While the fake URLS used by phishers can be easily discovered simply by hovering your mouse pointer over them, the same is not true of URL shortening services and is one of their biggest shortcomings. The use of shortened URLs in spam messages has risen from 0 to 2% this week. The DonBot botnet is largely responsible, sending over 5 billion spam messages a day. Much of the spam using shortened URLs advertises weight loss pills and male enhancement products.

While there are new services cropping up that will lengthen shortened URLS without having to click on them, it is still a good idea to avoid clicking on shortened URLs sent to you by anyone you don’t know. Advise your employees to avoid using such services as well. Companies that use URL shortening services make customers and potential customers wonder what they’re hiding!

          “The DOT has been experiencing network incidents since this past weekend. We are working with the U.S. Computer Emergency Readiness Team [US-CERT] at this time,” a DOT spokeswoman said Tuesday.

The botnet, which has at least 50,000 computers under its control, is also credited with attacks on the U.S. Secret Service, the Department of Homeland Security, the White House, the New York Stock Exchange, the Department of Defense, the State Department, the Washington Post, and several businesses in the US and in Korea.

While DDoS attacks are relatively common, this was particularly severe. This DDoS attack took up to 40GB of data per second which is ten times higher than a typical attack. No one knows who is behind this attack but most of the infected machines making up the botnet are located in South Korea. While bandwidth levels have dropped since the weekend the attack is still ongoing.

          “These are very basic attacks and stuff we’ve seen for a very long time. The scale of these isn’t very huge either,” said one security expert, who spoke on condition of anonymity because he wasn’t authorized to discuss the matter publicly. “It’s embarrassing that these sites have been hit for four or five days and they’re still being affected. Think of the money that eBay and Amazon would lose in four to five days of this.”

The White House should be very concerned that government site were hit. As the country’s first cyber savvy president, Obama needs to get on the ball and get U.S. cybersecurity made a top priority.

Australians receive the usual stock market, male enhancement, and Paypal scams, but they also receive phishing emails targeted specifically for the Australian market.  Phishing emails branded for all of the major Australian banks are quite common.  Now a new phishing email attempts to leverage the press coverage of the recent Commonwealth Bank phishing scam.

The email claims to be from the Australian Federal Police (AFP) and warns the recipient that fraudulent credit card transactions have occurred and that the person is now under suspicion of aiding known criminals. Remarkably the email then instructs the recipient that “In order to prove your lack of culpability please click here“.  If the link is clicked the victim is taken to a website where personal information is collected.

Unfortunately many victims believe these emails due to official sounding references such as:

“Australian Federal Police case no : 24531987/AFP/832″

“Your case has received code 2 priority”

Typical of phishing scams the email also attempts to use fear to prompt immediate action, for example:

“Please note that failure to cooperate will lead to the advancement of our investigation. You will be prosecuted to the full extent of the law. Your assets and funds will be frozen until the end of our investigation.”

“This is a federal investigation, you will not contact your local authorities or bank; you will wait for one of our agents to contact you within 48 hours. We suspect local involvment in this matter. Failure to do so will ad a charge of “obstruction of justice” to you.”

Although the phishing emails contain many of the usual clues such as dire warnings, threats designed to illicit fear, urgent calls to action, and plain old bad spelling, the biggest clue should be the plausibility of the scenario itself.

Although the Australian legal system is web savvy enough to allow subpoenas to be served via Facebook most rational people would realize that the AFP is unlikely to send you an email accusing you of a crime, and then let you go to a website to prove your innocence.

1. Education. This has to be top on the list. Educating users as to what spam is, and what the consequences of it may be will go a long way towards eliminating the hazardous effects of spam if it does get through. Users need to be educated to not click on suspicious links, and to recognize “phish” emails when they appear.
2. Avoid overuse of posted email addresses. Sometimes it’s necessary to publish your email address, but be aware that doing so may make you vulnerable to robots that collect them for purposes of spam dissemination. A response form, as opposed to a published email address, may eliminate this problem; a second strategy is to use a separate email address when it’s necessary to post it in public.
   
