The hack of T-Mobile has demoralized one of the largest telecommunications companies in the U.S. The company competes directly with Verizon and AT&T as the providers jostle yearly to claim their positions as the top three mobile carriers in the country.
T-Mobile was the nation’s most popular carrier in 2020, and its growth in 2021 has been enhanced by the company’s dedication to bolstering its 5G offerings.
Much like the recent disruptions caused by the attacks on SolarWinds and the Colonial Pipeline, the August hack of T-Mobile has been making headline news for weeks.
However, the details of T-Mobile’s security blunder has shed a stark light on the basic security lapses that a multibillion dollar company should never have made.
Remarkably, a single 21-year-old individual was able to access and steal the personal data of nearly half of the company’s 104 million customers from the safety of his mother’s home in Izmir, Turkey.
T-Mobile hack timeline
On Sunday, August 15 of 2021, a post was discovered on a hacker forum that was advertising information belonging to 100 million people. The data was described as containing Social Security numbers, drivers license information and more. A chunk of the information was offered in exchange for 6 Bitcoin, which at the time was valued at around $270,000.
The data was determined to have been sourced from T-Mobile. The company, upon notification, stated that they were aware of the online post and were investigating the validity of the claim.
The next day, Monday, August 16, T-Mobile verified that the claims were true and reported that investigations were underway in determining who was responsible for the hack. T-Mobile said that access to their system was closed and that no further data theft would be possible.
On Tuesday, August 17, the company re-stated that it had closed the vulnerability that the hacker had been using and reported that customer data related to 7.8 current customers and 40 million former or prospective customers had been compromised.
On Friday, August 20, T-Mobile reported more information related to its ongoing investigation into the hack, revealing that an additional 5.3 million existing customers and 667,000 former subscribers had their sensitive data breached.
On August 26th, a 21-year-old American residing in Turkey named John Binns claimed responsibility for the hack of T-Mobile after being identified as a suspect by Alon Gal, co-founder of intelligence firm Hudson Rock.
How was T-Mobile hacked?
Binns, a Virginia native who moved to Turkey with his mother when he was 18, asserted that he was able to gain access to T-Mobile’s data the previous month after probing for weaknesses in the company’s security. His methodical search led to the discovery of an unprotected router located in a data center near East Wenatchee in Washington state.
His peek into the data center allowed him unauthorized access to over 100 of T-Mobile’s servers. In a matter of days, Binns had stolen data related to millions of the company’s customers after hacking into an Oracle database.
Binns stated that he was eventually locked out of the company’s system, but by then he had already copied the data for his own personal use.
Binns claims that he opted not to engage in a ransomware scheme with T-Mobile because he already had potential buyers lined up online.
Profit, however, was also not his primary motivation for his intrusion.
Why was T-Mobile hacked?
John Binns claims that his reason for hacking T-Mobile was a politically motivated act of revenge.
In describing his hack to the Wall Street Journal, Binns claims that he was abducted and tortured by U.S. authorities after being accused of having a role in the creation of Satori, a piece of malware that caused a great degree of damage in 2018.
In November, he filed a lawsuit against the FBI, CIA and Justice Department for incorrectly and unjustly accusing him of committing cybercrimes as well as belonging to the militant Islamic State. In the suit, Binns alleges that the CIA broke into his property and wiretapped his home.
“I have no reason to make up a fake kidnapping story,” Binns told the Wall Street Journal. “I’m hoping that someone in the FBI leaks information about that.”
Prior to his public admission, Binns sent the following message to Gal via Twitter:
“The breach was done to retaliate against the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019. We did it to harm US infrastructure.”
At the time of this article’s writing, Binns has not claimed to have actually sold the information that he stole. He also has not revealed if he was paid by a third party to carry out the hack or if he had any degree of assistance.
What is happening now?
After a brief and unsatisfying initial response, T-Mobile has been working to notify those whose data was involved in the hack and encourage them to change their passwords, PIN numbers and remain vigilant with regard to their data. T-Mobile has offered customers two years of complimentary identity protection services and is recommending that they sign up for the company’s free Scam Shield security program.
Thus far, T-Mobile has been hit with three separate class action lawsuits that allege that the company did not adequately protect customer data from theft.
More lawsuits and investigations into the hack will undoubtedly materialize.
How could the T-Mobile hack have been prevented?
T-Mobile could have quite possibly prevented Binns from carrying out his mission by creating and implementing a strong user authorization system that determines who has access to what information.
T-Mobile also could have put multi-factor authentication in place that would have required a user to identify who they are before being allowed access to sensitive data.
At this point in time, evidence leads security researchers to believe that T-Mobile was also using outdated password practices, and generally not keeping up to speed regarding cybersecurity protocols.
While no method is entirely foolproof, Binns himself described the company’s security measures as “awful.”
His success at breaking into the data storage of one of the country’s largest and most profitable telecommunications companies from behind a computer at his mother’s home leads most cybersecurity experts to agree with his assessment.
Don’t be like T-Mobile! Follow these simple steps to help keep your network and devices safe:
- Use strong passwords. Be sure to use strong login credentials and change them regularly.
- Delete your cookies. Clear the cookies saved in your browser once every couple of weeks to prevent your online activity from being traced.
- Buy new hardware. Replace outdated gear with refurbished firewalls or network switches from a reputable dealer.
- Browse in secret with a VPN. Using a VPN is a great way to keep your network hidden from hackers.
- T-Mobile hack: Everything you need to know by Jonathan Greig, 28 Aug 2021, ZDNet
- Satori botnet author in jail again after breaking pretrial release conditions by Catalin Cimpanu, 28 Oct 2018, ZDNet
- The T-Mobile data breach: A timeline by Michael Hill, 27 Aug 2021, CSO
- T-Mobile US hit with class action lawsuits by Martha DeGrasse, 6 Sep 2021, Mobile World LIve
- 3 Critical Lessons from the T-Mobile Data Breach by Martin Gontovnikas, 7 Sep 2021, auth0
- T-Mobile hack: Here’s what you need to know about the massive data breach by Bree Fowler, 28 Aug 2021, CNet