SECURITY ADVISER: Hacker has fun with Sidekick
- 09 March, 2005 12:05
Ironically, security may well become Paris Hilton's new best friend because, frankly, it's no simple life for the starlet these days. First her Sidekick address book was hacked and her celebrity friends' phone numbers were made public; then the hotel heiress' name became the bait for two different email worms.
Experts at SophosLabs, the vendor's global network of virus and spam analysis centres, are warning users about the dangers of opening email containing references to Paris Hilton after they discovered two separate worms that each claims to contain hardcore footage of the privacy-challenged blonde heiress.
The W32.Sober-K worm bulk-mails itself using a variety of different subject lines, including "Paris Hilton, pure!" and "Paris Hilton SexVideos". The multilingual worm can send itself in German or English, depending on whether it thinks the recipient's email address is owned by a speaker of German or English.
The W32.Ahker-C worm, meanwhile, sends itself using the subject line "Paris Hilton...download it!" with an attached file called "ParisXXX.zip." The worm attempts to disable antivirus and firewall software running on the computer and blocks access to a number of websites, potentially opening the PC to further attack by hackers and malware.
Sophos recommends that companies protect their email gateways with a consolidated solution that defends against viruses and spam. Businesses should also secure their desktops and servers with automatically updated protection. Although these worms are dangerous enough, it was the hacking of T-Mobile's servers and the subsequent release of information gleaned from Paris Hilton's T-Mobile Sidekick wireless device that has caused the most consternation.
The target was the servers that wireless carrier T-Mobile USA uses to run services for its Sidekick users. The attackers grabbed copies of Hilton's phone list, which included celebrity party pals such as rapper Eminem and Christina Aguilera. They then quickly posted the previously private digits on several Internet sites. The attackers also grabbed some embarrassing (if that is still possible for Ms. Hilton) photos taken with her cell phone. Hilton's party buddies may be upset with her, but they should probably be more upset with T-Mobile for not paying closer attention to the possibility of an attack on these servers.
Details about how the attack was carried out have not been made public. But until more is known, users might want to rethink how much personal information they carry around in such devices. Here's one useful question to ask yourself: "Would I want my mother to know this?"
Supposedly, federal prosecutors have in custody the person who carried out the attack. A 22-year-old Oregon man recently pleaded guilty to a single felony count of illegally accessing a protected computer and causing damage.
Federal officials have been handling the case with an unusual degree of secrecy, probably because one of the Sidekick accounts compromised was that of a US Secret Service agent who used the device for agency work.Remember on The X-Files when the agents constantly talked on their cell phones?
No wonder they never got proof of the existence of aliens - they were being hacked.