3. Keep your anti-spam subscription current.
4. Implement a two-stage strategy, with anti-spam protection at the gateway as well as at the desktop. In this way, the bulk of the spam will be eliminated before it hits the desktop, helping to minimize traffic, and improve productivity. The second desktop stage of protection will serve to catch anything that gets through the gateway.
5. At the bottom of a spam email, you’ll usually see a “remove” link, which gives you the option of clicking on a link to be removed from a list. Avoid clicking on these links, as they seldom do what they promise; and in fact serve the purpose of confirming that your email address is valid. The end result will be more spam, not less.
6. Be cautious about opening email attachments. These may contain dangerous malware that may transform your computer into a spam-spewing robot.
7. Depending on your email client, you will probably have a “block sender” option. Outlook does offer this option. Although your strategy should involve catching most spam with your anti-spam software (at both the gateway and desktop), if users see spam coming through, they can block the sender using this tool.
8. Keep false positives to a minimum. Your anti-spam software should provide accurate analysis, but beyond that, try setting up individual rules in your email client. You can set up a series of “from” rules to indicate that emails from certain individuals or domains should always be sent through, regardless of content.
9. When subscribing to free Internet services that request your personal information, use a separate email address other than your usual one. Providing your primary email address to almost any online service or provider will result in unwanted email later on.
10. Be cautious in using auto-responders if you’re out of the office or temporarily unavailable. Your auto-responder responds to all email that comes in, including whatever spam makes it through your gauntlet of protection. The auto-response confirms to the spammer that your email address is valid.

The researchers reviewed millions of spam message and found that over 69,000 unique domains hosted the websites found in the spams and of those, 70% were located in China, making it a definite spam haven.

“It is very normal that more than one-third of the domain names we see each day in spam messages come from China,” wrote Gary Warner, director of research in computer forensics at the university. “When one also considers the many ‘.com’ and ‘.ru’ domain names which are also hosted in China, the problem is much worse.”

The so-called bulletproof providers actively recruit spammers and cybercriminals, going as far as to post ads on the underground websites where they are known to socialize. These hosts ignore take down requests and abuse reports and even make IP addresses hard to trace. A Chinese domain name can be had for a mere 15 cents, which only adds to the problem.

The researchers aren’t sure all the providers hosting the spam domains are bulletproof however. They speculate that a few may simply not have the resources or understanding to deal with the problem. Curiously enough, while the Chinese government had made headlines and waves with its increasing attempts to censor the Internet in the name of fighting porn, they have had nothing to say about the spam problem. It’s not known if they are even aware that there is one!

To make matters worse the list of FTP credentials is stored on a server in China in plain text, making it available to anyone who stops by. Experts say they were all stolen within the past 2 weeks and most are still valid.

The ZBot Trojan has also been spotted in several email attacks masquerading as everything from a ticket confirmation from Delta Airlines to a critical update for Microsoft Outlook. If downloaded it steals personal information using a keylogger.

It’s crucial to make sure any unused FTP credentials on your website are disabled and that active ones have their passwords changed regularly. As we saw recently when hundreds of government sites in the UK were compromised and redirected visitors to internet pharmacies selling Viagra or porn sites, hackers are eager to infect legit sites. If they hit yours it could be a real nightmare for you and your customers, so stay alert and keep an eye on your servers and FTP logins!

Over time the problem has grown to the point where it is now very frustrating for their staff.  They’ve asked me for some suggestions on how to fix this problem, so I presented them with these options.

Requiring Authentication for Exchange Server 2007 Distribution Groups

The default behavior for newly created distribution groups in Exchange Server 2007 is to require that all senders be authenticated, or the message is simply rejected.  This is useful, however, for a vast majority of Exchange Server 2007 organisations their distribution groups existed prior to the upgrade to Exchange Server 2007.  In these cases the authentication requirement is not enabled.To require authentication for a distribution group simply open the group properties, navigate to the Mail Flow Settings tab, open the Message Delivery Restrictions and then tick the box marked “Require that all senders are authenticated”.

While this solution has the desired effect of preventing spam from reaching the distribution group, it also prevents other legitimate outside email from reaching the list.

Filtering Distribution Groups by Sender

The authentication requirement will prevent legitimate outside email from reaching important distribution groups.  To resolve this through the same Message Delivery Restrictions you can instead control which senders are permitted to send to the distribution group.

This method causes some extra administrative burden for the email server admins because each permitted sender must first be added as an Exchange Contact.  Furthermore if you want the distribution group to receive emails from internal staff you need to ensure they are also added to the list, either directly or via a group.

