Page 2 of 3   <       >

Paris Hilton Hack Started With Old-Fashioned Con

According to the young hacker's account, the Hilton caper started the afternoon of Feb. 19, when a group member rang a T-Mobile sales store in a Southern California coastal town posing as a supervisor from T-Mobile inquiring about reports of slowness on the company's internal networks.

The conversation -- which represents the recollection of the hacker interviewed by washingtonpost.com -- began with the 16-year-old caller saying, "This is [an invented name] from T-Mobile headquarters in Washington. We heard you've been having problems with your customer account tools?"

The sales representative answered, "No, we haven't had any problems really, just a couple slowdowns. That's about it."

Prepared for this response, the hacker pressed on: "Yes, that's what is described here in the report. We're going to have to look into this for a quick second."

The sales rep acquiesced: "All right, what do you need?"

When prompted, the employee then offered the Internet address of the Web site used to manage T-Mobile's customer accounts -- a password-protected site not normally accessible to the general public -- as well as a user name and password that employees at the store used to log on to the system.

To support his story, the hacker provided washingtonpost.com with an image of a page he said was from the protected site. T-Mobile declined to comment on the screenshot, and washingtonpost.com has no way to verify its authenticity.

Inside the Walls

The hackers accessed the internal T-Mobile site shortly thereafter and began looking up famous names and their phone numbers. At one point, the youth said, the group harassed Laurence Fishburne, the actor perhaps best known for his role in the "Matrix" movies as Morpheus, captain of the futuristic ship Nebuchadnezzar.

"We called him up a few times and said, 'GIVE US THE SHIP!'" the youth typed in one of his online chats with a reporter. "He picked up a couple times and kept saying stuff like YOUR ILLEGALLY CALLING ME."

Later, using their own Sidekick phone, the hackers pulled up the secure T-Mobile customer records site, looked up Hilton's phone number and reset the password for her account, locking her out of it. Typical wireless devices can only be hacked into by someone physically nearby, but a Sidekick's data storage can be accessed from anywhere in T-Mobile's service area by someone with control of the account. That means the hackers were at that point able to download all of her stored video, text and data files to their phone.

"As soon as I went into her camera and saw nudes my head went JACKPOT," the young hacker recalled of his reaction to first seeing the now-public photos of a topless Hilton locked in an intimate embrace with a female friend. "I was like, HOLY [expletive] DUDE ... SHES GOT NUDES. THIS [expletive]'s GONNA HIT THE PRESS SO [expletive] QUICK."

The hackers set up a conference call and agreed to spread the news to several friends, all the while plotting ways to get the photos up on various Web sites. Kelly Hallissey, a 41-year-old New York native who has been in contact with the group of hackers for several years, said the group's members showed her evidence that they had gained access to Hilton's phone during these early hours -- before the images made their way online.


<       2        >

© 2005 The Washington Post Company