Hacker Pleads Guilty in AT&T iPad Breach
Daniel Spitler pleaded guilty Thursday to two felony charges related to the publishing of 120,000 AT&T customers' email addresses on Gawker.com. One other member of hacking group "Goatse Security", Andrew Auernheimer, was charged as well and is still in plea bargain negotiations. Spitler's plea agreement recommends a 12-18 month sentence.
According to reports and court filings, they wrote a script that guessed the ICC-ID numbers (used to identify the iPad's SIM card) and then queried AT&T's website until it returned an e-mail address. Spitler had been accused of co-authoring this software, called "iPad 3G Account Slurper."
The original breach occurred in June of last year. The hackers discovered a security hole on AT&T's website that allowed users to plug in a SIM card identifier called an ICC-ID, and receive back the email address connected to that SIM card.
More than 114,000 email addresses were disclosed including the personal email addresses of a number of high-profile political and business figures, though it appears no actual damage occurred beyond the exposure of the email addresses.
Popular Stories
Apple today released several open source large language models (LLMs) that are designed to run on-device rather than through cloud servers. Called OpenELM (Open-source Efficient Language Models), the LLMs are available on the Hugging Face Hub, a community for sharing AI code. As outlined in a white paper [PDF], there are eight total OpenELM models, four of which were pre-trained using the...
Apple is set to unveil iOS 18 during its WWDC keynote on June 10, so the software update is a little over six weeks away from being announced. Below, we recap rumored features and changes planned for the iPhone with iOS 18. iOS 18 will reportedly be the "biggest" update in the iPhone's history, with new ChatGPT-inspired generative AI features, a more customizable Home Screen, and much more....
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. AppleInsider...
Best Buy is discounting a collection of M3 MacBook Pro computers today, this time focusing on the 14-inch version of the laptop. Every deal in this sale requires you to have a My Best Buy Plus or Total membership, although non-members can still get solid second-best prices on these MacBook Pro models. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a...
Daniel Spitler pleaded guilty Thursday to two felony charges related to the publishing of 120,000 AT&T customers' email addresses on Gawker.com. One other member of hacking group "Goatse Security", Andrew Auernheimer, was charged as well and is still in plea bargain negotiations. Spitler's plea agreement recommends a 12-18 month sentence.
Top Rated Comments
It's also easy to steal merchandise in a store, why would a store get punished when someone steals from them?
AT&T got more than a slap....bad PR is hard to recover from.
Hackers are criminals. They should realize that.
Zero. Hacking doesn't exactly take a genius, and it shows lack of morals and in this case lack of good judgement. Getting caught makes it worse. Not exactly what recommends you to any employer.
Look at it like this: If I did something bad that costs a customer lots of money, my company will say "well, we couldn't expect that; he came well recommended, had no complaints about him for years; no idea why he suddenly sold your customer data to a competitor; not our fault". If a convicted hacker did the same thing, my company would be in deep trouble, because any jury would say that the damage is their fault for hiring a known criminal.
"Hope you like prison food... and penis."
from the movie "The Other Guys"
Sorry it doesn't work that way. Bottom line is they caused financial damage to a business. If their intention was not malicious and they were "only doing public service" as you think, they would have contacted AT&T and told them there is a flaw in their system. Which they didn't. Instead they chose to get name and fame (infamy in their case) and published hundreds of SIM IDs and email addresses on the Internet.
Agreed publishing email addresses seems benign. But the news article says there were several high profile personalities among that list and I am sure it affects them more than an average person. It is basically an invasion of privacy and I am glad they went after them and made an example out of them. People need to know they can't do crap like this because they don't have a life and nothing better to do and expect to get away with it.
This is no different than you or me breaking into a local convenience store just because they didn't lock their door before leaving for the night and publishing this information out causing them damage. Hey technically you and I didn't steal anything from the store. We just broke in and announced publicly that they don't lock their door at night which in turn made other crooks steal from the store and cause them financial damage. So are we responsible in any way? Hell yes!
Exactly. That's the problem, the hacker does (arguably) a "good" thing by exposing a security hole. Instead of being a Good Samaritan and doing something to help society in general, they post the information for the attention. Now Email addresses aren't NEARLY the same thing as credit card numbers or something, but the gov. should (and did) make a very tough stand against this sort of Cybercrime.