Source Says Hacker Posed as T-Mobile Employee to Get Access to Information
By Brian Krebs
washingtonpost.com Staff Writer
The caper had all the necessary ingredients to spark a media firestorm
-- a beautiful socialite-turned-reality TV star, embarrassing
photographs and messages, and the personal contact information of
several young music and Hollywood celebrities.
When hotel heiress Paris Hilton found out in February that her
high-tech wireless phone had been taken over by hackers, many assumed
that only a technical mastermind could have pulled off such a feat.
But as it turns out, a hacker involved in the privacy breach said, the
Hilton saga began on a decidedly low-tech note -- with a simple phone
Computer security flaws played a role in the attack, which exploited a
programming glitch in the Web site of Hilton's cell phone provider,
Bellevue, Wash.-based T-Mobile International. But one young hacker who
claimed to have been involved in the data theft said the crime only
succeeded after one member of a small group of hackers tricked a
T-Mobile employee into divulging information that only employees are
supposed to know.
The young hacker described the exploit during online text
conversations with a washingtonpost.com reporter and provided other
evidence supporting his account, including screen shots of what he
said were internal T-Mobile computer network pages.
Washingtonpost.com is not revealing the hacker's identity because he
is a juvenile crime suspect and because he communicated with the
reporter on the condition that he not be identified either directly or
through his online alias.