A computer hacker broke into T-Mobile USA Inc.’s network in 2003 and stole the names and social security numbers of about 400 T-Mobile subscribers, the carrier said. The hacker also was able to access information stored on subscribers’ T-Mobile Sidekick devices, according to reports on the incident.
The issue is especially interesting because the alleged hacker was able to access information in a Sidekick owned by a Secret Service agent who coincidentally was investigating the break-in on T-Mobile’s computers. The Secret Service caught Nicholas Jacobsen last year, and he has been charged with the unauthorized access of a protected computer. Jacobsen has been released on a $25,000 bond, and a trial is pending.
According to reports, Jacobsen allegedly hacked into T-Mobile’s computers and offered to sell subscriber information, such as names, social security numbers, voicemail passwords, dates of birth and subscriber identity module card numbers, over the Internet. Jacobsen also was reportedly able to access Sidekick users’ e-mails, documents and even digital pictures, a break likely due to the design of the T-Mobile Sidekick. The Sidekick operates under a client-server architecture, where many of the applications for the device are actually stored in T-Mobile’s network. Such a design allows a device with limited processing power to run sophisticated programs like e-mail clients and games.
“Safeguarding T-Mobile customer information is a top priority for the company,” wrote T-Mobile spokesman Peter Dobrow in a statement. “In late 2003, T-Mobile discovered that an unidentified person accessed a portion of one of its internal computer systems. We immediately took steps that prevented any further access to this system. We immediately notified the United States Secret Service, and asked it to investigate this incident, and to find the hacker.”
Dobrow said the affected customers were notified of the incident in writing, and Jacobsen was not able to access customer credit card information.
Dobrow said T-Mobile is also looking into allegations that Jacobsen was able to access users’ stored pictures and other information.
According to a report from the Associated Press, the Secret Service said its agent should not have been using his Sidekick for government work. The agent, however, said his superiors sent e-mails and other documents to his Sidekick for him to review while he was traveling. The agent said his superiors knew the device was not part of the Secret Service’s system.
The case against Jacobsen was first reported by Security Focus.
The incident comes as companies across the business spectrum are weighing the pros and cons of wireless. Indeed, industry research often pegs security as corporations’ top concern when it comes to investing in the technology. Such security concerns have sparked a small but growing industry around wireless security, from protecting information stored on mobile phones or personal digital assistants to securing Wi-Fi networks.