Wednesday, January 12, 2005

T-Mobile pwn3d & Shame on the US Secret Service

The Register has a shocking story about a major security breach at T-Mobile. Apparently they learned in July 2004 that an intruder had wormed his way into their customer database and had easy access to a wide variety of information, including names, addresses, dates of birth, social security numbers, web usernames and passwords, email and cameraphone snapshots.

Ok, so shame on T-Mobile for keeping this quiet so long, but the more shocking part is that the US Secret Service fell vicitim to this. Here's a paragraph from the article:

On 28 July the informant gave [the Secret Service] proof that their own sensitive documents were circulating in the underground marketplace they were striving to destroy. He had obtained a log of an IRC chat session in which a hacker named "Myth" copy-and-pasted excerpts of an internal Secret Service memorandum report, and a Mutual Legal Assistance Treaty from the Russian Federation. Both documents are described in the Secret Service affidavit as "highly sensitive information pertaining to ongoing USSS criminal cases".

What the heck is the Secret Service doing sending "sensitive documents" over T-Mobile, anyway? Shouldn't a law enforcement agency so heavily involved in computer crime investigation know better than this?

No comments: