According to a Wall Street Journal report, a person claiming to have been behind the T-Mobile data breach has spoken out to expose his identity and criticize T-Mobile's security. John Binns claimed he was behind the attack, provided evidence that he could access accounts related to it, and went into detail about how he pulled it off and why he did so.
Binns claims that he was able scan for unprotected routers to gain customer and former customer data from T-Mobile. According to Binns, he found one that allowed him access to a Washington state data centre, where credentials were stored for more than 100 servers. He called the security of the carriers terrible and stated that he panicked when he realized how many servers he could access. The WSJ reports that Binns is not certain if he was working alone but that he did admit to having worked with others at least for part of the hack.
Binns called T-Mobile's security terrible
The hacker had access to sensitive personal data such as names, birthdates and Social Security numbers. He also gained access important cellular data such as identification numbers for cell phones and SIM cards. T-Mobile stated in a statement that it was confident that it had closed off the access points and egress points used by the bad actor in the attack.
The WSJs report reveals more about Binn's past as a hacker. Binn claims that he started hacking popular video games. He also claimed that he found the flaw in the botnet that attacked IoT devices. However, he denies that he actually worked on the code.
Binns describes the troubled relationship between US intelligence services and Binns
Binns claims that Binns' relationship with the US intelligence services has been troubled. Binns appears to have filed a lawsuit in 2020 requesting that the CIA and FBI, DOJ and any other agencies give him information about him. The government is also accused of trying to convince Binns to purchase Stinger missiles from an FBI-owned website, attacking Binns using psychic and energy weapons, as well as being involved in his kidnapping, torture, and other allegations. The FBI responded to his lawsuit by denying that he was being investigated or possessing information about the alleged surveillance, abduction and torture.
Binns stated to the WSJ that he wanted to create noise and that he hoped someone from the FBI would leak information about his alleged kidnapping. Binns' situation is unlikely to improve now that he has been named as the hacker of one of the USs largest carriers. If Binns reports on how he accessed a large trove of T-Mobile data were true, it paints an alarming picture about the security practices of T-Mobile.