backtop


Print 24 comment(s) - last by zzeoss.. on Jan 19 at 6:36 AM


Goatse Security may finally pay the price legally for sticking its digital paws in AT&T's gaping iPad security hole.
Some members of Goatse Security reside within the U.S., others outside it

According to an update on Reuters, the FBI will hold a press conference later today to announce charges of theft of personal information and related computer crimes concerning a recent data leak from AT&T.  That means one thing -- Apple and AT&T convinced the feds to formally charge Goatse Security, the research team responsible for grabbing and posting 120,000 iPad users' emails and hardware identifiers from an almost wide-open online database.

Apple and AT&T had been pressing hard for charges for some time now, but all had been quiet on the western front.

Goatse Security, an international team of security researchers prides themselves on discovering and exploiting "gaping holes", obtained a treasure trove of emails, stored in a database, and posted redacted portions of that database back in June on Gawker.  

The info came from a
n AJAX script openly hosted on AT&T's website, which returned an email when handed a hardware identification number called a ICC-ID (integrated circuit card identifiers).  In that regard, Goatse hardly had to "hack" in a traditional sense to obtain the information as authorities are suggesting.  The only trickery at all was to make the request header look like it came from an iPad.  From there it was just a matter of making a PHP script that guessed random ICC-IDs and monitored the returned emails.

Part of what may have landed Goatse in hot water was that it posted the emails of several high profile U.S. political and military figures, including White House Chief of Staff Rahm Emanuel and New York City mayor Michael Bloomberg.  Not all of these individuals' emails obtained were ones freely shared in the public domain -- some were the kind reserved typically for official business.

Based on our prior research, some Goatse Security team members involved in the breach resided within the United States -- Escher "Weev" Auernheimer (Calif.), Christopher Abad (Calif.).  Others -- such as Sam Hocevar (France) -- reside outside the country.  The soon to be announced charges will likely focus on Auernheimer and Abad.  Mr. Auernheimer was already arrested by the FBI in the summer of 2010 on separate, unrelated drug charges.

The charges will likely come, at least in part, from violations of the Computer Fraud Act of 1986 [PDF].  That law, amended by the recent 2001 Patriot Act [PDF] to strengthen penalties for hacking government systems, includes provisions prohibiting unauthorized access of corporate systems with the intent to "defraud".  The rather vague language in the bill has provided the federal government with an ideal blunt instrument to legally beat hackers/security researchers with in the past.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Theft is theft
By Suntan on 1/18/2011 11:43:46 AM , Rating: 2
This isn’t either of those things….

…This is like posting the private email addresses of people such as the US Chief of Staff and the Mayor of Ney York…

Seriously, feel free to hash out the legal minutia of hacking vs. investigating; stealing from someone’s house vs. stealing from their yard. But posting private info of people in that political realm is just stupid and asking for a lot of headaches from the Feds.

It’s the cyber-equivalent of trying to get your gas powered lawn mower to run while you are sitting in your livingroom. Maybe some J6P can sit behind their computer half a world away and offer you encouragement because technically nothing can go wrong… but it is still a pretty stupid thing to do.

-Suntan


"I mean, if you wanna break down someone's door, why don't you start with AT&T, for God sakes? They make your amazing phone unusable as a phone!" -- Jon Stewart on Apple and the iPhone














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki