Hackers who stole email addresses from iPads face charges

Thieving of email details earns White Hat hackers criminal charges

Self-acknowledged White Hat hackers are facing criminal charges in the US for grabbing the email addresses of 114,000 AT&T 3G customers who use iPads. The breach they acknowledge committing and publicised last summer took advantage of weaknesses in AT&T's resubscription page for iPads to harvest the email addresses and ID numbers for the SIM cards in their iPads. The breach yielded this information for some famous people, including TV journalist Diane Sawyer, former White House Chief of Staff Rahm Emanuel and New York Mayor Michael Bloomberg, as well as employees of NASA, the US Department of Justice, DARPA, The New York Times, Google, Microsoft, Goldman Sachs and Citigroup. According to Reuters, Daniel Spitler and Andrew Auernheimer, both of whom work at Goatse Security are being charged with fraud and conspiracy to access a computer without authorisation. The pair leaked information about the breach to Gawker Media, but AT&T said the weakness that allowed the breach was fixed before the story ran. The flaw was that AT&T prepopulated the subscription-renewal page with users' email addresses. The hackers managed to access these pagers for other users and wrote a script that automated scraping the email addresses and SIM card IDs. While claiming to hack for social good, Aunheimer has also been characterized as an internet troll - someone who performs destructive or annoying acts via the internet. In court documents last month, FBI agent Christian Schorle says the FBI has been aware of Aunheimer as a hacker and "self-proclaimed troll" since 2001. When the FBI raided his home in Arkansas as part of the AT&T breach, they found drugs that resulted in charges of possession of cocaine, LSD, ecstasy and oxycodone. In an open letter last November to Assistant US Attorney Lee Vartan on the Goatse Security website, Auernheimer says the intent of the breach was to point out lax security on the part of AT&T. At the time of the letter, Auernheimer says he knew the US Attorney was considering charges. In the letter he claims that Goatse has a reputation for fighting cyber crime. "Social responsibility has always been at the core of everything we do at Goatse Security," he writes, "and this will be extraordinarily obvious at a trial. Goatse has done large amounts of documented work in project areas such as combating safe havens for pedophiles worldwide, protecting US infrastructure, and keeping U.S. citizens safe from Russian and Chinese organized crime." The letter urges Vartan to drop the prosecution because continuing might damage his professional reputation. "I pray for you, Lee," Auernheimer says in the letter. "I pray for you to see wisdom in your actions, and pray for you to be guided towards righteousness. I advise you to discuss this matter with your family, your friends, victims of crimes you have prosecuted and your teachers, for they are the people who would have been harmed had AT&T been allowed to silently bury their negligent endangerment of United States infrastructure."

Join the newsletter!

Error: Please check your email address.

Tags Security IDwhite hat

Show Comments