An individual claiming to be behind T-Mobile’s data breach, in which the data of nearly 50 million people was released, has come forward to reveal his identity and criticize T-Mobile’s security. according to a report by The Wall Street Journal. John Binns told the WSJ that he was behind the attack and provided evidence that he had access to associated accounts, and went into detail about how he managed it and why he did it.
According to Binns, he was able to get customer (and former customer) data from T-Mobile by scanning for unsecured routers. He found one, he told the log, giving him access to a data center in Washington state that stored credentials for more than 100 servers. He called the carrier’s security “terrible” and said he panicked when he realized how much data he had access to. According to the WSJIt’s unclear if Binns worked alone, though he suggested he collaborated with others for at least part of the hack.
The information that the hacker gained access to includes sensitive personal data, such as names, dates of birth and social security numbers, as well as important mobile data such as cell phone and SIM card identification numbers. T-Mobile has said in a statement that it has “trust” that it has “closed the access and exit points used by the bad actor in the attack”.
The WSJthe report takes a closer look at Binns’ history as a hacker. He claims he started making cheats for popular video games and discovered the flaw that ended up being used in a botnet that attacked IoT devices (although he denies working on the code).
According to Binns, his relationship with the US intelligence services is difficult to say the least. A lawsuit that appears to be filed by Binns in 2020 demands that the CIA, FBI, DOJ and other agencies tell him what information they have about him. The lawsuit accuses the government of an informant attempting to convince Binns to buy Stinger missiles from an FBI website, assaulting Binns with psychic and energy weapons, and even being involved in his alleged kidnapping and torture. An FBI response to his lawsuit denied that he was being investigated by the botnet agency, or had any information related to the alleged surveillance, kidnapping and torture.
Binns told the WSJ that one of his goals behind the attack was to “generate noise,” and said he hopes someone from the FBI will leak information regarding his alleged kidnapping. Binns’s situation is unlikely to improve now that he has put himself in the spotlight as the person who hacked into one of the major US airlines. However, if his reports of how he gained access to a vast trove of T-Mobile data are true, it paints a worrying picture of the carrier’s security practices.