• United States



Was T-Mobile hit with Kaminsky DNS attack?

Jun 11, 20093 mins
Core Java

T-Mobile found itself in the unusual (and unenviable) position this week of having to say that hackers had obtained legitimate data from the company, but that it didn’t come from hacking.

As I and others have pointed out the T-Mobile data could have come from a dumpster, or even from a decommissioned computer hard drive that didn’t get wiped.

But could it have from a DNS cache poisoning attack, say based on the vulnerability Dan Kaminsky found last year?

Late last year, T-Mobile G1 users started complaining about what appear to be DNS problems on their network. One user reported that was apparently hijacked by rogue antispyware software.

Wrote one user:

Sometimes when I try to go to on my G1 via a bookmark, the page gets hijacked by what appears to be a fake Microsoft support page saying “Alert: Your computer have been attacked by spyware or viruses!   Please download AntiSpyware to fix.”, then with a download link pointing to, which seems to go to a Network Solutions placeholder page.

Another user, trying to hit, ended up on a porn site, although this issue may not have been a DNS problem.

I just posted an item for sale on ebay and I wanted to track it on my phone so I went to and did a search for ‘samsung epix’ so I can find the phone and see the bids. When I clicked on the search button I got an erro page saying that the browser cannot display the page. I refreshed the browser and got a pic of a naked chic. I hit back and then seached again and I get a pic of the same naked chic. I can no longer do searches on ebay for items.

I had to fire on my computer email me the link to the item I’m selling so I could bookmark the item I’m selling to the G1’s browser. This is so annoying. I can surf for porn when I want, not when I need to get things done on my browser. Also I’m in Southern Oregon so I was on edge.

In another forum posting a Google rep says that T-Mobile was investigating the issue, but there’s no word on what actually happened.

T-Mobile didn’t respond to a request for an explanation, but according to a source familiar with the matter, the problem was thought to be  that t-mobile’s DNS servers had either been hijacked or using tainted authoritative entries.

Personally, I doubt these problems, which mostly occurred in late November and early December, had anything to do with this week’s (non) breach. But it does make you wonder what exactly is going on at T-Mobile.