The Secret Service has been investigating various computer crimes lately, and Security Focus has a fascinating article about how one of the people they were going after was simultaneously tracking them back by accessing an agent’s T-Mobile Sidekick account. The details are fairly complex, but basically, this hacker got his hands on the entire T-Mobile user database, including passwords and other private info, allowing him to access anyone’s web-based Sidekick account. It just so happens that one of the Secret Service agents working on the case uses a Sidekick, and the hacker got various Secret Service documents by logging into that agent’s account. If this brings up the question of: “what the hell is a Secret Service agent doing using a T-Mobile Sidekick and allowing it to receive sensitive documents?” you’re not alone. One of the Sidekick’s “nice” features from a user perspective is that it automatically syncs with T-Mobile’s web server in real time. So any info on the device is accessible via the web. That’s useful for a normal user, but also opens it up to hackers. You would think the Secret Service would be a bit more careful. This is an organization that has “secret” in their name, after all. Anyway, they eventually tracked down this guy, but have been very quiet about it. Also very quiet is T-Mobile — which may be against the law. California has this data privacy law that says a company needs to tell people if their personal info may have been compromised. Apparently, T-Mobile doesn’t think the law applies to them.
Originally from Techdirt