GoatseSecurity
Latest
AT&T iPad hacker pleads guilty to stealing data
Daniel Spitler is facing up to 10 years in prison for his role in the theft of personal information from iPad 3G users on AT&T. Spitler was one of the men responsible for writing the iPad 3G Account Slurper that parsed the SIM card numbers of AT&T iPad 3G owners and used them to retrieve email addresses from the carrier's website. The men, Daniel Spitler and Andrew Auernheimer, were part of the hacker group that ended up grabbing over 100,000 records. Spitler pleaded guilty to the two felony charges and, as part of his plea agreement, could see his potential sentence reduced from a maximum of 10 years to as little as 12- to 18-months.
Hacker pleads guilty to AT&T iPad breach
Nearly six months after his arrest, one hacker pleaded guilty to charges that he exposed the email addresses of over 100,000 AT&T iPad 3G users. It's been a year since Daniel Spitler and his compatriot, Andrew Auernheimer, coaxed Ma-Bell servers into delivering the goods, with a brute force script they lovingly named the iPad 3G Account Slurper. The hacker's plea agreement suggests a 12 to 18-month sentence, which is a lot more lenient than the 10-year maximum we hear he could face. Spitler's collaborator is apparently still in plea negotiations with the prosecutor. Both men initially claimed they were just trying to draw attention to a security hole, but maybe next time they'll think twice before embarking on such altruistic endeavors.
Two arrested for iPad security breach
Two arrests have been made connected to the security breach that exposed thousands of iPad users' email addresses and other info last year. Daniel Spitler and Andrew Auernheimer (yeah, that guy again) have been taken into custody and charged with conspiracy to access a computer without authorization and fraud, for allegedly using a custom script (built by Spitler) called iPad 3G Account Slurper to access AT&T's servers, mimic an iPad 3G, and try out random ICC identifiers. Once a valid ICC was found, one could harvest the user's name and email address. Of course, the hackers maintain that this was all done to force AT&T to close a major security flaw, and we'll be interested to see what exactly the company does to make things right.
Hacker group responds to AT&T, leader held by FBI
You'll remember that the not-at-all-ridiculously-named Goatse Security (GS) announced its discovery of an exploit on AT&T's website last week. They used it to get a list of email addresses belonging to iPad 3G customers. One hundred and fourteen thousand of them, in fact. AT&T representatives said that they were made aware of the hole and had it patched within a day, and explained their side of the story in the New York Times. Dorothy Attwood, a senior vice president and chief privacy officer at AT&T, said "...unauthorized computer 'hackers' maliciously exploited a function designed to make your iPad log-in process faster." The folks at GS took umbrage at being called "malicious," and posted their own response, citing still-unpatched vulnerabilities in Mobile Safari on the iPad as evidence that Apple and AT&T are not addressing the real issues. "When we disclosed this," wrote Escher Auernheimer, "we did it as a service to our nation. We love America and the idea of the Russians or Chinese being able to subvert American infrastructure is a nightmare...The fact remains that there was not a hint of maliciousness in our disclosure." The FBI agrees with Auernheimer's assertion that this exploit is of national interest. So much so, CNET reports, that they raided Andrew Auernheimer's home on a warrant (we assume "Escher" is a pseudonym). They found "illicit drugs," and Auernheimer is now being held on felony charges. Let this be a lesson to you. If you plan on serving your country, get rid of the drugs first. [via Engadget]
AT&T hacker's home raided, drugs found, dude detained (update)
Man, one day you have the whole world's ear to talk about slack network security, and the next you're in the joint. Andrew Auernheimer, Goatse Security's hacker-in-chief and a key player in the unearthing of a major security flaw exposing iPads surfing AT&T's airwaves, is today facing felony charges for possession of a variety of potent drugs. That wouldn't be such intriguing news by itself, but the discovery was made by local law enforcers who were in the process of executing an FBI search warrant. Hey, wasn't the FBI going to look into this security breach? Yes indeedy. While nobody is yet willing to identify the reasons behind this warrant, it's not illogical to surmise that Andrew's crew and their online exploits were the cause for the raid. So there you have it folks, it's the first bit of advice any publicist will give you: if you're gonna step out into the glaring light of public life, you'd better clean out your closet first. Update: Before y'all get in an uproar about "white hacker this" and "Police State that," let's keep in mind that this Andrew Auernheimer character (a.k.a. "Weev") is one unsavory dude (not to mention a raving anti-Semite): check out this New York Times piece on Internet Trolls if you don't believe us. After all, it's not really a stretch that law enforcement might be after someone who's in possession of ecstasy, cocaine, LSD, and various other pharmaceuticals.
iPad still has a major browser vulnerability, says group behind AT&T security breach
You know that tiny little security snafu that allowed over a hundred thousand iPad users' email addresses out? The one that the FBI felt compelled to investigate? Well, Goatse Security -- the group that discovered that particular hole (stop laughing) -- isn't best pleased to be described as malicious by AT&T's response to the matter, and has requited with its own missive to the world. Letting us know that the breach in question took "a single hour of labor," the GS crew argues that AT&T is glossing over the fact it neglected to address the threat promptly and is using the hackers' (supposedly altruistic) efforts at identifying bugs as a scapegoat. As illustration, they remind us that the iPad is still wide open to hijacking thanks to a bug in the mobile version of Safari. Identified back in March, this exploit allows hackers to jack in via unprotected ports, and although it was fixed on the desktop that same month, the mobile browser remains delicately poised for a backdoor entry -- should malevolent forces decide to utilize it. This casts quite the unfavorable light on Apple as well, with both corporations seemingly failing to communicate problematic news with their users in a timely manner.
