A teenager has been given 11 months in a juvenile detention centre and two years supervised release for hacking Paris Hilton's mobile phone and posting her address book - which included the mobile numbers of numerous public figures - on the internet.
The Massachusetts teen, who cannot be named for legal reasons, pleaded guilty to hacking T-Mobile USA's servers and making threats over a 15-month period beginning in March 2004. He will be prohibited from using computers, mobile phones or any device capable of accessing the internet during the period of his sentence.
Hilton's mobile phone address book was posted to the web in February giving millions of internet users access to private phone numbers and email addresses for celebrities such as Eminem and Anna Kournikova.
The teen had tricked T-Mobile employees into revealing sensitive information and exploited a flaw in T-Mobile's website to get at the information, according to a T-Mobile spokesman. T-Mobile has also taken steps to prevent such social engineering attacks from succeeding in the future, it said.
The juvenile was also charged with a variety of crimes, including hacking into unnamed internet and telephone service providers and making bomb threats to schools in Massachusetts and Florida. Damages from these crimes amounted to about $1 million, the statement said.
He was part of a loosely organised group of eight to 12 hackers, called the Defonic Team Screen Name Club. More charges are expected, according to William Sims, special agent in charge of the US Secret Service in Miami. "There were some hacks down here, and there are some co-defendants down here who were still involved," he said. "It's still an active, ongoing investigation."
T-Mobile may still have more work to do, according to Koziol. When he examined the company's website recently, the security researcher found that there were still some flaws. "I was amazed that a year after this kid did that, there were all sorts of web security problems prevalent throughout their site," he said.