Last week, T-Mobile confirmed that a hacker stole data on more than 50 million customers. T-Mobile also confirmed the claim that the personal data includes both social security numbers and driver’s license details for “a subset of people” along with account PINs for some.
Now, the 21-year-old responsible for the hack has spoken to the Wall Street Journal for an on-the-record interview.
The way in which John Binns was able to gain access to T-Mobile’s systems centered on finding weak spots in T-Mobile’s known internet addresses. His goal, he said to the Journal, was to generate publicity.
In messages with the Journal, Mr. Binns said he managed to pierce T-Mobile’s defenses after discovering in July an unprotected router exposed on the internet. He said he had been scanning T-Mobile’s known internet addresses for weak spots using a simple tool available to the public.
The young hacker said he did it to gain attention. “Generating noise was one goal,” he wrote. He declined to say whether he had sold any of the stolen data or whether he was paid to breach T-Mobile.
Once Binns gained access to T-Mobile’s data center, he quickly realized he had “access to something big.” With entry to a T-Mobile data center in Washington, Binns was able to access over 100 servers. “Their security is awful,” Binns said in the interview.
He said it took about a week to burrow into the servers that contained personal data about the carrier’s tens of millions of former and current customers, adding that the hack lifted troves of data around Aug. 4.
Binns grew up in the United States and moved to Turkey three years ago. The report explains:
He contacted a U.S. relative last year, claiming by telephone that he was a computer expert who had been kidnapped and taken to a hospital against his will, this person said. “He gushed about how he could do anything with a computer,” this person said.
In Telegram messages with the Journal, Mr. Binns repeated similar claims. He said he wanted to draw attention to his perceived persecution by U.S. government authorities. He described an alleged incident in which he claims he was abducted in Germany and put into a fake mental hospital.
“I have no reason to make up a fake kidnapping story and I’m hoping that someone within the FBI leaks information about that,” he wrote, explaining his reason for publicly discussing the hack.
The full report from the Wall Street Journal is well worth a read and can be found here on Apple News.
FTC: We use income earning auto affiliate links. More.