Ransoming data: The new weapon of choice for cyber criminals?

Last night, T-Mobile confirmed its databases were breached by hackers, but said that no valuable data was stolen. Still, the breach is raising questions about a new hacker tactic: the ransoming of user information.

Days after reports of a security breach first surfaced, T-Mobile, a major mobile network provider, last night acknowledged that hackers had gained access to sensitive data. But in a statement, the company said that "possession of this [information] alone is not enough to cause harm to our customers." T-Mobile, which is based in Bonn, Germany, is estimated to have upward of 30 million US subscribers.

The breach

Over the weekend, an anonymous hacker announced that he or she had gained access to T-Mobile's user databases, and stolen reams of confidential information. "We already contacted [sic] with their competitors and they didn’t show interest in buying their data,” the hacker wrote on insecure.org, a cyber-security site, “probably because the mails got to the wrong people – so now we are offering them for the highest bidder.”

The author then listed an email address, hosted by safemail.net. Before the release of the most recent statement, T-Mobile had neither confirmed nor denied the hacker’s claim.


T-Mobile, a subsidiary of Deutsche Telekom, has weathered a hacker attack before. In 2004, 21-year-old Nicolas Jacobsen broke into T-Mobile servers, and monitored sensitive information such as Social Security numbers, addresses, and personal photos before being apprehended by the FBI. (Kevin Poulsen of SecurityFocus has published a long account of Jacobsen's capture, including details of Operation Firewall, a government crackdown on cyber-crime.)

Ransoming data has been relatively popular among hackers for years. In 2006, criminals used a Trojan horse program to freeze the files of a UK woman, who eventually managed to recover much of her data. According to ZDNet.co.uk, a ransom note instructed the woman to avoid going to the police, and to "buy pharmaceutical products online to gain the password to release her files."

Then in 2007, hackers allegedly held ransom thousands of users profiles on Monster.com, the job site. To gain access, the hackers posed as employees, the Times of London reported.

Taking it up a notch

Last month, a hacker gained access to the Virginia Prescription Monitoring Program, and demanded a hefty ransom in exchange for user files. “In my possession right now,” that hacker wrote, “are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh: For $10 million, I will gladly send along the password.”

The case is still being investigated, and the Virginia Department of Health Professions is urging anyone who could be affected to watch vigilantly for signs of identity theft for the next 12 to 24 months, eWeek has reported. The department refused to pay the ransom.

Despite the precedent, the scale of the T-Mobile attack has taken some analysts by surprise. Speaking today to Reuters, Rick Wesson, chief executive of network security firm Support Intelligence, called it unusual for a criminal to offer so much data for cash. "I don't think I've seen anybody try to extort to that level," Wesson said.

of stories this month > Get unlimited stories
You've read  of  free articles. Subscribe to continue.

Unlimited digital access $11/month.

Get unlimited Monitor journalism.