Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Two men charged in AT&T iPad account hacking case

Andrew Auernheimer, 25, of Fayetteville, Ark., and Daniel Spitler, 26, of San Francisco, Calif., were arrested Jan. 18 by FBI agents – each charged with conspiracy to hack AT&T’s servers and for possession of iPad personal subscriber information obtained from the servers, announced US Attorney Paul Fishman in New Jersey.

Auernheimer and Spitler are associated with Goatse Security, a loose association of internet “trolls” who try to disrupt online services and expose vulnerabilities. In June last year, the two “trolls” used an "account slurper" to carry out a “brute force” attack – an iterative process used to obtain information from a computer system – against AT&T servers and obtained 120,000 IDs and email addresses of iPad customers, according to a release from Fishman’s office.

Following the theft, the hackers provided the stolen e-mail addresses and IDs of the iPad owners to the website Gawker, which published the information in redacted form, along with an article concerning the breach, the release explained.

Fishman chided the two hackers for their actions: “Hacking is not a competitive sport, and security breaches are not a game. Companies that are hacked can suffer significant losses, and their customers made vulnerable to other crimes, privacy violations, and unwanted contact. Computer intrusions and the spread of malicious code are a threat to national security, corporate security, and personal security. Those who use technological expertise for malicious purposes take note: your activities in cyberspace can have serious consequences for you in the real world.”

Each defendant is charged with one count of conspiracy to access a computer without authorization and one count of fraud in connection with personal information. Each count carries a maximum penalty of five years in prison and a fine of $250,000.

What’s Hot on Infosecurity Magazine?