The caper had all the necessary ingredients to spark a media firestorm — a beautiful socialite-turned-reality TV star, nude photographs and embarrassing messages, and the personal contact information of several young music and Hollywood celebrities.
When hotel heiress Paris Hilton found out in February that her high-tech wireless phone had been taken over by hackers, many assumed only a technical mastermind could have pulled off such a feat. But as it turns out, a hacker involved in the privacy breach said, the Hilton saga began on a decidedly low-tech note — with a simple phone call.
Computer security flaws played a role in the attack, which exploited a programming glitch in the Web site of Hilton’s cell phone provider, Bellevue, Wash.-based T-Mobile International. But one young hacker who claimed to have been involved in the data theft said the crime only succeeded after one member of a small group of hackers tricked a T-Mobile employee into divulging information that only employees are supposed to possess.
The young hacker described the exploit during online text conversations with a washingtonpost.com reporter and provided other evidence supporting his account, including screen shots of what he said were internal T-Mobile computer network pages.
The caper started the afternoon of Feb. 19, when a group member rang a T-Mobile sales store in a Southern California coastal town posing as a supervisor inquiring about reports of slowness on the company’s internal networks.
The sales rep acquiesced: “All right, what do you need?”
When prompted, the employee then offered the Internet address of the Web site used to manage T-Mobile’s customer accounts — a password-protected site not normally accessible to the general public — as well as a user name and password that employees at the store used to log on to the system.
Later, using their own Sidekick phone, the hackers pulled up the T-Mobile customer records site, looked up Hilton’s phone number and reset the password for her account, locking her out of it and taking control of it.
“As soon as I went into her camera and saw nudes my head went JACKPOT,” the young hacker recalled of his reaction to first seeing the now-public photos of a topless Hilton locked in an intimate embrace with a female friend.
“I was like, HOLY (expletive) DUDE ... SHES GOT NUDES. THIS (expletive)’s GONNA HIT THE PRESS SO (expletive) QUICK.”
By early Feb. 20, the pictures, private notes and contact listings from Hilton’s phone account — including phone numbers of celebrities such as Cristina Aguilera, Eminem, Anna Kournikova and Vin Diesel — had appeared on GenMay.com (short for General Mayhem), an eclectic, no-holds-barred online discussion forum. SOURCE