Tuesday, January 18, 2011

iPad Hackers Finally Arrested

On Tuesday, January 18 two men were arrested by federal officials for allegedly hacking into AT&T’s servers last year.

Andrew Auernheimer, 25, from Fayetteville, Ark. and Daniel Spitler, 26, from San Francisco supposedly stole e-mail addresses and other information about AT&T’s iPad customers. The two men were taken into custody by the FBI on Tuesday morning.

According to the U.S. Attorney’s office in Newark, New Jersey, Auernheimer and Spitler are being officially charged with allegedly attempting to hack into AT&T’s network in order to obtain personal subscriber information.

Auernheimer was arrested when he appeared in an Arkansas state court for drug charges that were completely unrelated to the hacking charges. He was quickly scheduled to appear in court before the U.S. Magistrate in Fayetteville, Judge Erin L. Setser, later Tuesday. Spitler’s arrest was a little less complicated. He gave himself up to the FBI in Newark and will be appearing before U.S. Magistrate Judge Claire C. Cecchi in Newark’s federal court.

The maximum potential penalty for both Auernheimer and Spitler is five years in prison as well as a $250,000 fine.

Back in June 2010, AT&T did recognize the fact that a breach to its server had taken place. The breach exposed approximately 114,000 e-mail addresses and ICC-IDs of Apple iPad users, including such users as Michael Bloomberg, Harvey Weinstein, and blogger Kara Swisher. Later on, AT&T blamed the breach on hackers who had utilized a feature that was meant to help users log into their accounts more quickly.

The simple function allowed users to link the iPad’s unique identifier to their personal e-mail address so that they would be able to sign on to AT&T’s Web site as quickly as possible. The problem was that sometimes the ICC-ID was displayed in the AT&T Web site URL.

"Seeing this, and discovering that each ICC-ID was connected to an iPad 3G user e-mail address, hackers wrote a script termed the 'iPad 3G Account Slurper,'” said the Office of U.S. Attorney Paul J. Fishman. They then “deployed it against AT&T's servers," Fishman’s office continued.

In June 2010 the “Account Slurper” attacked AT&T’s servers for several days. It worked to collect as many e-mails as it possibly could. The script tricked AT&T’s servers into providing access for the Account Slurper by mimicking the behavior of an iPad 3G.

"Once deployed, the Account Slurper used a process known as a 'brute force' attack – an iterative process used to obtain information from a computer system – against the servers, randomly guessing at ranges of ICC-IDs," Fishman's office said. "An incorrect guess was met with no additional information, while a correct guess was rewarded with an ICC-ID/e-mail pairing for a specific, identifiable iPad 3G user."
After stealing all of the information, the hackers provided the gossip blog Gawker with the stolen e-mail addresses. Gawker then posted the stolen information and said that a group known as Goatse Security was claiming responsibility for all of the hacking.

Fishman reported that Auernheimer and Spitler discussed all of the hacking over an instant messaging program known as Internet Relay Chat. Fishman’s office said that both men formulated the attack to "simultaneously damage AT&T and promote themselves and Goatse Security."

"Hacking is not a competitive sport, and security breaches are not a game. Companies that are hacked can suffer significant losses, and their customers made vulnerable to other crimes, privacy violations, and unwanted contact," Fishman said in a statement. "Computer intrusions and the spread of malicious code are a threat to national security, corporate security, and personal security. Those who use technological expertise for malicious purposes take note: your activities in cyberspace can have serious consequences for you in the real world."

"Such intrusion cases, regardless if the motive is criminal gain or prestige among peers in the cyber-hacking world, must and will be aggressively pursued to ensure these rights are protected to the highest degree," added Michael B. Ward, a Special Agent in charge of the FBI's Newark field office.

Hacking is something that we have to deal with if we’re going to be part of the tech world. It’s intimidating though to see that AT&T took several days to even realize that a hack was occurring. Despite all of this, the Apple iPad is an incredibly convenient device that people are going to keep using in spite of a few issues. Hopefully AT&T and Apple have worked through any other possible hacking issues that could occur on the iPad so that iPad users can continue with their on-the-go use of the devices free of any worries.

The Security Camera Blog

Get a regular infusion of new security camera technology information, video and news. Easy to subscribe in a reader or by email.

We help you stay in touch with the latest security camera features.

No comments:

Post a Comment