Fool’s Game
Last summer T-Mobil (TMUS) confirmed that its customer data had been hacked, with personal data from more than 54 million customers being revealed in the attack. The hack exposed names, SSNs, driver license information and credit card application data for many customers and shortly after the attack the data was offered on the dark web for ~$270,000 in Bitcoin. T-Mobile began an investigation right after the hack and according to court documents, went as far as to try to buy back the data from the hackers. While T-Mobile is not specifically mentioned in the court documents (called “company 3”) the data was said to have belonged to a major telecommunications company and wireless network operator in the US, which timing-wise, matched the T-Mobile breach.
T-Mobile, through a 3rd party agent, transferred $50,000 of bitcoin to get a sample of the offered data and then another $150,000 in bitcoin to get the full dataset while posing as an interested buyer, with the objective of taking the breached data off the market. Under the arrangement, the hacker would then destroy his copy, although it turns out that the hackers continued to try to sell the information after the T-Mobile purchase was made. It is not unusual for a company to try to bargain in ransomware attacks, but unusual that T-Mobile and the 3rd party negotiator would expect the hackers to live up to their end of the bargain. That said, it seems that the indictment here is for the person who acted as a ‘middleman’ between T-Mobile’s 3rd party and the actual hacker, who billed himself as an ‘Official Middleman Service’, having done the same for other hacks. He was not actually involved in the hacks, but the US is petitioning the UK to allow the ‘middleman’ to be extradited to the US to face charges that he ran a website that supported the buying and selling of hacked data for a fee.
The FBI used the website and its ‘middleman’ services to purchase US tax information includingSSNs, tax ID numbers, bank account numbers and passwords for $4,000 in bitcoin from the site and after extensive research discovered that the middleman was running the dark web site where hacked information was being bought and sold.. The FBI also discovered that the site’s domain was registered by the middleman when he was 14 years old, which he continued to re-register each year, along with mirror sites that he noted to clients would be available if the site was ever raided. Through the FBI purchase, the site and its owner were all linked to the many illegal transactions and eventually the indictment was granted.
While this sounds like fodder for a novel or movie (Bob Odenkirk to play the “middleman’?) it shows what goes on in what media calls the ‘dark web’. Such ‘services’ have been around for almost as long as the internet itself, and through considerable complexity are able to operate almost anonymously, especially with the advent of cryptocurrency. Most folks think it takes significant computer knowledge to ‘get on the dark web’ but it certainly does not, and hackers routinely share exploits and code about ways in which they have succeeded in hacking a site or company.
The T-Mobile hack was such a large one that it attracted considerable attention and governmental resources, but such goes on every day, and every time you fill out an account form, request information, or even put in a contact e-mail, you add to that vast sea of information that hackers find so intriguing, and services that offer to ‘immunize’ you from identity theft would have to go back in time to when you were born to erase any trail of information that could be used to build an identity profile. Companies have a responsibility to protect your information, and some take that seriously, but asking for your first roommates name does not protect your information from someone who hacks into their servers. There is no way to fully protect your information from hackers if it has been propagated to the cloud or remote servers, but expecting a hacker to ‘destroy the original’ after payment is a fool’s game. There is no honor among thieves.
T-Mobile, through a 3rd party agent, transferred $50,000 of bitcoin to get a sample of the offered data and then another $150,000 in bitcoin to get the full dataset while posing as an interested buyer, with the objective of taking the breached data off the market. Under the arrangement, the hacker would then destroy his copy, although it turns out that the hackers continued to try to sell the information after the T-Mobile purchase was made. It is not unusual for a company to try to bargain in ransomware attacks, but unusual that T-Mobile and the 3rd party negotiator would expect the hackers to live up to their end of the bargain. That said, it seems that the indictment here is for the person who acted as a ‘middleman’ between T-Mobile’s 3rd party and the actual hacker, who billed himself as an ‘Official Middleman Service’, having done the same for other hacks. He was not actually involved in the hacks, but the US is petitioning the UK to allow the ‘middleman’ to be extradited to the US to face charges that he ran a website that supported the buying and selling of hacked data for a fee.
The FBI used the website and its ‘middleman’ services to purchase US tax information includingSSNs, tax ID numbers, bank account numbers and passwords for $4,000 in bitcoin from the site and after extensive research discovered that the middleman was running the dark web site where hacked information was being bought and sold.. The FBI also discovered that the site’s domain was registered by the middleman when he was 14 years old, which he continued to re-register each year, along with mirror sites that he noted to clients would be available if the site was ever raided. Through the FBI purchase, the site and its owner were all linked to the many illegal transactions and eventually the indictment was granted.
While this sounds like fodder for a novel or movie (Bob Odenkirk to play the “middleman’?) it shows what goes on in what media calls the ‘dark web’. Such ‘services’ have been around for almost as long as the internet itself, and through considerable complexity are able to operate almost anonymously, especially with the advent of cryptocurrency. Most folks think it takes significant computer knowledge to ‘get on the dark web’ but it certainly does not, and hackers routinely share exploits and code about ways in which they have succeeded in hacking a site or company.
The T-Mobile hack was such a large one that it attracted considerable attention and governmental resources, but such goes on every day, and every time you fill out an account form, request information, or even put in a contact e-mail, you add to that vast sea of information that hackers find so intriguing, and services that offer to ‘immunize’ you from identity theft would have to go back in time to when you were born to erase any trail of information that could be used to build an identity profile. Companies have a responsibility to protect your information, and some take that seriously, but asking for your first roommates name does not protect your information from someone who hacks into their servers. There is no way to fully protect your information from hackers if it has been propagated to the cloud or remote servers, but expecting a hacker to ‘destroy the original’ after payment is a fool’s game. There is no honor among thieves.
RSS Feed