Feeds

Eight accused in AT&T, T-Mobile $22m ID theft scam

Customer databases illegally accessed

Secure remote control for conventional and virtual desktops

Federal prosecutors have accused eight individuals of fraudulently obtaining $22m worth of wireless devices and services from AT&T and T-Mobile in an elaborate four-year scheme that exploited weaknesses in the cellular providers' network.

Between 2005 and July this year, two of the defendants used their status as current or former authorized cell phone dealers to tap in to databases maintained by AT&T and T-Mobile, according to an indictment unsealed earlier this week in federal court in Brooklyn, New York. They then stole the names, addresses and personally identifying information of cellular customers.

The defendants assumed the identities of these customers and obtained cellular gear by calling the companies and ordering new devices or claiming their current devices were lost or defective. When the carriers had new devices delivered, the defendants paid drivers for Federal Express and DHS to divert the packages to the defendants but report them as being properly delivered.

The alleged scammers then sold the devices to others. The charges incurred on the stolen handsets were billed to AT&T and T-Mobile customers. When the customers complained, the carriers had to absorb the costs of the devices, insurance payments, shipping costs and wireless and calling charges.

Earlier this week, convicted hacker turned security consultant Kevin Mitnick said AT&T asked him to take his business elsewhere after he hired an attorney to complain about repeated breaches of the cellular account he's had for about nine years.

AT&T has called Mitnick's claims "unfounded," but schemes like the one detailed in the indictment support his contention that it's relatively easy for criminals to penetrate customer databases that are supposed to be confidential.

AT&T said in a statement: "As the investigation unfolded, AT&T put several additional security measures and practices in place to provide further protection of our customers' personal information. We continue to add security safeguards to protect customer data." The statement didn't say whether information in the customer databases included unencrypted passwords.

A T-Mobile spokeswoman said the incident appeared to be isolated to a limited number of customers. "That said, T-Mobile is continuously implementing new security measures to protect customer information." The company, which also declined to say whether passwords are encrypted in such databases, plans to offer free credit monitoring services to customers whose personal information was stolen.

The suspects named in the indictment were: Courtney Beckford, 49, Gabe Beizem, 34, Rawl Davis, 36, Lennox Lambert, 37, Marsha Montayne, 28, Saul Serrano, 37, Ron Shealey, 36, and Rohan Stewart, 34. All have pleaded not guilty, according to Robert Nardoza, a spokesman in the US Attorney's office in Brooklyn.

If convicted on conspiracy to commit mail fraud and wire fraud, the defendants each face a maximum of 20 years in prison. Beizem, Stewart and Montayne also face additional mandatory two-year consecutive sentences if convicted on aggravated identity theft. Prosecutors are also seeking the forfeiture of the $22m worth of goods. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.