A recent report notes that John Erin Binns, a U.S. citizen based in Turkey, admitted being the primarily responsible for the cybersecurity incident that impacted T-Mobile IT infrastructure, resulting in the leak of more than 50 million users’ confidential records. This seems to confirm the hypothesis of Alon Gal, co-founder of cybersecurity firm Hudson Rock.
A few weeks ago, the researcher shared some tweets stating that the intention of the perpetrator of this attack was to retaliate against the U.S. government due to the kidnapping and subsequent torture Binss suffered back in 2019: “Our intention was simply to damage critical American infrastructure,” the alleged hacker claimed.
Binns, 21 year-old, gave an interview to the Wall Street Journal (WSJ), during which he claimed responsibility for the attack, assuring that the entire operation was deployed from his home in Izmir, Turkey, where he has lived since 2018. Binns’ father, now deceased, was American, while his mother is of Turkish origin.
Using Telegram, a privacy-focused instant messaging platform, Binns provided his interviewer with evidence to prove that it was actually he who deployed the attack on the telecom giant. Binns apparently gained access to the company’s networks through a vulnerable router.
The young hacker mentioned he was looking for security flaws in T-Mobile through its internet addresses, gaining access to a data center in Washington from where he was able to access more than 100 vulnerable servers. Just a few days later, Binns had managed to access and steal millions of confidential files: “Their security is really bad, so it was even a challenge to get detected and make all the fuss possible about it,” says the attacker.
Despite the revelation of these details, the attacker decided not to confirm whether the compromised information was sold to a third party or if someone else paid for the deployment of the attack. In this regard, the WSJ report indicates that the affected company received a report from a security firm, which specified that the compromised information was being sold in some dark web forums.
At all times Binns said he was upset with the way he was treated by U.S. authorities. A year ago, the hacker filed a lawsuit against the Federal Bureau of Investigation (FBI), the Department of Justice (DOJ) and the Central Intelligence Agency (CIA), claiming that the agencies wrongly accused him of participating in multiple criminal schemes, including the operation of the Satori botnet.
The lawsuit states that Binns was also tortured and monitored on suspicion of belonging to the Islamic State terrorist group. The young hacker has denied these allegations all along, mentioning that he was kidnapped and taken into mental institutions in Germany and Turkey as part of the harassment he suffered: “I have no reason to lie, I hope that someone inside the intelligence agencies can help me,” he adds.
Although T-Mobile has not stated anything about Binns’ actions, a few days ago the company confirmed the data exposure, mentioning that the incident exposed details of its customers such as full names, phone numbers, dates of birth, social security numbers and other sensitive data. As part of its security incident response protocol, the company will offer affected customers a free subscription to a protection service against identity theft and other variants of fraud.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.