Feeds

Eight accused in AT&T, T-Mobile $22m ID theft scam

Customer databases illegally accessed

Protecting against web application threats using SSL

Federal prosecutors have accused eight individuals of fraudulently obtaining $22m worth of wireless devices and services from AT&T and T-Mobile in an elaborate four-year scheme that exploited weaknesses in the cellular providers' network.

Between 2005 and July this year, two of the defendants used their status as current or former authorized cell phone dealers to tap in to databases maintained by AT&T and T-Mobile, according to an indictment unsealed earlier this week in federal court in Brooklyn, New York. They then stole the names, addresses and personally identifying information of cellular customers.

The defendants assumed the identities of these customers and obtained cellular gear by calling the companies and ordering new devices or claiming their current devices were lost or defective. When the carriers had new devices delivered, the defendants paid drivers for Federal Express and DHS to divert the packages to the defendants but report them as being properly delivered.

The alleged scammers then sold the devices to others. The charges incurred on the stolen handsets were billed to AT&T and T-Mobile customers. When the customers complained, the carriers had to absorb the costs of the devices, insurance payments, shipping costs and wireless and calling charges.

Earlier this week, convicted hacker turned security consultant Kevin Mitnick said AT&T asked him to take his business elsewhere after he hired an attorney to complain about repeated breaches of the cellular account he's had for about nine years.

AT&T has called Mitnick's claims "unfounded," but schemes like the one detailed in the indictment support his contention that it's relatively easy for criminals to penetrate customer databases that are supposed to be confidential.

AT&T said in a statement: "As the investigation unfolded, AT&T put several additional security measures and practices in place to provide further protection of our customers' personal information. We continue to add security safeguards to protect customer data." The statement didn't say whether information in the customer databases included unencrypted passwords.

A T-Mobile spokeswoman said the incident appeared to be isolated to a limited number of customers. "That said, T-Mobile is continuously implementing new security measures to protect customer information." The company, which also declined to say whether passwords are encrypted in such databases, plans to offer free credit monitoring services to customers whose personal information was stolen.

The suspects named in the indictment were: Courtney Beckford, 49, Gabe Beizem, 34, Rawl Davis, 36, Lennox Lambert, 37, Marsha Montayne, 28, Saul Serrano, 37, Ron Shealey, 36, and Rohan Stewart, 34. All have pleaded not guilty, according to Robert Nardoza, a spokesman in the US Attorney's office in Brooklyn.

If convicted on conspiracy to commit mail fraud and wire fraud, the defendants each face a maximum of 20 years in prison. Beizem, Stewart and Montayne also face additional mandatory two-year consecutive sentences if convicted on aggravated identity theft. Prosecutors are also seeking the forfeiture of the $22m worth of goods. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.