backtop


Print 65 comment(s) - last by atlmann10.. on Jun 21 at 12:52 AM


Andrew Auernheimer's mugshot  (Source: Washington County's Sheriff's Office)
Details have not been released but some are speculating AT&T requested the raid

Andrew Auernheimer, aka "weev" or "Escher Auernheimer", masterminded Goatse Security's harvest of 114,000 iPad users' private email addresses using AT&T's wide open website.  Now Auernheimer is in prison facing felony possession charges.

Auernheimer, 24, was arrested in his home late Tuesday when police raided it.  At this point its unknown whether the raid was triggered by AT&T or was unrelated to the iPad drama.  AT&T sent an apology to customers writing that it was investigating the "malicious" "attack" by "hackers", and has since wrote that it is cooperating with the FBI in the inquiry.

What is clear was that a large amount of controlled substances, including cocaine, LSD and ecstasy, were found in Auernheimer's house.

For now Auernheimer is in jail awaiting multiple criminal possession charges.  He is currently incarcerated at Washington Country Detention Center in Fayetteville, Arkansas.

The arrest has triggered a great deal of anger against AT&T, probably partially because it reminds many of Apple's requested raid on 
Gizmodo journalist Jason Chen's house, after Chen purchased a lost iPhone 4 prototype.  Cult of Mac writes:

That’s one way of putting it. Another way of putting it is that AT&T’s security malfeasance exposed the private user details of over a hundred thousand customers, and are now busy hunting down and vilifying the benign group of security activists who alerted them to the problem before less well-meaning hacker groups could exploit the data.
While Auernheimer’s arrest for drug charges is obviously warranted by the letter of the law, it’s hard to escape the fact that the Feds shouldn’t have even been at his house. Goatse did both the public and AT&T a service by publicizing a dangerous security vulnerability before it could be maliciously exploited. They didn’t publish the exploit until AT&T had closed the hole. They insisted that any published customer records had the personal information removed first.

Indeed if the raid ends up being based on the iPad investigation, it may end up being ruled invalid, considering no charges have been filed in that investigation.  

The Goatse Security researchers point out that they went to no elaborate means to obtain the information.  AT&T's website freely provided email addresses to requests with spoofed iPad headers containing an ICC-ID number.  Spoofing is by no means illegal -- most cell phones do it to change between mobile version of sites and the full version.  And all Goatse Security did was guess numbers.

They state that they felt compelled to leak the information after Apple and AT&T still haven't fixed a gaping Safari hole on the iPad.  They revealed that hole way back in March, and nothing has been done.  The group says that if they did not approach the media with the massive amount of emails they gathered, the company would have done nothing and would continue to endanger its customers.

AT&T is currently facing more problems -- during the iPhone 4 preorder madness yesterday, it apparently exposed private information of customers by misdirecting users logging in to other peoples' accounts.  This time no "hackers" were involved.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Pure and utter crap!
By MrBlastman on 6/16/2010 9:10:30 AM , Rating: 2
AT&T should be ashamed of themselves. These guys, Goatse (makes me giggle), did AT&T a FAVOR by telling them about the flaw. They could have abused the data, they could have sold it off, they could have done a large number of malicious and profitable things with the data that they culled but instead, they notified them of the flaw so they could fix it.

They also notified Apple of a flaw back in March in Safari--that they have done NOTHING about. Instead of thanking these guys for not being maleficient, they ask the police and FBI to harass, intimidate and potentially violate the 4th Amendment (I'm sure they had a warrant, but still, I see no law being broken here when they willfully alerted them of a hole).

Now--the guy that _was_ searched, well, he had lots of drugs and they did their job for busting him. However, if he can prove they did not have probable cause and the search was unwarranted, those charges can be thrown out.

What does this tell us?

Simple. It tells us, that if we find a security flaw from a MAJOR corporation, instead of telling them, instead of being kind and trying to help them, we should either:

a. Extort money from them.
b. Sell the flaw for profit.
c. Abuse it for as much money as possible.

This is the WRONG response from AT&T. Where's the gratitude here? They've just gone and pissed off a lot of people that otherwise would have been complacent.

Lead by example is what every companies motto should be. This is not an example someone should strive to follow.




RE: Pure and utter crap!
By snikt on 6/16/2010 11:54:45 AM , Rating: 2
Two things come to mind:

1)No good deed goes unpunished.

and

2)Depending on the actual quantity of drugs, the Feds will not drop the charges. They will do everything possible to bust his supplier.


RE: Pure and utter crap!
By MrBlastman on 6/16/2010 12:09:52 PM , Rating: 2
quote:
1)No good deed goes unpunished.


Soooo basically that proves my point: Why do the good deeds in the first place then? Profit like crazy and pray you don't get caught--at least, that is what AT&T is suggesting.

I don't myself though, as I prefer to travel the high road in life. Oppressive, unreasonable and maniacal companies like AT&T and Apple make this very hard though to do.


"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki