Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: info@c2techs.net

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • Privacy Policy
FREECONSULT
Tuesday, 26 April 2022 / Published in Woo on Tech

T-Mobile hackers grab source code, try to hack govt accounts

T-Mobile hacked

Last year we wrote about T-Mobile getting massively hacked, which essentially led to their entire customer database being leaked. This was a problem because among the information leaked were cell numbers and their associated, unique IMEI numbers which in theory could result in phones getting duped and/or services for accounts being switched to a different phone if the hackers had access to some of T-Mobile’s core systems. And now we’ve come to discover they did in fact have that privileged access, though we do not know to what extent it was used to exploit the information they most assuredly had. T-Mobile has since confirmed that hackers did have access to very sensitive data, including source code and privileged accounts, which the hackers themselves have boasted about stealing. As revealed in private chat logs acquired by security researchers, the hackers also admitted to not being able to access law enforcement and DoD T-Mobile accounts to attempt sim swaps, but it’s not clear if they were successful with non-government accounts.

What this means for you

Many people use texts sent to their smartphones as a second-factor authentication method. If a hacker were able to SIM-swap or dupe a phone used as such, and they had other elements of that person’s digital life, such as logins and passwords to online banking that are protected by SMS-based second-factor, then those accounts are no longer secure, and most likely exploited. The most important element of a second factor is the fact that it is something that is in your sole possession, and this hacking group’s access to secure T-Mobile account management systems completely undermined that security method for T-Mobile devices.

As is to be expected, T-Mobile has been tight-lipped about whether or not it has been able to keep hackers out of their core account management systems. Supposedly they are safeguards in place that prevent the tools from being run from unauthorized computers and networks, but according to the same chat logs mentioned above, it was clear this particular threat group already had this particular problem solved. Even when compromised credentials were shut down, this group continued to secure new, usable credentials either by buying them through the dark web or tricking actual employees into giving up their credentials. By their own alleged admission, the leader of this threat group shut down their backdoor access so as to not draw too much attention to their efforts before he was able to achieve his personal objective of stealing T-Mobile’s source code. This did cause some infighting within the threat group as there was a faction that wanted to keep trying to gain access to government accounts, and others that wanted to target high net-worth accounts for SIM-swapping and account takeovers.

Fortunately for us, and possibly for T-Mobile, seven teenage members of the threat group behind the T-Mobile hack have been arrested. Ironically, they were identified probably by getting doxxed from within their own hacking community which appears to be rife with infighting and drama, just like any other large, online community. Does this mean you can trust T-Mobile’s security? I moved my family’s service off T-Mobile despite being a fan of their customers service for years. Is the carrier I moved to any more secure than T-Mobile? Only time will tell, but they, like all the others, are run by humans, and as we all know, humans make mistakes. Is it time to add another line to the list of life’s certainties? Death, Taxes and Hacking? Somedays it certainly feels like it.

  • Tweet

What you can read next

Scam
Social Media Fraud gets scammers big money
Battery
Fast charging, eco-friendly battery? Yes please!
Gmail security change creates unintentional headaches for businesses

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Update your tech vocabulary for 2023

    If there is one thing that the Internet excels ...
  • We sold our souls, but not how you might think.

    Part of an occasional series of articles that d...
  • “Low on Cyan.”*

    If you catch me at the end of a frustrating day...
  • GPTBot starts crawling the web. Resistance is futile.

    I know some of you are Trekkies, and even if yo...
  • Surprise, surprise. Hackers are using AI to bolster their attacks.

    The FBI held a press conference last week to co...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP