Skip to main content

Two Men Charged in iPad/AT&T Hacking Case

You might remember last year when an AT&T/iPad hack saw the data of roughly 120,000 AT&T subscribers, including high profile users such as New York Times CEO, Janet Robinson; Harvey Weinstein; New York City Mayor, Michael Bloomberg; former White House Chief of Staff, Rahm Emanuel; and Diane Sawyer of ABC News, revealed. A group calling themselves Goatse Security discovered that when provided with an ICC-ID (the unique number attached to each subscriber’s SIM card) as part of an HTTP request, a script on AT&T’s website would return the email address associated with the account in plain text. Goatse said at the time that it was able to guess a large number of iPad ICC-ID numbers by looking at iPad 3G ICC-IDs gleaned from sites like Flickr. AT&T was apparently warned of the security hole, but only closed it after Goatse had written a PHP script to harvest the data and shared the vulnerability with third-parties.

This week Reuters reports that investigators have accused two men, Daniel Spitler and Andrew Auernheimer, of using an "account slurper" to carry out a brute force attack over a five day-period in June. The two were taken into FBI custody yesterday morning. Both are charged with one count of fraud and one count of conspiracy to access a computer without authorization. Each of the above charges carries a maximum term of five years in prison and fines of up to $250,000.

According to Reuters, both men are members of Goatse Security, which describes itself as a group of "self-professed Internet 'trolls'" who try to disrupt online content and services.

Read the full story here.