Andrew Auernheimer gets prison sentence for AT&T iPad "hack"
Posted on 18 March 2013.
Bookmark and Share
Andrew "weev" Auernheimer, security researcher and member of Goatse Security, has been handed a 41-month-long prison sentence for harvesting and publishing emails and AT&T authentication IDs of 114,000 early-adopters of Apple's iPad in 2010.

"The facts are simple. In June of 2010, Andrew Auernheimer’s co-defendant Daniel Spitler discovered that AT&T’s servers were publishing email addresses of iPad subscribers on the servers authentication log in page when queried with a SIM card number that matched an existing AT&T subscriber’s SIM card number. Upon discovering this, Spitler wrote an iterative script that queried AT&T’s publicly accessible iPad servers and copied over 120,000 email addresses. No password or any type of security was ever hacked, nor was any attempt ever made to hack any password or bypass any existing security measures. In essence, what Spitler’s script did could be done by anyone with a web browser who entered in the right combination of numbers into a URL," it is explained on a Computer Fraud and Abuse Defense Fund website.

"Auernheimer immediately went to the press with this information, and emailed some of the people whose email addresses were obtained. Neither Auernheimer nor Spitler did anything else with the information. At trial there was no evidence of any harm to anyone except for the allegation that AT&T was embarrassed by its failure to protect what it claimed was confidential information."

Despite all this, late last year Auernheimer has been found guilty on one count of identity fraud and one count of conspiracy to access a computer without authorization. After today's sentencing he was remanded to custody.

Auernheimer and Spitler were the only two members of the group to get charged for their role in the matter. Spitler pleaded guilty in 2011. Both have been ordered to pay AT&T $73,000 in damages.

When his prison stay ends, Auernheimer will still be required to be under supervision for three years.









Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //