CIA Directors Account Hacked By 15 Year Old Boy

in #hacked8 years ago


A 15 year old British teen uncovered a security flaw from T-Mobiles website which allowed him to hack into customers accounts.

Kane Gamble, now 18 years old, hijacked the accounts of multiple senior US government officials. He not only found this loophole but he also reported the bug through the mobile carriers bug bounty program via HackerOne on December 19, 2017. The first one to report this news was Motherboard.

This flaw that was marked ‘critical’ was very dangerous and it could have given access to many potential hackers and allowed them to hijack accounts of any customer they wanted via T-Mobiles website. However, T-Mobile did proclaim that currently there is no evidence that proves that their customers data was compromised by this malicious attack.

T-Mobile claimed in an email statement to Motherboard that, “The bug was confidently reported via their Bug Bounty program in December and was fixed in a matter of hours.” It is still not clear how long this breach of privacy was live and officials have still not figured out how threat actors took advantage of the bug before it was fixed.

Kane Gamble later claimed that anyone who was logging in to their T-Mobile accounts could have had themselves hacked and any hacker could monitor it for a long time before being caught. Scott Helme, a security researcher reviewing the teens bug report said that the susceptibility was “logging into your account and then moving away from the keyboard letting the hacker do his work”.

Gamble was given $5000 (£3,569) for reporting this defect. In 2015 and 2016, Kane Gamble made an attempt to hack the computers of senior US government officials which included then CIA Director John Brenner and a former FBI Deputy Director as well. All he used were social engineering techniques and he was able to hijack these senior officers. Some of his other targets were Barack Obamas national security advisor and former US secretary of homeland security.

However, Gamble pleaded guilty to 8 charges of “performing a task with the intention to gain unauthorized access’ and 2 charges of “illegal modification of computer tools” at the Leicester Crown Court. Anyhow, this was not the first security issue in T-Mobile.

In October last year another weakness was discovered on their companys website which allowed any threat actor to gain entry to customers sensitive information which included their email addresses, billing account numbers and more, only using their phone number.

A black hat hacker later told Motherboard that this weakness and loophole in the companys system was exploited by cyber-criminals for quite some time.

Sources: Pakistan Today

Posted from my blog with SteemPress : https://latesthackingnews.com/2018/04/08/cia-directors-account-hacked-by-15-year-old-boy/

#t-mobile
8 years ago in #hacked by
$0.00
    2 votes
    Reply 0