It appears that justice may be coming to some of the hackers involved in the theft of data from T-Mobile last year, according to newly released government documents.

The documents also help shine a light on T-Mobile's unsuccessful efforts to halt the spread of the personal information of millions of its current and prospective customers.

Finally, the developments also arrive during a dramatic upswing in mobile spam, a situation that isn't necessarily tied to the hack of T-Mobile or other companies but is nonetheless an indication of the increasingly tumultuous security landscape for regular mobile customers as well as big telecommunications corporations.

Diogo Santos Coelho and RaidForums

First up is a new indictment released this month by the US Department of Justice (DoJ) against Diogo Santos Coelho. The agency alleges that Coelho, 21, was the administrator of a popular hacking site called RaidForums. According to the DoJ, Coelho was arrested in the UK in January and remains in custody there as the US works to extradite him.

According to the DoJ's indictment, in August of 2021, Coelho allegedly posted on RaidForums that he was "SELLING 30M SSN + DL + DOB database."

"A subsequent post confirmed that the hacked data belonged to a major telecommunications company and wireless network operator that provides services in the United States," according to the indictment.

Both MotherBoard and Krebs on Security claim that the unnamed telecom company is T-Mobile, which admitted to a massive hack in August of 2021. T-Mobile did not respond to a request for comment from MotherBoard on the topic.

(It's also worth noting that a Wall Street Journal report from last year indicated that John Binns, a 21-year-old American who moved to Turkey a few years ago, was the architect of the hack. At the time, Binns declined to tell the WSJ whether he had sold any of the stolen data or whether he was paid to breach T-Mobile.)

Nonetheless, the new DoJ indictment alleges that Coelho, through RaidForums, was trying to sell the data for 6 Bitcoin, worth around $270,000 at the time.

According to the DoJ's indictment, the unnamed telecommunications company hired an unidentified third party to purchase that data in order to delete it. (T-Mobile last year said that it hired security firm Mandiant in the aftermath of the hack. According to MotherBoard, Mandiant did not immediately respond to a request for comment on whether it was the third party discussed in the indictment. Google struck a deal to acquire Mandiant in March 2022.)

After buying a sample of the data for $50,000 in Bitcoin from Coelho and RaidForums, the DoJ said that a third party purchased the entire database for around $150,000.

However, "it appears the co-conspirators continued to attempt to sell the databases after the third-party's purchase," according to the indictment.

Thus, it appears that T-Mobile attempted to halt the spread of its customers' personal data by bowing to hackers' demands, but was unsuccessful.

Ongoing text spam

The indictment is timely considering that the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) earlier this month warned of an ongoing phishing campaign targeting T-Mobile customers. The campaign involves unblockable text messages thanking customers for paying their T-Mobile bill and asking them to open a malicious link for an unspecified gift.

According to the NJCCIC, this new campaign is likely targeting T-Mobile customers because of past data breaches that affected the carrier. However, T-Mobile told BleepingComputer that there is no link between its previous data breaches and the new text messages. Indeed, similar recent attacks have targeted Verizon and AT&T customers.

Figure 1: A recent spam text message.
(Source: Light Reading)

Text message spam is on the rise, according to a recent Axios article. Citing data from spam blocking company RoboKiller, the publication reported that the average American received roughly 42 spam texts just in the month of March.

The publication also notes that every form of spam is on the rise. For example, according to the call blocking company YouMail, there were more spam calls last month than in any of the previous six months.

According to the FTC, Americans reported losing $131 million to fraud schemes initiated by text in 2021, up over 50% from the year before.

Finally, a lengthy article in The New York Times advises that mobile customers never click on links in text messages and instead visit company websites directly.

Related posts:

— Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano