Researcher gets 41 months in jail for revealing AT&T’s iPad security hole By Stephen C. Webster, RawStory

Posted on Wednesday, 20th March 2013 @ 09:26 AM by Text Size A | A | A

Spread the love

A security researcher who warned AT&T about a gaping hole in how the company’s website handles data requests from iPads will spend the next 41 months in jail for hacking, a judge ruled Monday according to Wired.

The so-called “hacker,” 26-year-old Andrew Auernheimer, discovered in 2010 that AT&T’s website was forking over email addresses for iPad users if a simple URL request included AT&T’s internal numbers used to identify specific iPads. He and a friend wrote a simple program that, much like a web browser, asks a publicly available server for information, and if the server responds it posts that information in a specified area. Then they hooked it up to a number randomizer and turned it lose.

As it turned out, the security flaw in AT&T’s iPad portal was so severe that his little program ended up netting email addresses for folks like  former White House Chief of Staff Rham Emanuel,  New York Times Co. CEO Janet Robinson and New York Mayor Michael Bloomberg, according to Gawker, which broke the story after receiving a cache of data from a source they were unable to fully identify. Others government officials as high up as DARPA and NASA were included in the breach.

Gawker’s source turned out to be Auernheimer and co-conspirator Daniel Spitler, 26, who only went to the media after sending a warning to AT&T about the security hole. Instead of being thankful for the warning, AT&T initially did nothing. Once details leaked, however, the hole was quickly closed. It wasn’t long thereafter that Auernheimer and Spitler were both hit with criminal charges.

“The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses,” AT&T alleged. “They then put together a list of these emails and distributed it for their own publicity.”

“It’s a fucking ludicrous charge,” Auernheimer told Venture Beat on Sunday. “The FBI has tried to frame me for terrorism five times, and by their own admission they’ve been surveilling me since I was 15 years old.”

Investigators ultimately obtained chat logs that feature Auernheimer and Spitler disparaging AT&T and saying they wanted to leak the information in part to promote their gray-hat hacker group Goatse Security, which has not been updated since May 2011.

“No matter what the outcome, I will not be broken,” Auerheimer wrote Monday morning. “I am antifragile.”

In the courtroom on Monday, a judge read out his sentence: 41 months in prison, three years on supervised release and $73,000 in fines.

“Auernheimer got a harder sentence than the Steubenville rapists,” tech reporter Tim Pool tweeted. “One journalist equated the prosecution of hackers to the Red Scare.”

Related News On HuffPo Club

  • Nation of Islam Lectures on 9/11 Attacks. Special Guests Richard Gage, Kevin Barrett, Chris Bollyn

    Spread the love

  • Newly Unearthed CIA Memo: Media Are The “Principal Villains”

    Spread the love
    Spread the love A new declassifed CIA report unearthed by the FOIA investigive cooperative MuckRock contains some shocking commentary on how the intelligence community views and interacts with the media. The 1984 series of internal…

  • The New National Anthem of the United States

    Spread the love
    Spread the love The US national anthem defends slavery in the fourth, all but forgotten stanza. The US national anthem is a disgrace that needs to be rewritten asap: Oh say can you see,…

  • Black FBI Informant Darth PerryTells All

    Spread the love
    Spread the love    Fascinating, must see old interview of black FBI informant “Darthard Perry” aka “Ed Riggs” on Like It Is, hosted by the late Gil Noble. “The FBI is very good at conspiracies…

Disqus Comments

Specify a Disqus shortname at Social Comments options page in admin panel

Facebook Comments

G+ Comments

Default Comments

  • Hpub asks

    • Sorry, there are no polls available at the moment.