AntiSec: Leaked AT&T documents came from an insider

AntiSec: Leaked AT&T documents came from an insider. (IMG: AnarchistMedia)

The threat known as AntiSec is largely considered an external one, but organizations are vulnerable from within too. The recently leaked AT&T documents, published over the weekend when LulzSec said good-bye, came from an internal source, The Tech Herald has learned.

The AT&T documents published this weekend were part of a torrent file released by LulzSec. It was their final release under the name, and the second major release for the AntiSec movement, which LulzSec established. AntiSec has only one goal, find and release information.

For those participating, AntiSec’s top priority is to steal and leak any classified government information, including email spools and documentation. The prime targets are banks and other high-ranking establishments, such as AT&T. However, any organization, no matter how big or small, is fair game.

The main lesson that executives would do well to learn is that insiders can leverage the spirit of AntiSec just as quickly as someone on the outside can. This is how AT&T’s data made it to the Web. According to the recently arrested Ryan Cleary, who told us about the AT&T leak back in May, “…an employee of AT&T gave us loads of shit. Including a bootable USB…,” Cleary said.

Ryan’s comments were confirmed by two additional sources. One of them, a person linked to LulzSec itself, and the other an associate of Anonymous familiar with the data. 

The leaked documents include more than 60,000 phone numbers, each one linked to an iPhone 3G, 3GS, or iPhone 4. Based on the spreadsheet’s title, each one of them was assigned at one point to IBM employee. There are spreadsheets with server names and IP addresses, each with a corresponding username and password, for both development and production usage on AT&T’s internal network.

Some of the documents reference the need to use an RSA token, in addition to established usernames and passwords. Given the SecurID breach, one would assume AT&T has already replaced their tokens, but if any of the stolen RSA data aligns with the AT&T data, criminals could walk all over the telecom’s infrastructure.

Moreover, the other leaked documents, such as the various meeting notes, AT&T’s 4G / LTE testing data, internal presentations, and a random assortment of technical documentation, could lead directly to a targeted Phishing attack.

Some of the documents seen by The Tech Herald include the network ID used by various executives, development staff, and technical managers within the company. The documents provide a complete reference to the jargon and terms used for several internal projects.

Knowing those user IDs, as well as what projects they are working on - by internal title and reference no less - could lead to disaster once the @att.com suffix is added to a malicious email. Making things worse, there are also contact details and information for Cisco employees working with AT&T on LTE-related projects.

In all, an AT&T insider walked off with nearly 200MB of information contained in more than 300 files. The leaked material dates from late 2010 to April of this year. This corresponds with Ryan’s claims to us in May that the internal information was, at the time, only recently handed over.

The AT&T leak is a clear example of how, even if solid external protections are in place, information can still find a way to leave an organization. Insiders have always been a risk, so much so that an entire sub-industry within the security industry was created to deal with it. Most CIOs and CSOs know the sub-industry's offerings by name - DLP.

At the same time, even if DLP is in place, and AT&T is sure to have something to that effect running on their network, insiders with access can still walk off with information. So at that point, the plan shifts from proactive to reactive, as security teams turn to their recovery and response plans.

Disaster recovery and incident response is likely going to be the primary focus, after hardening existing defenses, in organizations the world over for the foreseeable future. There’s no other way around it, as it is nearly impossible to stop a determined attacker, even one from within.

We’ve reached out to AT&T for comment. We’ll update this story if we hear from them.

Update: AT&T has told us that they have no comment on the issue.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.

Cheetah Pictures

Some Cool Cheetah Pictures Cheetahs are found mainly in Africa but also some parts of the Middle East. These sleek animals are the fastest land mammals in the world and can hit 60 mph in about 3 seconds, though they cannot maintain this speed for long. Cheetahs prey mostly on antelopes and smaller mammals but occasionally go for something bigger. We hope you enjoy these photos and don’t forget to check out the other speedy land mammals on our list of the fastest.

Sherlock Holmes Quiz

Sherlock Holmes
Sherlock Holmes was a man who absorbed information like a sponge and had a razor sharp mind. How much do you know about the famous fictional detective from the books?

22 years without Ferruccio Lamborghini

Lamborghini posted this photo today saying: “22 years without Ferruccio Lamborghini.” Ferruccio passed away on February 20th 1993 aged 76. Interestingly he started out making tractors!