![]() |
![]() |
![]() |
||||
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
![]() ![]() |
|
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
Thread Tools |
![]() |
#1 |
Confirmed User
Join Date: Feb 2005
Location: Surrounded By RealMamis!
Posts: 276
|
![]() Secret Service hacker, how did he do it?
Nick Jacobsen pleaded guilty today to hacking into T-Mobile, specifically for violating 18 U.S.C. § 1030(a)(2)(C), accessing a computer without authorization. It looks like Nick was part of the carding community that has been recently attracting a lot of attention from the US Secret Service (little known, but the Secret Service have jurisdiction over counterfeiting crimes). Carders have gotten bold in the last couple of years, opening online exchanges (muzzfuzz.com, shadowcrew.org) for trading stolen credit cards, selling data used for identity theft, etc. When I first heard of this incident a few months ago, I was very interested on how he actually did it. There was very little information on how the attack was performed, and I decided to a little bit of research to see what I could find. A summarization of affidavit, is that Nick was already under investigation by the Secret Service, hacked into T-Mobile, where was able to access accounts including those of agents in the Secret Service that were investigating him for other activities. He found that they had been monitoring his conversations over ICQ, (Nick's ICQ # was 23292256). Nick also discovered a number of Secret Service documents that an Agent, Peter Cavicchia, had left in his inbox unencrypted. Nick posted on muzzfuzz that he was selling T-Mobile account information, offering: reverse lookup of information for a tmobile cell phone, by phone number at the very least, you get name, ssn, and DOB at the upper end of the information returned, you get web username/password, voicemail password, secret question/answer, sim#, IMEI#, and more. Also of interest, he went on to access Paris Hilton's account and capture some of the pictures she had been taking with her camera. Now, here is where it gets interesting. How did Nick get into T-Mobile? Did he use an IIS exploit? Did he hack the web interface for T-Mobile accounts? The affidavit from Nick's case states that he was observed logging into a specific server, http://login.sidekick.dngr.com, with Agent Peter Cavicchi's account information. While this site itself is hosted by Danger, Inc., the makers of the Sidekick device used by Agent Cavicchi, it appears that the same username/passwords that are used on the primary T-Mobile login page, https://my.t-mobile.com/Login, can also be used to log into this page. We also get some very valuable information from the affidavit, that will help us narrow down how Nick hacked these accounts (the CI is a Confidential Information, who was working with the Secret Service to bring Nick in, ethics is the semi-ironic pseudonym Nick chose for himself): On or about October 19, 2004, Ethics sent a private message to the CI which contained a link that provides unauthorized access to the T-Mobile database. This link allows a user to input a phone number ultimately allowing access to the user?s personal information. This information leads me to believe it was likely a web application attack, not a "traditional" buffer overflow attack against a server storing account information. Although it is possible to peform a buffer overflow against a program by passing input through a web app, we can also read Nick's resume on SecurityFocus, and see that he doesn't seem to have enough experience in that area. Unless he picked up a copy of The Shellcoder's Handbook last year. ;) To further corraborate that Nick used a web application hack, most likely SQL Injection (a little research shows that the T-Mobile site uses IIS/ASP/SQL Server, which happens to be the easiest and most well documented platform for SQL Injection attacks), we can check out the website and try to put some invalid input into the T-Mobile login page. I was very surprised with the results, we can still put all sorts of crazy input into the login page! It is still vulnerable, even after one of the largest, most well known, and high profile hacks in the last couple of years! Let's try some (notice the error text on the resulting T-Mobile webpage): |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#3 |
Omaha Hi/Lo
Join Date: Nov 2003
Posts: 17,380
|
that's old news
__________________
Trump haters gonna hate. that's all they can do |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#4 |
Confirmed User
Join Date: Jun 2002
Location: austin, tx
Posts: 1,911
|
NOT exclusive, known about for weeks.
__________________
http://www.flickr.com/photos/zoddler/ |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#5 |
Too lazy to set a custom title
Join Date: Feb 2003
Posts: 12,240
|
Exclusive?
