identity Theft,
T-Mobile
In the race to be first, some information sources reprinted a forum post boasting of hacking into T-Mobile servers. In this case it appears to be the media that got pwned.
T-Mobile was put on the hot seat this week after an anonymous person posted a message on a hacker forum boasting of hacking into T-Mobile’s servers, stealing mountains of data, including customer records, account information and T-Mobile proprietary data.
The frivolous poster was seeking money and sought only serious inquiries to those willing to shell out cash for the supposedly stolen information. Several bloggers immediately jumped on the post followed by several publications. With little information, the brief linked to the anonymous post with headlines immediately warning of the next big breach.
The message was posted on Full Disclosure, a forum that has had questionable postings in the past. It showed information on T-Mobile’s various systems, including IP addresses of various servers and enterprise systems. T-Mobile quickly responded to the reports, conducted its own investigation and within a few days, issued several statements with the final one calling the original post unfounded.
“Following a recent online posting that someone allegedly accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised,” according to a revised T-Mobile statement.
In case the statement wasn’t clear enough, T-Mobile broke it down into bullet points. There was “no hack or breach of security.” Meanwhile an investigation continues into how the document of T-Mobile server information was obtained.
While the post must have given T-Mobile officials a scare, it is unlikely that a hacker broke in and stole sensitive data, said Alex Rothaker, research and development manager at Application Security Inc. who leads that firm’s Team SHATTER (Security Heuristics of Application Testing Technology for Enterprise Research) organization. Rothaker said the data on the company’s servers may have come from an insider or someone who worked on T-Mobile’s systems.
“Something as simple as Nmap can give you a lot of that information,” Rothaker said, referring to the free vulnerability scanning tool. “By itself [the information] is not a total breach … This could truly just be somebody playing a prank or tying to make a name for themselves.”
Rothaker said T-Mobile is likely doing a deep analysis of its server logs to try and find any anomalies. The lesson for other companies is to ensure that activity monitoring tools are in place. Access controls should be limited on databases and servers to limit the access to confidential data.
Don’t get me wrong. This wasn’t a failure on a grand scale. Some organizations got the story right, explaining that the post could be frivolous and focusing more on the fact that T-Mobile has initiated an investigation. In any case, T-Mobile officials need to take every case like this seriously. But I hope this issue serves as a reminder for reporters to take a deep breath, confirm information and not rush to post a story for the almighty page view monster without doing a little follow-up work. We’re forgetting some traditional journalistic principles. We need to take a heavy dose of skepticism, especially in the cybersecurity industry where much of the information could be potentially damaging to individuals and companies.
In the race to be first online, I often wonder if we’re driving our journalistic principles into the ground, shredding them to serve up a piece of content that ultimately serves no purpose except to gain as many views as possible. Reporters are pitted against bloggers, many of whom have no formal background or knowledge of journalistic ethics. Ultimately speed does a disservice to the public.
0 Comments
RSS Feed
Email a friend
