It was reported on the morning of August 27 that last week, T-Mobile, a well-known US operator, admitted that a hacker had stolen the data of more than 50 million users. Now, the hacker, 21-year-old American John Binns has accepted a public interview with the Wall Street Journal. Binz grew up in the United States and moved to Turkey three years ago. He exchanged information with the Wall Street Journal through the chat software Telegram.
T-Mobile confirmed that the stolen user information contained some personal data, including some people’s social security numbers, driver’s license details, etc., and even some people’s account passwords. The hacker responsible for hacking T-Mobile’s system said that the operator’s lax security measures allowed him to access a record cache containing more than 50 million users, and it is still increasing.
Binz’s access to the T-Mobile system focused on finding weaknesses in T-Mobile’s known Internet addresses. He told the Wall Street Journal that his goal is publicity. In a message to the Wall Street Journal, Bins said that he found an unprotected node exposed on the Internet in July and managed to break through T-Mobile’s defenses. He said he has been using a simple tool that anyone can obtain to scan T-Mobile’s known Internet addresses for weaknesses.
The young hacker said he did this to attract attention. Creating attention is one of the goals, he wrote but declined to say whether he sold any stolen data or whether he was paid for it. After Binns gained access to the T-Mobile data center, he soon realized that he can access some important information. By entering the T-Mobile data center in Washington, Binz was able to access more than 100 servers. Their security is terrible, Binns said in the interview.
He said that it would take about a week to mine the server containing the personal data of tens of millions of previous and current users of the operator, adding that the hacker attack had acquired a large amount of data around August 4. Some people familiar with the matter said that Binz had contacted an American relative last year, claiming by phone that he was a computer expert, was kidnapped and taken to the hospital forcibly.
In the Telegram information exchange with the Wall Street Journal, Binz repeated similar statements. He said he wanted to arouse people’s perception that he was persecuted by the US government authorities. He claimed that he was kidnapped in Germany and imprisoned in a mental hospital.
I have no reason to make up a kidnapping story. I hope someone inside the FBI can reveal some information about this matter, he wrote.
Some comments believe that Binns is not a talented hacker. I just used a free tool and got lucky with an operator with very poor security. He may have a mental health problem. T-Mobile said that it is taking measures to rescue this data breach, including providing estimated free account protection services for 2 years; it is recommended that all T-Mobile post-paid customers take the initiative to change their passwords; and provide account takeover for post-paid customers Protection features, making it more difficult for customer accounts to be fraudulently transplanted and stolen.