Obscuring Distribution Group Email Addresses

One method that most email admins will try at least once in their career is to obscure the email address of distribution groups to make it harder to guess, or to make it impossible to send to from outside the organization.  In Exchange Server 2007 this is achieved by using Email Address Policies that apply only to distribution group objects.

For example, the policy may apply a string of characters to the email address to make it harder to guess, such as allstaff_ksf2ui2[at]company.com.  While this does have the effect of making it nearly impossible to guess it does nothing to prevent exposure of the email address if it were included in an email sent outside the organization.

A second technique is to use an SMTP domain that is invalid outside of the organization.  For example allstaff[at]groups.company.com or allstaff[at]company.local.  This has the effect of nullifying any exposure of the email address outside the organization but similar to the earlier filtering techniques it prevents legitimate outside email from reaching the group.

Implementing an Anti-Spam Solution

Although the customer was seeking a free solution once I explained each of the options above it became clear to them that these techniques would either be ineffective, require too much effort to maintain, or would prevent legitimate business use of their distribution groups.

Instead they agreed to trial an anti-spam solution, which satisfied them by preventing spam and other unwanted emails in an effective and easy to manage way, and which they ultimately purchased and are now happily getting on with their business without the constant hassle of spam.

Zbot even contains a list of specific sites to monitor including Facebook, MySpace, Bank of America, Amazon, HSBC, Paypal, Blogger, and just about every bank you can think of. This Trojan means business. Once a user on an infected machine accesses one of the sites on the list, a built in keylogger is activated and records their information. The stolen information is then uploaded to a remote server.

Zbot has been spotted in several previous attacks. One pretended to be a notice from UPS, another a ticket confirmation from Delta Airlines and a third a notice from Western Union. The gang behind the attacks is said to be hiding out in Russia.

To protect yourself and your users, remember that common sense is a hacker’s worst enemy. They are hoping people will trust that it a real update from Microsoft even though it’s well known that Microsoft pushes their patches through on the second Tuesday of each month only and never ever sends them via email. If you get an update from anywhere other than the Microsoft Update console, chances are it’s fake. Make sure you have a policy in place regarding software installation. It’s probably best to restrict everyone but the IT department from doing any at all.

The web site containing the form then asks the victim to mail a printed copy of the form to an address. The print-and-send is just a ruse though, the data is actually captured through a hack when the victim presses the “print” button. The email, like many such scams, attempts to create a sense of false security, by claiming the print-and-send routine is being done for the victim’s safety.

Officials still have not been able to trace the source of the fraudulent email sender, who is using a bot network to send the emails. The ATO recommends that people delete emails like this immediately, and advises that they do not ask people to provide personal information by email. The same holds true for most, if not all, tax collecting agencies in other countries.

News of the pop icon’s tragic death from what appears to be a sudden cardiac arrest caused an overwhelming spike in traffic that crashed Google, Wikipedia, AIM and Twitter for short periods and caused Facebook to slow to a crawl. Spammers and scammers are jumping at the chance to take advantage of all that traffic. Exploiting headlines and holidays is one of their favorite tricks. The last big headline they used was the Swine Flu outbreak, and before that President Obama’s inauguration.

Security experts are advising people to get their news only from reputable sources, and it goes without saying that you should never ever reply to a spam message. At best it will just bounce back due to a faked header, at worst it’ll just get you put on a list of people that respond to spam, meaning you’ll become a prime target for spammers.

          Sky News Online has reported a Habitat spokesman as saying: “This was a mistake and it is important to us that we always listen, take on board observations and welcome constructive criticism. We will do our utmost to ensure any mistakes are never repeated.”

The company has not issued an apology on Twitter but did quietly delete all the spam tweets it posted. It’s not clear why they felt hashtag spamming was okay to do, although they told a blog that it was done without their knowledge. That sounds a little hard to believe but it wouldn’t be the first time a rouge employee was blamed for a blunder that became a PR nightmare.

The moral of the story? Twitter can be a valuable tool to help you reach out to customers and potential customers, but tread carefully and follow the rules. Spam is no more acceptable there than it is anywhere else.

What is Email Marketing?

Email marketing is quite simply the legitimate use of email for communicating with customers.  The problem today is that many people cannot tell the difference between email marketing and email spam.  In fact some spammers can’t even tell the difference, branding themselves as “internet marketers” and operating with no regard for the problems that they cause.

Kevin Garber from Melon Media in Sydney, Australia says, “Increasingly the determining factor of what is or isn’t ’spam’ is in the eye of the recipient, so often legitimate email marketing and spam can be lumped in the same bucket.”

With such as grey line between the two, where can email users begin when trying to make the distinction?  “Genuine spam however is often designed to confuse and trick recipients.  It is also usually very difficult to tell who the sender of genuine spam is,” Garber says.  “Legitimate email marketing at least attempts to do everything by the book - including full disclosure of who the email is from and clarity of all commercial offers.”

Adding to the confusion is the problem of email marketing being confused for spam when the end user simply forgets that they signed up to receive it.  As Microsoft’s Terry Zink points out from experience, “It’s not at all uncommon for users to regularly submit non-spam messages as spam.  The most common of these are opt-in newsletters.  Mail the user opted into at one point but no longer wants to receive.”

The Challenge of Email Marketing

Spam presents two significant challenges to legitimate email marketing.  Firstly it hinders the ability of businesses to have their email communications reach interested customers.  Belinda Jackson of Web Chameleon says, “Getting legitimate email marketing delivered has become more of a challenge with more and more spam hitting people’s inboxes.  Tighter spam control at different levels of the delivery process means that some email does not get delivered.  This of course, is a challenge for those of us who wish to only send valued Email Marketing to their clients and opt-in subscribers.”

Sometimes these problems can be technical in nature, caused by an overly aggressive content filter or keyword blacklist configure by the email administrator.  Other times the problem can arise when servers used by email marketers end up on RBLs such as SpamHaus.  This is particularly an issue when the email administrator has an objection to any emails that do not directly relate to their company’s business activities.

“Both corporate mail administrators and independent blacklists have at various stages blacklisted us,” says Garber.  “All were resolved but clients suffered periods of inconvenience.”

Engaging in Email Marketing

For businesses that wish to use email marketing they need to plan their strategy correctly to avoid being viewed as a spammer.  Both Jackson and Garber agree on some important steps to take.

• Only send marketing emails to opt-in recipients
• Always include a clear reminder in the email so the recipient knows how you acquired their email address
• Never buy lists of email addresses for marketing purposes
• Have a visible and simple way for the recipient to unsubscribe, and make sure it works
• Use a reputable email marketing service that treats deliverability as a high priority
• Be aware of the anti-spam laws of your jurisdiction and operate within those boundaries

Solving the Problem for Businesses

Because email spam is an international problem the real solution must be a global one.  Garber proposes that global legislation combined with a “global law enforcement team with the mandate to track down all genuine spam campaigns and press charges” could go a long way to resolving the issue.  In the meantime, “Users have generally adapted to the problem, but the industry should continue to be vigilant in seeking a mix of technical and legal based solution to this problem.”

Despite what some email administrators might think, doing away with email marketing entirely is not the solution.  As Jackson puts it, “The reality is that a lot of people actually enjoy getting marketing letters and brochures in their letterboxes much like many people enjoy receiving commercial emails and newsletters that provide value and that they have subscribed to.”

With this in mind it is important to understand that poorly implemented anti-spam systems can ultimately hurt legitimate business activities.  A balance must be struck between preventing spam and allowing businesses to engage in effective email marketing campaigns with their customers.

          “Alan Ralsky was at one time the world’s most notorious illegal spammer,” U.S. Attorney Terrence Berg said after the plea. “Today Ralsky, his son-in-law Scott Bradley, and three of their co-conspirators stand convicted for their roles in running an international spamming operation that sent billions of illegal e-mail advertisements to pump up Chinese ‘penny’ stocks and then reap profits by causing trades in these same stocks while others bought at the inflated prices.”

The pair and nine others operated a penny stock pump and dump scheme. They sent out unsolicited emails to millions hyping a worthless Chinese penny stock. When unsuspecting victims fell for the come ons and bought shares, it artificially inflated the stock’s worth. Ralsky and the others then sold their shares for huge profits and left their victims hanging.

They used forged headers, proxy computers and domains registered under fake names to send their spam without being detected. Prosecutors plan to recommend 35 to 43 months in prison, a term Ralsky agreed to as part of his plea deal. The deal also includes a fine of up to $1 million and an agreement on Ralsky’s part to assist government in future investigations.

