toggle

AAPL Stock: 428.47 ( -3.3 )

http://www.macnn.com/articles/10/06/16/may.not.be.connected.to.hacking.incident/

Person involved in exposing AT&T iPad data put under arrest

updated 12:15 pm EDT, Wed June 16, 2010

 

May not be connected to hacking incident


A hacker belonging to Goatse Security -- the group that exposed AT&T privacy vulnerabilities involving the iPad 3G -- has been arrested following an FBI search on his Arkansas home, reports say. Andrew Auernheimer, 24, is facing four felony charges of possession of a controlled substance, and one misdemeanor possession charge. Cocaine, ecstasy, LSD and various pharmaceuticals are said to have been found at his home.

It is not clear, however, if the drugs were the reason for the search, or merely incidental. The action may have been related to the iPad case; AT&T has blasted Goatse for exposing its security problems, and promised to assist in the investigation and prosecution of any illegal activity. Auernheimer, also known under the aliases "Escher" and "Weev," has insisted that the group just wanted to help people protect themselves, and so only went public with information about AT&T after the company had fixed vulnerabilities.

Circumstances may become known sometime after June 18th, when a hearing is scheduled to take place at Washington County Circuit Court. The iPad case is not the only Apple-related privacy issue affecting AT&T; during Tuesday's rush of iPhone 4 pre-orders, a number of people were accidentally shown the wrong account information after logging into AT&T's website. Secrets such as bills and addresses were accidentally disclosed.




by MacNN Staff

Post tools:

TAGS :

 security, AT&T, iPad, Arkansas

Related Articles

Recent Articles

toggle

Comments

  1. byRyan

    Fresh-Faced Recruit

    Joined: Jun 2007

    +2
    06/16, 12:50pm | report spam | Reply |

    Goatse, huh

    Yeah, after this guy guts out of prison, he is going to look like the goatse guy too!

  1. Feathers

    Grizzled Veteran

    Joined: Oct 1999

    +4
    06/16, 01:11pm | report spam | Reply |

    Finally!

    It's about time some of these guys got their collar felt. The "...I broke into your house to expose your vulnerabilities..." defense simply doesn't fly anymore.

  1. iphonerulez

    Fresh-Faced Recruit

    Joined: Nov 2008

    -2
    06/16, 01:16pm | report spam | Reply |

    Throw this guy under the prison...

    or put him in the jail cell with Big Bubba, that well-endowed 350 lb. inmate who just loves becoming intimate with high-tech criminals. Hackers like forcing their way through restricted areas and so does Big Bubba. Yeah, wait till the lights go out, Andy.

  1. godrifle

    Fresh-Faced Recruit

    Joined: Jan 2006

    +3
    06/16, 01:53pm | report spam | Reply |

    What...

    ...a dumb-a**. Inviting a Federal investigation because you're hacking *and* telling the world about it. Then you don't get rid of the drugs at your pad.

  1. udecker

    Forum Regular

    Joined: Sep 2000

    +4
    06/16, 02:19pm | report spam | Reply |

    c'mon people

    sure it was an embarrassment, and he didn't do it as well-thought-out as he should have.... but it got AT&T to close the security hole.

  1. Glenstorm

    Junior Member

    Joined: Dec 2000

    +2
    06/16, 02:36pm | report spam | (1 reply) Reply |

    He didn't break in. . .

    "Apparently AT&T left a script on their public website, which when handed an ICC-ID would respond back with the email address of the subscriber. This apparently was intended for an AJAX-style response inside AT&T's web apps."

    from:

    http://www.dailytech.com/ATT+Accidentally+Shares+114000+iPad+3G+Buyers+Email+Addresses/article18670.htm

  1. testudo

    Forum Regular

    Joined: Aug 2001

    +1
    06/16, 04:06pm | report spam | (1 reply) Reply |

    Re: Finally!


    It's about time some of these guys got their collar felt. The "...I broke into your house to expose your vulnerabilities..." defense simply doesn't fly anymore.

    Except he didn't break in. If you have connect to a public computer and request information, and the computer is damn stupid to give you the information, how is that 'breaking in'?

    It's like saying if I keep asking you for your email address and you tell me, I'm somehow 'stealing' them.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0
    06/16, 07:04pm | report spam | Reply |

    Re: What he did is no different than dictionary at

    He wrote a script to "guess" the ICC-IDs which is similar to a dictionary attack on passwords. It was not completely open.

    There is nothing illegal about a dictionary attack. He still never gained access to non-public servers or used any of the information to gain access to private data.

    So, instead of me saying "Hey, what's your SSN" and you telling me, it's me going up to you and saying "Hey, what's the email address for ID 1" and you saying 'no user with that ID" until I get to IDs that exist and you go "Oh, that's fred@fred.com".

    You can't 'break-in' by just requesting a bunch of information from a server. It only becomes an issue if I do something with the data (like log into the account and drain all your rollover minutes).

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0
    06/16, 07:07pm | report spam | Reply |

    Oh

    And I love how everyone is so "burn them in h***" over hackers who 'steal' data over the internet, but never seem to have anywhere close to the hatred to the companies that so lacked any care about your information they didn't bother worrying whether it was secure or not.

  1. WiseWeasel

    Junior Member

    Joined: Apr 1999

    0
    06/16, 07:10pm | report spam | Reply |

    Sad

    That wild facial hair in the mug shot sure didn't help his image much either. I'm inclined to believe the guy, that he thought he was doing people a service by publicizing this vulnerability. It's sad that he'll have to face prison for the unrelated consensual crime of possessing psychedelic drugs because of it. I hope they get him off on some technical impropriety in the investigation.

Show More Comments

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Logitech FabricSkin Keyboard Folio for iPad

Since the fourth-generation iPad didn't evolve much over its predecessor, the market for iPad accessories has remained somewhat static ...

Huawei Ascend Mate

The Huawei Ascend Mate is a phone that fits the screen-size gap between the 4 to 5-inch smartphone and the seven-inch or more tablet, ...

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

toggle

Most Commented

 

Popular News