You’d think you’d hear about it if a hacker broke into the servers of one of the nation’s largest cellular phone providers. You’d think you’d read it in the news if the hacker’s access allowed him to access the DOB, password and Social Security Number of any of the company’s 16.3 million customers… information that he offered for sale on the internet.

You’d think you’d hear all about it if the hacker had used his access to read the Secret Service’s email. You’d think you’d have seen headlines and warnings about the hacking if the government knew about it since last March and the cellular company learned about it last July.

But you’d be wrong.

The Secret Service contacted T-Mobile, according to an affidavit filed by cyber crime agent Matthew Ferrante, and by late July the company had confirmed that the offer was genuine: a hacker had indeed breached their customer database,

At the same time, agents received disturbing news from a prized snitch embedded in the identity theft and credit card fraud underground. Unnamed in court documents, the informant was an administrator and moderator on the Shadowcrew site who’d been secretly cooperating with the government since August 2003 in exchange for leniency. By all accounts he was a key government asset in Operation Firewall.

On 28 July the informant gave his handlers proof that their own sensitive documents were circulating in the underground marketplace they were striving to destroy. He had obtained a log of an IRC chat session in which a hacker named “Myth” copy-and-pasted excerpts of an internal Secret Service memorandum report, and a Mutual Legal Assistance Treaty from the Russian Federation. Both documents are described in the Secret Service affidavit as “highly sensitive information pertaining to ongoing USSS criminal cases”.

The incident — which was quietly investigated — is now being quietly prosecuted, possibly because the Secret Service has decided to put the hacker to work catching other hackers using the same trick that uncovered his own crime.