Friday, May 27, 2005

Lexis "Hacked" by Clever Teens?

It is an iron law among security and privacy experts that the weakest security links are human beings.

According to news reports, clever teens may have exploited that weakness to gets thousands of personal records from Lexis and get Paris Hilton's phone number from T-Mobile.

Clearly, the mention of Paris Hilton is amusing, but there is very little to laugh about how easy it was for youngsters to get what is allegedly secure information.

According the Washington Post,

"the Hilton caper started the afternoon of Feb. 19, when a group member rang a T-Mobile sales store in a Southern California coastal town posing as a supervisor from T-Mobile inquiring about reports of slowness on the company's internal networks.

The conversation -- which represents the recollection of the hacker interviewed by washingtonpost.com -- began with the 16-year-old caller saying:

"This is [an invented name] from T-Mobile headquarters in Washington. We heard you've been having problems with your customer account tools?"

The sales representative answered:

"No, we haven't had any problems really, just a couple slowdowns. That's about it."

Prepared for this response, the hacker pressed on:

"Yes, that's what is described here in the report. We're going to have to look into this for a quick second."

The sales rep acquiesced: "All right, what do you need?"

When prompted, the employee then offered the Internet address of the Web site used to manage T-Mobile's customer accounts -- a password-protected site not normally accessible to the general public -- as well as a user name and password that employees at the store used to log on to the system."

0 Comments:

Post a Comment

<< Home