__________________
I post on GFY so that when people ask me what I do, I can tell them that I work with the mentally retarded. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#6 |
been very busy
Join Date: Nov 2002
Location: the queen city
Posts: 26,983
|
stc is the greatest
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#7 | |
Confirmed User
Join Date: Sep 2003
Location: Los Begas
Posts: 9,162
|
Quote:
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#9 |
First African GFY Member
Join Date: Mar 2004
Location: New Jersey
Posts: 12,114
|
Guy got some skills though.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#10 | |
The Profiler
Industry Role:
Join Date: Oct 2002
Location: ICQ 76281726 and I'm female
Posts: 14,618
|
Quote:
Originally Posted by brand0n STD is the greatest Quote:
![]() ![]() ![]() |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#11 |
Registered User
Join Date: Feb 2005
Posts: 7
|
loves it
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#12 |
Too lazy to set a custom title
Industry Role:
Join Date: May 2003
Location: icq: 71462500 Skype: Jupzchris
Posts: 27,880
|
that is the OLD one from along time ago
not what just happend
__________________
[email protected] |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#13 |
Team Player
Join Date: May 2004
Location: Inside the most accurately counting and reporting affiliate system in the world at XPays.com
Posts: 13,002
|
tmobile et al need to get better security
Signup To Promote HotelHeiress.com Right Now Exclusively at http://XPays.com UNLIMITED EARNING POTENTIAL
__________________
InterNext Expo Domain Auction Live Now thru Feb 5 HuntingMoon GFY Domains Marketplace is LIVE ![]() XPays always pays! Top Site: * RealJasmine.com * + HotelHeiress® with The Paris Hilton Sex Video Insert the HotelHeiress® HD FEED into your members areas XPin.com Opening for Pin Partners Soonish Mainstream Offers For Emailers and DomainersNONADULT.COM ![]() ![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#14 | |
Confirmed User
Join Date: Nov 2004
Location: ontario
Posts: 2,006
|
Quote:
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#16 |
Too lazy to set a custom title
Join Date: Oct 2002
Location: Global Traveler
Posts: 51,271
|
That's one cool hacker.
![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#17 |
Confirmed User
Join Date: Feb 2002
Location: ICQ: 251425 Fr/Au/Ca
Posts: 6,863
|
old news, it was on slashdot 4 days ago now ;)
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#18 |
stc is the greatest
Join Date: Dec 2002
Location: rip sean murray
Posts: 12,403
|
shut the fuck up
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#19 |
Too lazy to set a custom title
Join Date: Mar 2004
Posts: 10,579
|
welcome to 2 weeks ago
__________________
![]()
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#20 |
I am a meat popsicle.
Join Date: Jul 2002
Posts: 25,100
|
He'll have a job w/ the CIA/FBI I'm sure.
__________________
HIGHEST PAYOUTS FOR NO-CONSOLE TOURS IN THE ENTIRE INDUSTRY! THIS SIG CAN BE YOURS FOR $200 - ICQ: 78881543 |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#21 |
Confirmed User
Join Date: Jan 2004
Location: Vienna, Austria
Posts: 648
|
pretty old
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#22 |
Confirmed User
Join Date: Jun 2002
Location: Gold Coast, Australia
Posts: 573
|
rofl @ exclusive
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#23 |
Confirmed User
Join Date: Jul 2003
Location: Los Angeles
Posts: 1,141
|
that's fucking awesome!!
__________________
Yellow Menace icq# 322981173 |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#24 |
Confirmed User
Join Date: Jan 2005
Posts: 422
|
Tmobile are gonna go to town on this guy after the Feds are done with him
__________________
SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, you may use a 624x80 instead of a 120x60. Let me repeat... A 120 x 60 button and no more that 3 lines of DEFAULT SIZE AND COLOR text. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#25 |
Registered User
Industry Role:
Join Date: Feb 2005
Posts: 17,227
|
I hear ti about 2 weeks ago, old :/
__________________
FreeOnes ![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |