T-Mobil’s Latest Competitive Intelligence Failures.

T-Mobil’s Latest Competitive Intelligence Failures.

June 6th stands out as an important date on the calendar now. That’s the date that, verified by T-Mobil and reported by the IDG News Service, ( Source: http://www.pcworld.com/businesscenter/article/166348/tmobile_confirms_stolen_data_is_genuine.html ) hackers posted elements of information on the Full Disclosure message board that came from larger files and confidential documents they had copied from T-Mobil’s databases and financial files. No, according to T-Mobil, nothing stolen directly impacts customer privacy or financial security, but for those who study and work in the competitive intelligence field, this breach offers dark insights into how T-Mobil handles both its’ security and its’ public profile.

Turns out, the hackers have had no takers for the information so far, leading me to believe that the hackers in question were relatively new to the business of black-hat corporate/industrial espionage, otherwise one would have presumed that they’d have had a client *before* hacking T-Mobil. These were simply perpetrators of a crime of opportunity, and mercifully that’s all it appears to be. Because despite T-Mobil’s claims that the information, while confidential, poses no risk of loss to them or their customers, I can assure you that this is far from the truth.

Inside corporate information is the backplate of verification that someone is an insider with the company – it’s how you test the bonafides of other employees. You can only test them with those things that other employees would know but no one else would. The fact that rogue newbies can hack your financial files and databases means that just as easily those in the business of organized crime and corporate identity theft can similarly penetrate your defenses and cause much greater harm because they know what they’re looking for and how to get it. And worse still, what to do with it afterwards to cause the greatest amount of harm.

T-Mobil’s response has been predictable – repair the security breach so that door cannot open that way again and minimize the public concern about the impact on personal privacy and financial issues. But that doesn’t go nearly far enough to protect them from future attacks or to protect the country’s telephony infrastructure from attacks by the real professionals who are actively attacking and creating vulnerabilities to exploit later at their whim.

Now I could be simply fear mongering here, but let me give you an example of what I’m referring to that occurred in the same time-frame so you can appreciate why what I’m saying is *not* fear mongering:
( Source: http://www.theregister.co.uk/2009/06/08/webhost_attack/ )

On June 7th an attack on one of the larger web hosts in Europe resulted in the total destruction of over 100,000 websites, including thousands of small businesses, many of whom rely on those sites for nearly 100% of their revenues. If one of our major utility providers suffers catastrophic loss of revenue or electronic infrastructure damage, or other major financial damage, the ripples will affect the nation as a whole in the same way that the AIG and bank losses did in 2008/2009.

Let’s say, for the sake of argument, that T-Mobil’s financial files and databases had not just been copied, but had been destroyed. In a worst case scenario this could lead directly to requiring T-Mobil to have their books audited in order to verify the missing data. Their financial plans and any projects dependent on them would also be jeopardized and contracts might not be able to be let on key acquisitions and expenditures until the data was reconstructed from scratch. This would undoubtedly cost the company several million dollars just for the audit, and then potentially several million more for the project cost overruns and delays.

The data involving key personnel could also have been stolen allowing a NEC-like corporate identity fraud (see prior post in the article from 2008) case potentially costing T-Mobil billions of dollars.

Or the data could have been quietly corrupted causing unknown reporting errors which could influence share pricing and credit and bond ratings.

The scope of potential damage is staggering. And the minimized response that T-Mobil has offered subsequently shows a tremendous lack of expertise and experience and delineates them as a potential target for ever more strenuous attacks.

Worse still, T-Mobil has not taken the situation seriously enough to turn this attack into an opportunity to show off their thorough security responses and their strength at proactively handling threats to not only limit loss of investor and consumer confidence but to actually improve and increase it and thereby strengthen brand loyalty. They also have the opportunity to take the decision to launch a division that will actively target electronic threats, block their attacks, and bring them to justice by partnering with local and global law-enforcement on a proactive basis instead of purely responding to the damage inflicted by hackers who could be operating outside of US legal jurisdiction.

A competitive intelligence expert already working for T-Mobil would have the connections with the other players in their industry and law-enforcement as well and would be able to build consensus among the whole industry to fund a neutral task force or entity whose sole mission is to catch the black-hats and put them out of business.

And this example would be all the information they’d need to be able to make that happen and give the industry and T-Mobil in particular, some bright, shiny gold stars with the public and investors for making their world a better and safer place.