Skip to main content

Two Men Charged in iPad/AT&T Hacking Case

You might remember last year when an AT&T/iPad hack saw the data of roughly 120,000 AT&T subscribers, including high profile users such as New York Times CEO, Janet Robinson; Harvey Weinstein; New York City Mayor, Michael Bloomberg; former White House Chief of Staff, Rahm Emanuel; and Diane Sawyer of ABC News, revealed. A group calling themselves Goatse Security discovered that when provided with an ICC-ID (the unique number attached to each subscriber’s SIM card) as part of an HTTP request, a script on AT&T’s website would return the email address associated with the account in plain text. Goatse said at the time that it was able to guess a large number of iPad ICC-ID numbers by looking at iPad 3G ICC-IDs gleaned from sites like Flickr. AT&T was apparently warned of the security hole, but only closed it after Goatse had written a PHP script to harvest the data and shared the vulnerability with third-parties.

This week Reuters reports that investigators have accused two men, Daniel Spitler and Andrew Auernheimer, of using an "account slurper" to carry out a brute force attack over a five day-period in June. The two were taken into FBI custody yesterday morning. Both are charged with one count of fraud and one count of conspiracy to access a computer without authorization. Each of the above charges carries a maximum term of five years in prison and fines of up to $250,000.

According to Reuters, both men are members of Goatse Security, which describes itself as a group of "self-professed Internet 'trolls'" who try to disrupt online content and services.

Read the full story here.

  • reconspartan
    Seems a bit harsh.
    Reply
  • jojesa
    I don't have any sympathy them.
    People who gain access to systems to steal people info deserves that and more.
    Reply
  • festerovic
    LOL goatse security. Sounds like loose security...
    Reply
  • Von Death
    festerovicLOL goatse security.Hey at least they don't show their company logo...
    Reply
  • jkflipflop98
    both men are members of Goatse Security, which describes itself as a group of "self-professed Internet 'trolls'" who try to disrupt online content and services.


    I say execute them both. I can agree with you if you at least have a point, you're out to prove something needs changed for the better. These jackasses get their "LULZ" by simply screwing with other people?

    Kill them as an example.
    Reply
  • So, what PO'd me the most about this is that some media sources are reporting that AT&T pressured to have these fools charged because AT&T "lost credibility" in customer's eyes. HellYes they lost credibility... Lets review: AT&T architected an Internet-facing solution without adhering to their own internal IT security guidelines and best practices; therefore, AT&T created this mess and now needs someone to blame! If anyone needs Chinese justice, go after the AT&T senior management and raise the IQ of the world. On second thought, just make AT&T pay for this entire litigation which will eventually cost U.S. taxpayers millions.
    Reply
  • Camikazi
    jojesaI don't have any sympathy them.People who gain access to systems to steal people info deserves that and more.Actually they originally found the flaw and reported it to AT&T, when AT&T ignored them and didn't fix the vulnerability they stepped it up to force them to fix it. Don't think they did it to steal info, cause telling AT&T about it at all would kind of end their information stealing. Not the smartest way to go about it but when the company won't listen and fix their own glaring error you gotta do something to get their attention.
    Reply
  • Parrdacc
    "AT&T was apparently warned of the security hole, but only closed it after Goatse had written a PHP script to harvest the data and shared the vulnerability with third-parties."

    So AT&T waited til these guys from Goatse did something with the hole? Okay. Who is the real problem here? Goatse who used the hole? Yes this is bad, but what about AT&T? After all they "apparently" knew about this but did not do anything until it was exploited. Sounds to me like the typical AT&T approach of: we know we have security hole, but we won't fix it till the data of customers is taken, then we take action. Well I would not want to deal with a company who knowingly waits around for someone or someones to exploit and steal using a security hole they already know about.
    Reply
  • g00fysmiley
    depnds on if they actually used the script that exploited, if they only published it to force at&t to fix thier issue after they had reported it then no they didn't do anything wrong... now if they did in fact harvest data for any purpose beyond proof it cna be exploited and showign it needed to be fixed then yes they should face charges for using the data with ill intent... i bet they get off due to not being able to prove ill will ... at least if they ahve a good lawyer
    Reply
  • jojesa
    Parrdacc"AT&T was apparently warned of the security hole, but only closed it after Goatse had written a PHP script to harvest the data and shared the vulnerability with third-parties."So AT&T waited til these guys from Goatse did something with the hole? Okay. Who is the real problem here? Goatse who used the hole? Yes this is bad, but what about AT&T? After all they "apparently" knew about this but did not do anything until it was exploited. Sounds to me like the typical AT&T approach of: we know we have security hole, but we won't fix it till the data of customers is taken, then we take action. Well I would not want to deal with a company who knowingly waits around for someone or someones to exploit and steal using a security hole they already know about.
    Let me see if I understand your analogy.
    You have a window that does not close properly on your house and your neighbor informs you about it.
    You chose to ignore the neighbor (or you could have schedule a repair for a convenient date) and he comes to your house, thru that window you did not fix when he told you to, he takes some of your belongings and leave them in the sidewalk for anyone to take.
    So you will be ok with that, since you did not fix that window in a timely manner.


    Reply