But they do get away with it, and they do fool people. Apparently, a fairly high percentage. A recent survey showed that a shocking number of Web users can’t identify different types of phishing. The survey asked over 1,000 respondents to identify fraudulent phishing sites, by showing two Web sites side by side. One of the sites had obvious give-aways, and the other was legitimate–but a shocking number of people couldn’t tell the difference. Eighty-eight percent were fooled by a web site with obvious spelling errors. Sixty-eight percent were fooled by a bogus Web site that didn’t have the characteristic padlock symbol common to sites using the https protocol, and 42 percent were fooled by sites that had strange numerical domain names, and 33 percent were fooled by sites that asked for account information that should not be necessary.

Another surprising statistic, and one that is somewhat embarrassing for us Yanks, is that out of the seven countries included (US, Germany, Sweden, Australia, India, Denmark, and UK), the US respondents were least likely to identify the give-away signs that should tell you you’re at a phishing site.

The other type of spam uses a new technique-blank messages. Spammers are sending messages with no subject line or body with the sole purpose of finding out what addresses are valid, usually within specific domains and presumably to harvest those addresses for future spam and/or phishing attacks.

Additionally, malicious spam masquerading as delivery failure notices from Western Union continues to flood the net. This type of spam informs the recipient that a Western Union money transfer could not be completed and directs them to open the included attachment, print out the receipt and bring it to their local Western Union office to get the money back. The scammers are hoping to find a few greedy souls who think they’ve gotten a chance to receive some free money. The attachment actually contains a nasty Trojan.

It’s important to keep all anti-virus products up to date and make sure you have an effective spam filter installed on your network, and as always make sure your employees know to never click on links or open attachments in emails from people they don’t know.

Some products also support one or more of a relatively new type of prevention - email authentication.

What is Email Authentication?

When the SMTP protocol was first created all users were trustworthy and hence there was no need to include any significant level of security within the protocol.  This has lead to many of today’s problems such as address spoofing.  Several  email authentication schemes have appeared on the scene to try and authenticate that an email using different methods, each with positive and negative aspects.

Sender Policy Framework

Sender Policy Framework (SPF) allows domain owners to use DNS TXT records to specify which email servers are allowed to send email for that domain.  This technique works on the assumption that the DNS records for a domain name are correct and trustworthy.  However there are a few weaknesses with this approach.

Firstly there has not been widespread adoption of this method by domain owners.  As such it is not practical for email administrators to block emails that fail an SPF test.  For example, if the owners of the domain example.com have no SPF record in their DNS zone then spammers are free to continue forging example.com email addresses.

The method also does not prevent spam being sent through authorized servers.  Senders can still forge the email address of other users of that domain, which makes it ineffective for blocking spam sent from popular web-based email systems that have millions of users.  Furthermore, the SPF test assumes that the authorized server is not an open relay or otherwise compromised.

SPF also breaks completely when email forwarding occurs, which is very common.

Finally, SPF is impractical in any scenario where emails are being sent via an unexpected server, such as home users sending via their ISP.  The domain owner would need to add SPF records for all possible servers that their end users might need to use, which is a significant administrative burden.

DomainKeys Identified Mail

DomainKeys Identified Mail (DKIM) is a technique whereby an email sender adds a cryptographic signature to the email header that can be used by the recipient to verify both the source and the integrity of the message content itself.  A receiving server can check the signature using a public key published in the sending domain’s DNS zone to prove that it was sent by an authorized server.  Although this may be more effective than SPF it also carries some weaknesses.

The signature-based authentication can be broken by any modification of the email in transit, such as a message footer inserted by anti-virus software.  Other common factors such as mailing list servers also cause message contents to be modified went forwarded on to their destination.

As with SPF DKIM is also ineffective at preventing spam sent by people abusing authorized servers, again this is a serious problem with popular web-based email systems.

DKIM also imposes significant processing overhead on the receiving server, which may cause load and scalability issues for businesses wishing to adopt this technique to prevent spam.

However one of the advantages of DKIM is that it can be used to better identify non-spam emails when used in combination with other techniques.  For example, an email that passes an open relay test for the sending server (either at the time of receipt or by membership on a list of known safe mail servers) that also passes a DKIM test is likely to not be spam and can bypass any further processor intensive scanning such as content filtering.

Penny Black

Penny Black is the codename for a Microsoft project taking a unique look at preventing spam using a “sender pays” system.  Under such as system the cost of sending unsolicited email is increased to make it impractical for spammers to send millions of spam emails.  The cost is not monetary, rather it is applied as computational effort.  Where currently an email message takes fractions of a second to send, Microsoft proposes increasing this to a much larger amount such as 10 seconds.

