According to a SecurityFocus report, Nicholas Jacobsen, the alleged hacker, broke into T-Mobile's network on more than one occasion to grab Social Security numbers, account names and passwords, and even download digital photos taken by customers.
T-Mobile officials said someone began accessing its internal computer systems in late 2003. They immediately informed the Secret Service, which, determined during an investigation that the hacker had gained access to the names and Social Security numbers of 400 customers.
Credit card information, T-Mobile said, was not compromised, and the company notified customers in writing, though they didn't say at what point in the investigation they were notified.
"This same person is also believed to be involved in other attempts to gain unauthorized access to customer information," a statement by T-Mobile reads. "The Secret Service is investigating these allegations, and T-Mobile is cooperating to the fullest extent, including with regard to the allegations that customer photos have been subject to unauthorized access."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
According to the SecurityFocus report, Secret Service agent Peter Cavicchia was among the compromised customers. Jacobsen allegedly swiped Cavicchia's personal and work files, which Cavicchia stored on T-Mobile servers, and attempted to sell them to bidders.
While details are sketchy on the incident, Secret Service officials acknowledged a security lapse by one of its agents and that the account was compromised, but the information gleaned by the hacker didn't come from the T-Mobile's servers, they came directly from the agent's PDA.
"That account had very limited investigative material on it, which should not have been kept on a personal PDA -- that's against Secret Service policy," said Jonathan Cherry, a Secret Service spokesman. "No investigative operations were compromised in regards to this intrusion."
The incident, he said, shouldn't detract from the results of the agency's successful Operation Firewall, which Jacobsen was involved in. In October 2004, the Secret Service announced they had charged 28 alleged identity thieves who were selling personal information over public online bulletin boards. According to the SecurityFocus report, Jacobsen was not charged with the others in the sting.
"With no question, in this age of cyber crime, traditional investigations and investigative methods have to be supplemented by high-tech expertise," he added. "This being part of our Firewall investigation -- which was an immensely successful operation -- it continues to provide valuable information regarding cyber crime to the Secret Service and law enforcement."
He wouldn't say what, if any, punishment the agent received, or what the current status was regarding its continuing investigation with T-Mobile.