Feeds

T-Mobile hacker pleads guilty

Unusual secrecy

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

A sophisticated computer hacker who penetrated servers at wireless giant T-Mobile pleaded guilty Tuesday to a single felony charge of intentionally accessing a protected computer and recklessly causing damage.

Nicolas Jacobsen, 22, entered the guilty plea as part of a sealed plea agreement with the government, says prosecutor Wesley Hsu, who declined to provide details. The prosecution, first reported by SecurityFocus last month, has been handled with unusual secrecy from the start, and a source close to the case said in January that the government was courting Jacobsen as a potential undercover informant.

Before his arrest last October, Jacobsen used his access to a T-Mobile database to obtain customer passwords and Social Security numbers, and to monitor a US Secret Service cyber crime agent's email, according to government court filings in the case. Sources say the hacker was also able to download candid photos taken by Sidekick users, including Hollywood celebrities, which were shared within the hacking community.

According to a Secret Service affidavit filed in the case, Jacobsen came to the agency's attention in March of last year when he offered to provide T-Mobile customers' personal information to identity thieves through an Internet bulletin board. Jacobsen had access to some customers' Social Security numbers and dates of birth, voicemail PINs, and the passwords providing users with web access to their T-Mobile email accounts. He did not have access to credit card numbers. The company, based in Bellevue, Washington, boasts 16.3 million U.S. customers.

T-Mobile says it has notified 400 customers whose data was accessed, but the company leaves open the possibility that it may identify and warn more victims as the case progresses. "I can confirm that based on the information that we have to date, we have notified all the customers that we are aware of," said spokesman Peter Dobrow said Wednesday. "It's still under investigation."

Court records suggest the hacker was in T-Mobile's systems for at least a year, ending with his arrest in October 2004. But the company claimed Wednesday that Jacobsen's access was not continuous throughout that period: at some point they detected him and locked him out, but the hacker was apparently able to break back in. "There were two instances that we were able to identify as having Jacobson's fingerprints on them," said Dobrow. "There were two periods of time, beginning in October 2003."

Jacobsen was arrested after a Secret Service informant helped investigators link him to sensitive agency documents that were circulating in underground IRC chat rooms. The files were traced to Peter Cavicchia, a Secret Service cyber crime agent in New York who received documents and logged in to a Secret Service computer over his T-Mobile Sidekick - an all-in-one cellphone, camera, digital organizer and email terminal. The Sidekick uses T-Mobile servers for email and file storage.

A source close to the case said last month that Jacobsen also amused himself and others by obtaining the passwords of Sidekick-toting celebrities from the hacked database, then entering their accounts and downloading photos they'd taken with the wireless communicator's built-in camera.

A friend of Jacobsen's in the hacker community, William Genovese, confirmed that account, and said Jacobsen gave him copies of digital photos that celebrities had snapped with their cell phone cameras. Last month Genovese provided SecurityFocus with an address on his website featuring what appears to be grainy candid shots of Demi Moore, Ashton Kutcher, Nicole Richie, and Paris Hilton. He said Wednesday that he's since removed the photos at Jacobsen's request.

T-Mobile declined to discuss specific victims. Reached by phone, Hilton's manager said the company has not notified Hilton of a breach.

Now free on bail and living in Oregon, Jacobsen faces a maximum possible sentence of five years imprisonment. Sentencing is set for 16 May.

Copyright © 2005, SecurityFocus logo

Related stories

Hacker breaches T-Mobile systems, reads US Secret Service email
Fraudsters expose 100,000 across US
Hackers at mercy of US judges
Michigan Wi-Fi hacker jailed for nine years
'Deceptive Duo' hacker charged

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.