In yet another case of malicious hacking, the U.S. prosecutors have charged two men for allegedly hacking AT&T's server and stealing email addresses of around 120,000 iPad users, including Hollywood personalities, CEOs, and top politicians.
The computer hackers, Daniel Spitler, 26, of San Francisco and Andrew Auernheimer, 25, of Fayetteville, Arkansas, have been charged with conspiracy for accessing computer without permission and, fraud for stealing personal information.
While Auernheimer was arrested by the FBI agents on Tuesday, Spitler surrendered to the authorities in Newark, New Jersey.
The two men, who are part of the hacking group 'Goatse Security,' allegedly hacked AT&T's server last summer to damage the telecommunication giant and promote themselves and their hacking group, stated the U.S. Attorney's office.
"Hacking is not a competitive sport, and security breaches are not a game. Companies that are hacked can suffer significant losses, and their customers made vulnerable to other crimes, privacy violations, and unwanted contact.”--U.S. Attorney Paul J. Fishman
How the hack occurred?
According to the complaint filed by the FBI, the two men, described as “internet trolls,” obtained iPad owners' data through a a script on AT&T's website, which anyone can access.
If the script was provided with ICC-ID, it revealed the associated email address of the user.
The hackers got access to the ICC-IDs through the pictures posted by iPad owners on Flickr and other websites.
Realizing that each ICC-ID was linked to iPad 3G users' e-mail address, the hackers wrote a script 'iPad 3G Account Slurper' and “deployed it against AT&T's servers."
The “Account Slurper" attacked AT&T's server for several days, and hackers obtained email addresses of around 120,000 iPad users.
Goatse Security confirmed
Not only the hacking group successfully stole users' email addresses, they also bragged about it.
In fact, Goatse Security supplied the information they obtained in the hack to website Gawker.com.
Also, just days after the attack, Auernheimer gave interviews. Claiming their work as ethical, he confirmed they had hacked AT&T's sever to improve privacy of the iPad owners.
Hackers may get 5-year-jail term
Though there has been no evidence that Spitler and Auernheimer used the information for criminal purposes, they could face five years in prison and a $250,000 fine for conspiracy and fraud.
The U.S. Attorney Paul J. Fishman, stated, "Hacking is not a competitive sport, and security breaches are not a game. Companies that are hacked can suffer significant losses, and their customers made vulnerable to other crimes, privacy violations, and unwanted contact.”
While court has released Spitler on $50,000 bail, a bond hearing for Auernheimer is scheduled for Friday.