2. Hackers
Andrew Auernheimer
25 years old
Fayetteville, Arkansas
Daniel Spitler
26 years old
San Francisco, California
Members of Goatse Security
Loose association of Internet hackers and self-
professed Internet trolls – people who “intentionally,
and without authorization, disrupt services and
content on the Internet”
3. Background Information
Crime
Hacked into AT&T’s Servers (June 2010)
iPad 3G
Prior to mid-June 2010, AT&T linked the user’s
email address to the Integrated Circuit Identifier
Every time a user accessed AT&T website, ICC-ID
was automatically displayed in the URL in plain
text and email address was populated for speedier
and more user-friendly access to the website
Hackers develop a PHP script “iPad 3G Account
Slurper”
4. iPad 3G Account Slurper
Purpose: Get as many ICC-ID/Email
combinations as possible
1. Mimicked the behavior of an iPad 3G so that the
AT&T servers would be fooled into giving it access
2. Launched brute force attack to randomly guess
ranges of ICC-IDs
If guessed correct, the server would return an email
address for a specific, identifiable iPad 3G user
Combinations were provided to the website
Gawker (www.gawker.com) which published
the stolen information in redacted form along
with an article concerning the breach
5. Stolen Emails
June 5, 2010 through June 9, 2010
Approx. 120,000 ICC-ID/email combinations stolen
Famous emails compromised
Diane Sawyer – ABC News Anchor
Janet Robinson - New York Times Co. CEO
Harvey Weinstein – Movie Producer
Michael Bloomberg – NYC Mayor
Rahm Emanuel – ex-White House Chief of Staff
(2010)
6. Crime Discovery
Public service by finding a flaw in AT&T security system
Auernheimer brags on his LiveJournal blog (June 9 )
“Oh hey, my security consulting group just found a privacy breach at
AT&T… ”
Link to Gawker article
Online interview with CNET (June 10)
Admits that one of the group members discovered the flaw via AT&T
security maintenance app and when they realized they can get other
data from it, they created a script to do a brute force attack.
Email sent to the US Attorney’s Office in NJ (November 17)
“AT&T needs to be held accountable for their insecure infrastructure as a
public utility and we must defend the rights of consumers, over the
rights of shareholders…I advise you to discuss this matter with
your family, your friends, victims of crimes you have prosecuted, and
your teachers for they are the people who would have been harmed had
AT&T been allowed to silently bury their negligent endangerment of
United States infrastructure.”
7. Chat Messages
Confidential informant provides 150 pages of
chat logs from an IRC channel
How the breach would be conducted to damage
AT&T
Promoted themselves and Goatse Security
Possibility of selling email addresses to spammers
Possible legal issues
How to destroy evidence of their crime
8. Penalty
Arrested in January 2011 by FBI
Being tried in Newark, NJ around March
Charges
One count of conspiracy to access a computer
without authorization
One count of fraud in connection with personal
information
Possible Sentence:
Maximum of 5 years in prison for each count
Fine of $250,000
Editor's Notes
Prior to mid-June 2010, AT&T automatically linked an iPad 3G user’s e-mail address to the ICC-ID, a number unique to the user’s iPad, when heregistered.The email address was automatially populated providing the user with speedier and more-friendly access to the websiteWhen the hackers discovered this, they developed a script called “ipad 3g acct slurper” which they would deploy against AT&T servers
Lord of the rings and kill bill andsin city
After disclosing the hacked information to Gawker, the two did little to hide their identity.http://www.cybercrime.gov/auernheimerArrest.pdfhttp://www.scribd.com/doc/47136974/Auernheimer-Spitler-complainthttp://media.www.hsuoracle.com/media/storage/paper927/news/2011/01/24/News/Arkansan.Hacks.Over.100000.Ipads-3970819.shtml
According to the court papers filed by the FBI, a confidential informant helped federal authorities make their case against the two defendants by providing them with 150 pages of chat logs from an IRC channel
Both are being tried in Newark, New Jersey around March