201

Crooks Steal Phone, SMS Records for Nearly All AT&T Customers. (krebsonsecurity.com)

submitted 1 month ago by ModerateImprovement@sh.itjust.works to c/technology@lemmy.world

31 comments fedilink hide all child comments

top 31 comments

sorted by: hot top controversial new old

[-] AnarchoNoAdjective@lemmy.ml 55 points 1 month ago

"Noting that some of the records included data that could be used to determine where a call was made or text message sent"

Data breaches in surveillance capitalism. Very cool, very normal.

[-] SaltySalamander@fedia.io 13 points 1 month ago

As long as computers are networked, there will always be data breaches. Doesn't matter what form of gov't or economy you live under.

[-] mipadaitu@lemmy.world 34 points 1 month ago

Unless the data isn't actually stored. You can't have a data breach if the data doesn't exist.

[-] Entropywins@lemmy.world 6 points 1 month ago

You can absolutely capture data in transmission

[-] JJROKCZ@lemmy.world 6 points 1 month ago

Yes but that’s far less impactful of a breach than “we’ve actively surveilled and recorded all movements and actions of our customers for decade, stored it all haphazardly, and now someone else got it without paying for it like we normally arrange”

[-] aStonedSanta@lemm.ee 3 points 1 month ago

Yes but if the connection is encrypted E2E you can’t reliably afaik

[-] Pantsofmagic@lemmy.world 26 points 1 month ago

After seeing how at&t manages their systems, their app, their stores, and talking to tech support... This doesn't surprise me at all. This all from the viewpoint of a layperson who has used them for service for 15 years or so. Unfortunately I also have a Verizon account and they seem to also be utterly incompetent. I think it's rampant in the telecom industry to just have absolute shit for a back-end. A race to the fucking bottom. Fuck these execs that enable this shit, send them all to jail.

[-] undefined@links.hackliberty.org 9 points 1 month ago* (last edited 1 month ago)

They required me to completely pay off a device to change its number. They’re clearly using the phone number as the database record ID which is atrocious.

[-] chemical_cutthroat@lemmy.world 8 points 1 month ago

I did tech support for Sprint and the training was laughable. In the end, the goal was to get the customer to hang up, or pass the call to another equally untrained department. At the end of the day, all they cared about is whether or not you upsold the family plan and talked the customer into adding a new line, which is why I eventually was fired.

[-] altima_neo@lemmy.zip 20 points 1 month ago

Crooks?

[-] goldteeth@lemmy.dbzer0.com 37 points 1 month ago* (last edited 1 month ago)

"Security footage shows several ne'er-do-wells in domino masks fleeing the scene with a number of burlap sacks, clearly-marked with bright green dollar signs, no doubt containing the compromised data. AT&T security suggests the culprits must have 'jimmied open' their servers with a crowbar, or perhaps a bundle of dynamite detonated via plunger from a safe distance. One suspect is currently in police custody after attempting to escape through a tunnel painted on the side of a brick wall. More on this story as it develops."

[-] altima_neo@lemmy.zip 7 points 1 month ago

But were they wearing black and white striped shirts?

[-] TropicalDingdong@lemmy.world 13 points 1 month ago* (last edited 1 month ago)

Video footage after they got the goods:

[-] Zachariah@lemmy.world 2 points 1 month ago

Nannies.

[-] unphazed@lemmy.world 4 points 1 month ago

My tinfoil hat theory: this is going to people who wish to target various groups.

[-] boatsnhos931@lemmy.world -1 points 1 month ago

Wat is thes crooks

[-] Badeendje@lemmy.world -5 points 1 month ago

Would be interesting if made public. A treasure trove for people to dive into.

[+] sunzu@kbin.run -32 points 1 month ago

Fake news shilling for brain dead execs with dicks in their hands.. pathetic.

[-] SaltySalamander@fedia.io 18 points 1 month ago

You, sir, have a case of the brainworms. Might want to have that checked out.

[+] sunzu@kbin.run -13 points 1 month ago

"crooks"

[-] Lost_My_Mind@lemmy.world 12 points 1 month ago

Holy shit, it's you! I check the modlog often out of boredom (thats right, mods. I'm keeping you honest!), and you get SO many comments removed, and banned so often!

I can't honestly tell if you're a full time troll, or a full time dumbass. Either way, your dedication to your craft is as impressive as it is horrifying.

Kind of like thinking about how much detail and care went into the planning of 9/11. Thinking about the individual details will have you in awe of the sheer obsession to planning it takes......until you step back and are horrified by the results.

[-] sunzu@kbin.run -2 points 1 month ago

Politics and news subs don't like people bringing up alternative points of view or inconvinient facts.

I can't honestly tell if you're a full time troll, or a full time dumbass. Either way, your dedication to your craft is as impressive as it is horrifying.

If this is what I get at my "worst" consider checking out my work outside of the gulag ;)

[-] Chozo@fedia.io 4 points 1 month ago

It's an odd word choice, but is it wrong?

[-] sunzu@kbin.run -5 points 1 month ago

I would posit it: 1) gross negligence on part of the "leadership" or/and 2) inside job by the staff

Article implies a third party did the job tho

[-] Chozo@fedia.io 7 points 1 month ago

So your issue with the title of the article is... that it doesn't conform to the head-canon you made up on your own?

[-] BassTurd@lemmy.world 3 points 1 month ago

Historically, how many of these days breaches have been linked to an inside person? The answer is almost none. Your first point is correct that someone (s) was likely was negligent, but your second point is tin foil bullshit. Maybe if there was any indication of foul play, the accusation has merit, but there's been none. Like almost all other breaches, it was likely a third party.

[-] sunzu@kbin.run -1 points 1 month ago* (last edited 1 month ago)

It would be nearly impossible to prove without inside knowledge...

However the fact that these breaches happen so often, would make one wonder how everybody is this "negligent" all the time.

There is a large economic incentive here BTW

But hey at least we can train AI with this data. Thank you for your service peasants.

Execs dindu nuffin mate just getting paid big bucks for "negligece"

[-] BassTurd@lemmy.world 4 points 1 month ago

Cyber security is a very complicated field. There are an infinite number of ways that someone could have breached security. It could have been and statistically was a social engineering attack.

There are software vulnerabilities all of the time that can be exploited for access. Recently SSH was discovered to be vulnerable across all Linux machines running at least a certain version of SSH. It didn't require the victim to do anything but be online.

Microsoft had a zero day that required no interaction that could give kernel level access to a users computer with them knowing.

Neither of those are likely the culprit, but ATT is a large company that has valuable data that hackers wouldn't mind putting extra effort into getting. At my current company that works with healthcare information, the number of attempts on us this year, that we are aware of, has more than tripled from all of last year.

Point being, some was probably negligent in that they clicked a bad link in an email, gave away something sensitive of a phishing call, or some other social engineering attack, because humans are often the weakest point in cyber security.

[-] aStonedSanta@lemm.ee 1 points 1 month ago

Hahahahahahahahhahuahahahha. Get a job for an ISP. Then try to get in contact with ATT about your companies carrier lines with them. ATT is a fucking joke. Your commentary is so hilariously out of touch. Half the employees with access to these databases work in India.

[-] sunzu@kbin.run -2 points 1 month ago

ATT leaks everybody's info but I am out of touch... Sure buddy

this post was submitted on 12 Jul 2024

201 points (99.5% liked)

Technology

57226 readers

3808 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS