In brief: The hacker purportedly responsible for the recent T-Mobile data breach has told The Wall Street Journal that he used a simple tool available to the public to scan T-Mobile’s known Internet addresses, leading to an unprotected router that served as an entry point into a data center containing more than 100 servers.
The hacker contacted the Journal using Telegram, an encrypted communications app. The 21-year-old told the Journal that he moved from the US to Turkey a few years ago and has used several online aliases since 2017.
The exposed router was discovered in July, and he started lifting data from T-Mobile’s servers around August 4. The Journal said the user, identified as John Binns, communicated from a Telegram account that had discussed details of the breach before they were widely known. Binns also shared screenshots from within T-Mobile’s network, but refused to be photographed for the story.
“Generating noise was one goal,” Binns said, but declined to say whether or not someone paid him to perform the job or if he had sold any of the stolen data.
The story took an unusual turn, however, as the Journal notes:
He contacted a U.S. relative last year, claiming by telephone that he was a computer expert who had been kidnapped and taken to a hospital against his will, this person said. “He gushed about how he could do anything with a computer,” this person said.
In Telegram messages with the Journal, Mr. Binns repeated similar claims. He said he wanted to draw attention to his perceived persecution by U.S. government authorities. He described an alleged incident in which he claims he was abducted in Germany and put into a fake mental hospital.
“I have no reason to make up a fake kidnapping story and I’m hoping that someone within the FBI leaks information about that,” he wrote, explaining his reason for publicly discussing the hack.
T-Mobile confirmed the security breach in mid-August, and offered impacted customers two years of free identity theft protection through McAfee’s ID Theft Protection Service . The company said it has already fixed the security hole that allowed for the attack.
The Seattle branch of the FBI said it is aware of the incident but does not have anything additional to share at this time. The FCC is already looking into the matter.
Image credit Anete