T-Mobile’s Security Nightmare: How John Binns Hacked 40 Million Accounts

John Binns, a U.S. citizen residing in Turkey, is accused of orchestrating a hacking attack on T-Mobile, resulting in the theft of data belonging to 40 million individuals. The incident came to light in 2021. Previously, Binns had confessed to the breach, criticizing T-Mobile’s security measures as “appalling.” In his latest interview, he expressed confidence that he would not be extradited from Turkey.

T-Mobile, a major telecommunications operator in the U.S. and Europe, has been implicated in legal documents that suggest Binns, along with accomplices, successfully infiltrated the company’s secure computer networks using aliases such as Irdev, IntelSecrets, V0rtex, and SubVirt. This breach ranks as one of the most significant in the history of the American telecommunications industry, prompting a series of class-action lawsuits and obliging T-Mobile to compensate customers with a $350 million settlement. Since 2018, the company has reported nine security incidents.

T-Mobile hacking attack

Binns began his operations in December 2020, scanning T-Mobile’s IP addresses for vulnerabilities. Once inside the network, he employed various techniques to gain access to other parts of the system. In July 2021, he installed malware for file transfer and further network navigation.

Binns accessed the data of T-Mobile’s current, former, and prospective customers and put the files up for sale. The documents also mention other participants in the scheme, though without formal charges: a user named und0xxed, who assisted in finding buyers; an unnamed accomplice from Germany, who provided servers; and Omnipotent, a facilitator responsible for conducting transactions, believed to be Diogo Santos Coelho, an administrator of the hacker forum RaidForums, arrested in the United Kingdom.

Binns claims that the T-Mobile data was sold, but he retained a copy of the files, attempting to profit further from them. The scheme involved a foreign cryptocurrency exchange, and the criminal promised one of the accomplices cryptocurrency in exchange for credit cards issued in other people’s names.

Officially, Binns faces charges of hacking, money laundering, stealing confidential information, and fraud. Neither T-Mobile nor the prosecutor’s office of the Western District of Washington have commented on the situation.

Via: 404media