Feeds

Eight accused in AT&T, T-Mobile $22m ID theft scam

Customer databases illegally accessed

Beginner's guide to SSL certificates

Federal prosecutors have accused eight individuals of fraudulently obtaining $22m worth of wireless devices and services from AT&T and T-Mobile in an elaborate four-year scheme that exploited weaknesses in the cellular providers' network.

Between 2005 and July this year, two of the defendants used their status as current or former authorized cell phone dealers to tap in to databases maintained by AT&T and T-Mobile, according to an indictment unsealed earlier this week in federal court in Brooklyn, New York. They then stole the names, addresses and personally identifying information of cellular customers.

The defendants assumed the identities of these customers and obtained cellular gear by calling the companies and ordering new devices or claiming their current devices were lost or defective. When the carriers had new devices delivered, the defendants paid drivers for Federal Express and DHS to divert the packages to the defendants but report them as being properly delivered.

The alleged scammers then sold the devices to others. The charges incurred on the stolen handsets were billed to AT&T and T-Mobile customers. When the customers complained, the carriers had to absorb the costs of the devices, insurance payments, shipping costs and wireless and calling charges.

Earlier this week, convicted hacker turned security consultant Kevin Mitnick said AT&T asked him to take his business elsewhere after he hired an attorney to complain about repeated breaches of the cellular account he's had for about nine years.

AT&T has called Mitnick's claims "unfounded," but schemes like the one detailed in the indictment support his contention that it's relatively easy for criminals to penetrate customer databases that are supposed to be confidential.

AT&T said in a statement: "As the investigation unfolded, AT&T put several additional security measures and practices in place to provide further protection of our customers' personal information. We continue to add security safeguards to protect customer data." The statement didn't say whether information in the customer databases included unencrypted passwords.

A T-Mobile spokeswoman said the incident appeared to be isolated to a limited number of customers. "That said, T-Mobile is continuously implementing new security measures to protect customer information." The company, which also declined to say whether passwords are encrypted in such databases, plans to offer free credit monitoring services to customers whose personal information was stolen.

The suspects named in the indictment were: Courtney Beckford, 49, Gabe Beizem, 34, Rawl Davis, 36, Lennox Lambert, 37, Marsha Montayne, 28, Saul Serrano, 37, Ron Shealey, 36, and Rohan Stewart, 34. All have pleaded not guilty, according to Robert Nardoza, a spokesman in the US Attorney's office in Brooklyn.

If convicted on conspiracy to commit mail fraud and wire fraud, the defendants each face a maximum of 20 years in prison. Beizem, Stewart and Montayne also face additional mandatory two-year consecutive sentences if convicted on aggravated identity theft. Prosecutors are also seeking the forfeiture of the $22m worth of goods. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches
CloudPassage points to 'pervasive' threat of Bash bug
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.