FBI Launches Investigation into AT&T iPad Breach
A couple of days back, Gawker revealed an AT&T data breach that affected more than 100,000 iPad users.
On Wednesday, a security team spoke to Gawker about an AT&T vulnerability it had exploited to gain information about iPad users. As a result of their research, they had obtained what the web is now calling, "the most exclusive email list on the planet." Goatse Security's list includes the email addresses of NYT CEO Janet Robinson, Harvey Weinstein, Mayor Michael Bloomberg, White House Chief of Staff Rahm Emanuel and Diane Sawyer of ABC News. While the breach was reported to AT&T and the security hole closed, Goatse shared the exploit with third parties and is unsure who took advantage before AT&T had the chance to fix things.
Obviously some names on that list are bigger than others, and no doubt the inclusion of White House Chief of Staff Rahm Emanuel and other public figures is the reason the Federal Bureau of Investigation has decided to get involved. The FBI yesterday confirmed that it was investigating the data breach.
"The FBI is aware of these possible computer intrusions and has opened an investigation to address this potential cyberthreat," an FBI spokeswoman told AFP.
Gawker's Ryan Tate confirmed that the FBI had made contact with Gawker Media last night.
"We can confirm that Gawker Media was contacted by the FBI earlier today and issued a formal preservation notice."
- Australian Gov May Force ISPs to Track Customers
- VIDEOS: PlayStation 4 Revealed?
- Microsoft's E3 Reveal ''Bigger than Natal''
- The Yahoo Giveaway USB Hub We Want
- The Desk Every Modern School Should Have
- Nokia Finally Jumps on Dual-SIM Bandwagon
- 5 Ways to Save Money By Using Tech
- Pro-porn Group Puts Porn on San Francisco iPads
- Panasonic Ships MASSIVE 11x6 Foot 3D TV
- No Porn for Windows Phone 7 Users Either
- Rock Band 3 Packs 102-button Pro-Guitar
- 3D Glasses Are Disgusting; Please Bring Your Own
- Judge Places Limits on Airport Laptop Searches
- Verizon's Droid 2 Specs Leaked
- Students Commit Suicide Using Laptop Injection
- Microsoft Kinect: Games and Video Chat Revealed
- New Xbox Boasts 250GB HDD, Wireless and More
- AT&T's Apology for Massive Security Breach
- VIDEO: Kinect to Hit November, Looks Exhausting
AT&T had security holes??????? NNNo.
All organizations have had or will have one eventually. Even departments within the federal government are not immune. The important thing is how will they deal with it and what steps are taken that it doesn't happen again.
They should stop wasting their time on this and investigate the data caps AT&T is implementing and also investigate why people are forced to get a data plan when they buy a smart phone even if they might not need it.
"Goatse Security's list"
This just in, the fbi recruits the hacker(s) responsible for the data breach
why bother getting fbi involed?
its a computer computers have been hacked since day one
there have even been hackers since the invention of the telephone and perhaps earlier, there is no way they will stop a profession that far rooted no matter how evil it sometimes is
why bother getting fbi involed?its a computer computers have been hacked since day onethere have even been hackers since the invention of the telephone and perhaps earlier, there is no way they will stop a profession that far rooted no matter how evil it sometimes is
just shut up k?
why bother getting fbi involed?its a computer computers have been hacked since day onethere have even been hackers since the invention of the telephone and perhaps earlier, there is no way they will stop a profession that far rooted no matter how evil it sometimes is
Sigh. Think before you post.
I think that what Goatse (I can't say that without cringing) did was in the public's best interest, as they mentioned, and that AT&T, as well as other companies need to step up to the plate and make sure their information is safe. Sure these guys dug up the e-mail addresses, but think of who else could have done so without them knowing? The information is safe with Goatse, AT&T needs to leave them be.
Maybe they should add wings for better breach protection...
FBI uses iPad to investigate iPad breach. Wait for it!......Wait for it!......
why bother getting fbi involed?its a computer computers have been hacked since day onethere have even been hackers since the invention of the telephone and perhaps earlier, there is no way they will stop a profession that far rooted no matter how evil it sometimes is
Yeah..you're completely right. in fact, murder has been going on since day one of mankind, so how about we just let it happen. Hell, people rob people all the time. theres no stopping it so lets just have a big free for all shall we?
Sigh. Think before you post.I think that what Goatse (I can't say that without cringing) did was in the public's best interest, as they mentioned, and that AT&T, as well as other companies need to step up to the plate and make sure their information is safe. Sure these guys dug up the e-mail addresses, but think of who else could have done so without them knowing? The information is safe with Goatse, AT&T needs to leave them be.
The moment they shared the information with others is the moment they screwed themselves.
That is only because some "important" people were on the hacked list. If it had just been the average Joe they wouldn't do crap. Two sets of laws, one for the rich, famous and powerful. Then there is the other set of laws used on the rest of us.
Sorry to hear you're not rich and powerful.
The FBI is involved because some of the exposed SIM and Email address combinations belong to FBI employees who used FBI email addresses to register their iPad 3G.
If I find a door key on the street (a security hole) and then try the key in every door up and down the street (security research), I may find the door that the key opens. If I inform the owner I found their key, then they can change the locks (security hole fixed). They may give me a reward. If I first use the key to go into their building and make a copy of all of their documents before telling them about the lost key, then I will be guilty of burglary. If I make copies of the key and pass them out, then I will be guilty of conspiracy to commit burglary. If I demand a fee for telling them about the lost key under threat of passing out copies of the key with their address attached, then I am guilty of extortion. The electronic form is no different.
The only time a security company has the right to break into a computer system and grab info is AFTER they are hired to attempt to do so. Clearly, the FBI should investigate.
The only time a security company has the right to break into a computer system and grab info is AFTER they are hired to attempt to do so.
I'm not saying a probe is without warrant in this case but discovery and proof of concept doesn't require a contract with the vulnerable entity (AT&T in this case).
Many years ago I discovered a vulnerability in a website allowing me to execute TCL (who still uses Tool Command Language?) code on the site web server. I created proof of concept web pages for them that listed database names and tables in those databases just to prove I had unrestricted access to their data.
I didn't keep any data (names of databases and tables) and handed over all of the work I had created to the site owner.
Gathering all of the data is intrusion which IMHO goes beyond the requirements for a proof of concept. Keeping and/or publishing the related data (even with censoring marks) also crosses that line.
Some of these freelance groups don't have good policies in place on how to properly handle discovered vulnerabilities and they run away with excitement over finding something first and showing it off to the world. This often does more damage than good.