Feeds

Eight accused in AT&T, T-Mobile $22m ID theft scam

Customer databases illegally accessed

5 things you didn’t know about cloud backup

Federal prosecutors have accused eight individuals of fraudulently obtaining $22m worth of wireless devices and services from AT&T and T-Mobile in an elaborate four-year scheme that exploited weaknesses in the cellular providers' network.

Between 2005 and July this year, two of the defendants used their status as current or former authorized cell phone dealers to tap in to databases maintained by AT&T and T-Mobile, according to an indictment unsealed earlier this week in federal court in Brooklyn, New York. They then stole the names, addresses and personally identifying information of cellular customers.

The defendants assumed the identities of these customers and obtained cellular gear by calling the companies and ordering new devices or claiming their current devices were lost or defective. When the carriers had new devices delivered, the defendants paid drivers for Federal Express and DHS to divert the packages to the defendants but report them as being properly delivered.

The alleged scammers then sold the devices to others. The charges incurred on the stolen handsets were billed to AT&T and T-Mobile customers. When the customers complained, the carriers had to absorb the costs of the devices, insurance payments, shipping costs and wireless and calling charges.

Earlier this week, convicted hacker turned security consultant Kevin Mitnick said AT&T asked him to take his business elsewhere after he hired an attorney to complain about repeated breaches of the cellular account he's had for about nine years.

AT&T has called Mitnick's claims "unfounded," but schemes like the one detailed in the indictment support his contention that it's relatively easy for criminals to penetrate customer databases that are supposed to be confidential.

AT&T said in a statement: "As the investigation unfolded, AT&T put several additional security measures and practices in place to provide further protection of our customers' personal information. We continue to add security safeguards to protect customer data." The statement didn't say whether information in the customer databases included unencrypted passwords.

A T-Mobile spokeswoman said the incident appeared to be isolated to a limited number of customers. "That said, T-Mobile is continuously implementing new security measures to protect customer information." The company, which also declined to say whether passwords are encrypted in such databases, plans to offer free credit monitoring services to customers whose personal information was stolen.

The suspects named in the indictment were: Courtney Beckford, 49, Gabe Beizem, 34, Rawl Davis, 36, Lennox Lambert, 37, Marsha Montayne, 28, Saul Serrano, 37, Ron Shealey, 36, and Rohan Stewart, 34. All have pleaded not guilty, according to Robert Nardoza, a spokesman in the US Attorney's office in Brooklyn.

If convicted on conspiracy to commit mail fraud and wire fraud, the defendants each face a maximum of 20 years in prison. Beizem, Stewart and Montayne also face additional mandatory two-year consecutive sentences if convicted on aggravated identity theft. Prosecutors are also seeking the forfeiture of the $22m worth of goods. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.