
T-Mobile Network Allegedly Hacked - tortilla
http://gigaom.com/2009/06/08/t-mobile-network-allegedly-hacked/
======
jonknee
Anyone know how sales like this are facilitated? I've always wondered how
anonymous parties can securely trade.

~~~
smanek
Bearer bonds?

More seriously, I remember reading this paper:
[http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/C88/31...](http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/C88/319.PDF)
a few years back. That only guarantees the buyer's anonymity (the seller still
has to deposit money in his bank which is, of course, traceable).

And I always liked the idea of 'assasination markets.' It isn't anonymous, but
still pretty neat ... If I wanted a copy of TMobile's data, I could set up a
prediction market where people could bet what hour TMobile's data would show
up in my mailbox. Bets would cost, say $100 (to prevent random guessing), but
would pay off $1,000,000 if you 'guessed' right. When TMobile's data shows up
in my mailbox, I can pay the person who 'guessed' the right time.

------
DenisM
I wonder if competitors who were offered the pwnership tipped off tmobile?
Coordinated response at the demand side is probably the best way to discourage
such criminals.

~~~
duskwuff
The offer was made publicly on the full-disclosure mailing list:

<http://seclists.org/fulldisclosure/2009/Jun/0062.html>

------
aminuit
Anyone buying this? I don't think a spreadsheet with a list of servers and
applications constitutes compelling evidence that they have "everything."
There are probably hundreds or thousands of people at T-Mobile who could get
this list.

------
greengirl512
Currently wishing I switched carriers when I stopped working there...Crap...

~~~
callahad
But who could you switch to? Your only other GSM option would be AT&T, which
was also compromised [1].

[1]: <http://www.eff.org/nsa/faq#8>

~~~
greengirl512
Yeah, and it's too late now, anyway.

------
peregrine
The real question is what did they get?

~~~
greengirl512
If that list is accurate, it looks like they have customer information
including personal data and call records (samson), and payment information
(JPayment), plus technical data and info about offers given to "save"
customers w/greater than 12 mos tenure. And other stuff, too.