For normal email users this would cause few problems because they send a low volume of email.  Spammers would be forced to invest in more computing resources to continue sending out millions of spam emails, however this would not be an issue for them as long as they can still leverage large botnets of compromised pc’s across the internet.

The proposal only impacts unsolicited email.  For large corporate networks who engage in high volumes of email they can whitelist the domains of trusted partners so as not to impose the additional costs on them.  This may become easier as enterprise email systems such as Exchange 2010 introduce new features like Federation that allow secure authentication and sharing between organisations.

Summary

Development of anti-spam frameworks continues and there are positive outcomes within reach.  At this stage though it is unclear which of the frameworks will become widely adopted and become part of the standard for email communication.  A likely outcome will be that more than one framework is adopted and each is treated a separate calculation of the “likelihood” of an email being spam as opposed to a definitive pass/fail result.  For businesses choosing an anti-spam solution today the best approach is to implement one that already contains support for one or more of these developing frameworks.

The most disturbing part of the attacks is that many of the sites belong to elementary schools and are visited by students. The hackers behind the attack apparently have no problem directing children to porn sites. Even the search results for these sites have been changed to refer to porn and shady pharmacies.

It’s not known who’s behind the attack and the UK government has not yet had any comment. One thing is sure however, and that’s that they need to take a serious look at the security and software on their sites. It’s poorly designed software and careless security (such as not disabling unused FTP logins) that lead to these types of attacks. Experts warn that it’s possible that people who are infected by compromised sites may begin to file lawsuits against them for negligence.

However I’m not sure that’s the way to go-after all it is up to each of us to properly secure our computers and use up to date anti-virus software!

Another attack, said to originate from Portugal, is much more dangerous. The messages contain a link claiming to lead to exclusive video of the crash site, but instead lead to a malicious site that downloads a Trojan on to the visitor’s computer. The Trojan is designed to scan the system and steal passwords and usernames.

A third attack uses blackhat SEO techniques to poison search results related to the crash with malicious links that lead to sites that push downloads of rogue anti-virus programs, a type of scareware.

Experts recommend getting your news reports from well known and trusted sites only and keeping all anti-spam and and anti-virus programs up to date at all times.

Exploiting headlines and hot topics is a common tactic for spammers and malware distributors, who tailor their attacks to popular holidays, new stories, and popular celebrities and scandals. When they exploit a tragedy however, it becomes particularly distasteful.

Air France Flight 446 crashed in the middle of the Atlantic on May 31, killing all 228 people aboard. It is now the worst air disaster since 2001.

According to the University report, there are numerous programming errors and flaws in the software, and once it has been installed, it is possible for a botnet operator to create a rogue web site to take advantage of the flaws, and take control of user computers.

There are two major vulnerabilities; the first is in how the software processes the web sites being monitored, and the second is in how it installs its updates. Both flaws allow remote sites to execute arbitrary code. The researchers made it as clear as possible in the report, saying, “Any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet.” And what’s worse, the flawed software can be used to install malicious software on a computer along with the filter update.

Good work on the part of the University of Michigan researchers, but they missed the mark on one front. Their recommendation that “users protect themselves by uninstalling Green Dam immediately” would be good advice, were it not for the Chinese government’s mandate–users in China have no choice but to run the software. The researchers also conclude that if Green Dam is deployed in its current form, it will “significantly weaken China’s computer security,” and that’s the real heart of the matter here–the deployment is a done deal. And because only one particular filtering product is mandated, there is little incentive to refine the product, and great incentive for abuse.

“We have everything — their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009,” read the message on the Full Disclosure message board. “We are offering them for the highest bidder.”

To prove their claim they showed information related to the company’s operating systems, IP addresses, and software vendors. It’s not yet certain if the message is telling the truth. Full Disclosure claims that the majority of the posts made on its site are hot air,  and T-Mobile seems to concur:

          “Following a recent online posting that someone allegedly accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected. T-Mobile continues to monitor this situation and as a precaution has taken additional measures to further ensure our customers’ information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible”, said a company spokesperson.

Interestingly, no one seems to be able to contact the hackers who are offering the stolen data for sale. Emails sent to them by reporters received no response.