A 21-year-old American said he used an unprotected router to access millions
of customer records in the mobile carrier’s latest breach

The hacker who is taking responsibility for breaking into T-Mobile US Inc.’s
systems said the wireless company’s lax security eased his path into a cache
of records with personal details on more than 50 million people and

John Binns, a 21-year-old American who moved to Turkey a few years ago, told
*The Wall Street Journal* he was behind the security breach. Mr. Binns, who
since 2017 has used several online aliases, communicated with the Journal in
Telegram messages from an account that discussed details of the hack before
they were widely known.

The August intrusion was the latest in a string of high-profile breaches at
U.S. companies that have allowed thieves to walk away with troves of
personal details on consumers. A booming industry of cybersecurity
consultants, software suppliers and incident-response teams have so far
failed to turn the tide against hackers and identity thieves who fuel their
businesses by tapping these deep reservoirs of stolen corporate data.

The breach is the third major customer data leak that T-Mobile has disclosed
in the past two years. The Bellevue, Wash., company is the second-largest
U.S. mobile carrier with roughly 90 million cellphones connecting to its

The Seattle office of the Federal Bureau of Investigation is investigating
the T-Mobile hack, according to a person familiar with the matter. “The FBI
is aware of the incident and does not have any additional information at
this time,” the Seattle office said in a statement Wednesday.

In messages with the Journal, Mr. Binns said he managed to pierce T-Mobile’s
defenses after discovering in July an unprotected router exposed on the
internet. He said he had been scanning T-Mobile’s known internet addresses
for weak spots using a simple tool available to the public.

The young hacker said he did it to gain attention. “Generating noise was one
goal,” he wrote. He declined to say whether he had sold any of the stolen
data or whether he was paid to breach T-Mobile.

*The 21-year-old hacker shared a screenshot of internal T-Mobile servers
with warnings against unauthorized access.*

Several cybersecurity experts said the public details of the hack and
reports of previous T-Mobile breaches show the carrier’s defenses need
improvement. Many of the records reported stolen were from prospective
clients or former customers long gone. “That to me does not sound like good
data management practices,” said Glenn Gerstell, a former general counsel
for the National Security Agency.

Mr. Binns said he used that entry point to hack into the cellphone carrier’s
data center outside East Wenatchee, Wash., where stored credentials allowed
him to access more than 100 servers.  “I was panicking because I had access
to something big,” he wrote. “Their security is awful.” He said it took
about a week to burrow into the servers that contained personal data about
the carrier’s tens of millions of former and current customers, adding that
the hack lifted troves of data around Aug. 4.

On Aug 13 2021, the security research firm Unit221B LLC reported to T-Mobile
that an account was attempting to sell T-Mobile customer data, according to
the security firm. Two days later, T-Mobile publicly acknowledged it was
investigating a potential breach.

T-Mobile confirmed that more than 50 million customer records have been
stolen. The wireless carrier said it had repaired the security hole that
enabled the breach. “We are confident that we have closed off the access and
egress points the bad actor used in the attack,” it said in a statement. A
T-Mobile spokeswoman declined to comment on specific claims by Mr. Binns or
by cybersecurity experts.

For Mr. Binns, who uses the online names IRDev and v0rtex, among others, the
T-Mobile hack represents a major development in a track record that has
featured various exploits and”four years ago”peripheral involvement in the
creation of a massive network of hacked devices that was used for online

Mr. Binns showed the Journal that he could access accounts linked to the
IRDev online personality, which shared screenshots depicting access into
T-Mobile’s network. He declined to be photographed but answered personal
questions to confirm his identity as John Binns.   [...]

  [ADDED LATER from geoff:]

... Mike Benjamin, vice president of security for network operator Lumen
Technologies Inc., said U.S. prosecutions in past years have limited the
threat from these botnets, though network attacks have started growing in
recent months. He said *many young people, especially in the U.S. and
Europe, first learn basic hacking techniques by sharing tricks and tactics
with fellow gamers online.

“Online video-gaming drives a natural competitiveness,” Mr. Benjamin said.
”Everybody’s looking for that edge. That can reach into this area of outside
of the videogame,” where tactics end up “breaking the internet instead of
just inside the rules of the game.”

By admin