toggle

AAPL Stock: 102.41 ( + 0.28 )

Printed from http://www.macnn.com

Person involved in exposing AT&T iPad data put under arrest

updated 12:15 pm EDT, Wed June 16, 2010

May not be connected to hacking incident

A hacker belonging to Goatse Security -- the group that exposed AT&T privacy vulnerabilities involving the iPad 3G -- has been arrested following an FBI search on his Arkansas home, reports say. Andrew Auernheimer, 24, is facing four felony charges of possession of a controlled substance, and one misdemeanor possession charge. Cocaine, ecstasy, LSD and various pharmaceuticals are said to have been found at his home.

It is not clear, however, if the drugs were the reason for the search, or merely incidental. The action may have been related to the iPad case; AT&T has blasted Goatse for exposing its security problems, and promised to assist in the investigation and prosecution of any illegal activity. Auernheimer, also known under the aliases "Escher" and "Weev," has insisted that the group just wanted to help people protect themselves, and so only went public with information about AT&T after the company had fixed vulnerabilities.

Circumstances may become known sometime after June 18th, when a hearing is scheduled to take place at Washington County Circuit Court. The iPad case is not the only Apple-related privacy issue affecting AT&T; during Tuesday's rush of iPhone 4 pre-orders, a number of people were accidentally shown the wrong account information after logging into AT&T's website. Secrets such as bills and addresses were accidentally disclosed.






by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. byRyan

    Joined: Dec 1969

    +2

    Goatse, huh

    Yeah, after this guy guts out of prison, he is going to look like the goatse guy too!

  1. Feathers

    Joined: Dec 1969

    +4

    Finally!

    It's about time some of these guys got their collar felt. The "...I broke into your house to expose your vulnerabilities..." defense simply doesn't fly anymore.

  1. iphonerulez

    Joined: Dec 1969

    -2

    Throw this guy under the prison...

    or put him in the jail cell with Big Bubba, that well-endowed 350 lb. inmate who just loves becoming intimate with high-tech criminals. Hackers like forcing their way through restricted areas and so does Big Bubba. Yeah, wait till the lights go out, Andy.

  1. godrifle

    Joined: Dec 1969

    +3

    What...

    ...a dumb-a**. Inviting a Federal investigation because you're hacking *and* telling the world about it. Then you don't get rid of the drugs at your pad.

  1. udecker

    Joined: Dec 1969

    +4

    c'mon people

    sure it was an embarrassment, and he didn't do it as well-thought-out as he should have.... but it got AT&T to close the security hole.

  1. Glenstorm

    Joined: Dec 1969

    +2

    He didn't break in. . .

    "Apparently AT&T left a script on their public website, which when handed an ICC-ID would respond back with the email address of the subscriber. This apparently was intended for an AJAX-style response inside AT&T's web apps."

    from:

    http://www.dailytech.com/ATT+Accidentally+Shares+114000+iPad+3G+Buyers+Email+Addresses/article18670.htm

  1. testudo

    Joined: Dec 1969

    +1

    Re: Finally!


    It's about time some of these guys got their collar felt. The "...I broke into your house to expose your vulnerabilities..." defense simply doesn't fly anymore.


    Except he didn't break in. If you have connect to a public computer and request information, and the computer is damn stupid to give you the information, how is that 'breaking in'?

    It's like saying if I keep asking you for your email address and you tell me, I'm somehow 'stealing' them.

  1. testudo

    Joined: Dec 1969

    0

    Re: What he did is no different than dictionary at

    He wrote a script to "guess" the ICC-IDs which is similar to a dictionary attack on passwords. It was not completely open.

    There is nothing illegal about a dictionary attack. He still never gained access to non-public servers or used any of the information to gain access to private data.

    So, instead of me saying "Hey, what's your SSN" and you telling me, it's me going up to you and saying "Hey, what's the email address for ID 1" and you saying 'no user with that ID" until I get to IDs that exist and you go "Oh, that's fred@fred.com".

    You can't 'break-in' by just requesting a bunch of information from a server. It only becomes an issue if I do something with the data (like log into the account and drain all your rollover minutes).

  1. testudo

    Joined: Dec 1969

    0

    Oh

    And I love how everyone is so "burn them in h***" over hackers who 'steal' data over the internet, but never seem to have anywhere close to the hatred to the companies that so lacked any care about your information they didn't bother worrying whether it was secure or not.

  1. WiseWeasel

    Joined: Dec 1969

    0

    Sad

    That wild facial hair in the mug shot sure didn't help his image much either. I'm inclined to believe the guy, that he thought he was doing people a service by publicizing this vulnerability. It's sad that he'll have to face prison for the unrelated consensual crime of possessing psychedelic drugs because of it. I hope they get him off on some technical impropriety in the investigation.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Epson PowerLite Home Cinema 2030 projector

With high-definition televisions now the standard, 4K televisions becoming the next big thing, and plasma TVs going the way of the din ...

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Pure Jongo T2 wireless speaker

Multi-room audio compatibility is a key metric for wireless sound systems these days. The entry cost into a house-spanning system can ...

toggle

Most Commented