Goatse Security iPad Hacker Gets 41 Months for "Doing Arithmetic"
March 18, 2013 11:06 PM
Exploiting iPad flaw proves costly for researcher, despite relatively responsible disclosure process
Nearly four years behind bars; that's the fate a New York security "researcher" faces after being
by a jury of his peers and sentenced by a federal judge on cybercrime charges involving his 2010 exploitation of a flaw in the security of iPad service provider AT&T. He allegedly used the flaw to
expose the email address of over 100,000 individuals
I. A Leaky Hole
The story began in June 2010. Apple, Inc. (
) had just released
the first generation iPad
, a tablet computer that transformed the form factor from overlooked to
. And the service provider du jour for iPads with 3G data connectivity was AT&T, Inc. (
But AT&T's iPad support services had a relatively minor, but notable security flaw. AT&T's iPad-related servers ran a script that accepted an ICC-ID (
integrated circuit card identifiers
), an identifier unique to each device.
If sent a valid ICC-ID, the script served up the personal email of the subscriber associated with that device. AT&T had planned to use the feature to generate a slick AJAX-style response on its web applications for the iPad.
AT&T left a gaping hole in their iPad web scripts. [Image Source: DailyTech/Jason Mick]
But Andrew Auernheimer, Daniel Spitler, and other hackers with the profanely named "troll" hacker collective Goatse Security identified the vulnerability when they were probing AT&T's servers. They quickly wrote a so-called "data slurper" -- a script that performed a brute force attack, working through tables of ICC-IDs and recording the ones that received a response.
apologized for the breach
and took down the script, closing its hole.
II. Investigation, Trial Conclude in Guilty Verdict
But the damage was already done. Goatse Sec. had published its results to the blog site
, revealing parts of a data set that contained roughly
114,000 email addresses
. Among the high-profile figures exposed were ABC News anchor Diane Sawyer, New York City Mayor Michael Bloomberg, and current Chicago Mayor Rahm Emanuel.
Soon after the data loss,
U.S. Federal Bureau of Investigation
agents investigating the incident conducted a raid on the home Mr. Auernheimer who had moved from New York to a residence in Arkansas. Mr. Auernheimer, aka "weev" or "Escher Auernheimer" was arrested by federal agents on suspicion of computer crimes. Authorities also allegedly found
cocaine, LSD, and ecstasy
in his residence. Lawyers for Mr. Auernheimer contend that the raid was unnecessary and illegal. The security "researcher" has yet to face charges on the drugs found.
with one count of conspiracy to access servers without permission and one count of identity theft. These offenses -- spelled out in the Computer Fraud and Abuse Act of 1986 (
18 USC § 1030
) -- carry a maximum sentence of five years in prison and a fine of up to $250,000 USD.
Goatse Security "researcher" Andrew Auernheimer was found guilty of two counts of computer crimes and may be sentenced to up to five years in prison, pending appeal. [Image Source: AP]
Mr. Auernheimer was charged in
U.S. District Court for the District of New Jersey
, the location where his co-defendant (Daniel Spitler) was charged. Initially, federal authorities had planned to charge the two members separately, which would have resulted in a trial of Mr. Auernheimer in an Arkansas District Court. However, the case was eventually shuffled to the New Jersey District Court.
In June 2011, Mr. Spitler, aka "JacksonBrown"
to the two cybercrimes counts, in hopes of receiving a lighter sentence. He is currently awaiting sentencing.
Mr. Auernheimer fought the charges, and but the triakl with the jury finding Mr. Auernheimer guilty of both counts, despite the fact that Mr. Auernheimer only accessed a gaping open system.
III. Auernheimer to Cyber-Dissidents: Rise Up
Four months after that guilty verdict Mr. Auernheimer seems more at peace with his coming time behind bars. He participated in a mostly lighthearted
("Ask Me Anything") on Sunday before the sentencing.
Ironically, prosecutors tried to turn Mr. Auernheier's upbeat and sarcastic Reddit comments against him at the sentencing hearing the next day. They pushed for 4 years -- nearly the maximum sentence. The judge instead sentenced him to a slightly shorter 41 months sentence, to be followed by 3 years of supervised release, during which time his electronic behavior will be monitored.
The accused read John Keats'
The Fall of Hyperion
and told reporters at a press conference, "I'm going to jail for doing arithmetic."
Andrew Auernheimer will soon be headed to a nearly four year stay in prison.
[Image Source: The Verge]
The statement comes just months after his proclamation that he hoped he would get the maximum 5 year sentence to encourage
and other cyber-rebels to "rise up and storm the decks."
He and his co-defendant Mr. Spitler will have to pay $73,000 USD in restitution if the verdict sticks. Mr. Auernehimer is currently appealing the sentence. His attorney, Tor Ekeland told
in an interview that courts are divided on what exactly constitutes "unauthorized access" in the CFAA, pointing to a possible route for the appeal.
"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki
Second Hacker in AT&T/iPad Case Seeks Plea Deal
July 29, 2011, 12:16 AM
Apple, AT&T Convince FBI to Charge Goatse Security
January 18, 2011, 10:31 AM
Goatse Security Researcher Arrested After FBI Raid Reveals Blow, X
June 16, 2010, 8:34 AM
AT&T Apologizes to iPad Customers, We Reveal Hackers' Locales
June 14, 2010, 9:37 AM
AT&T's Gaping Hole Exposes 114,000 iPad 3G Buyers' Email Addresses
June 9, 2010, 5:55 PM
Xiaomi Mi 6 - Flash Sale on April 28 in China
April 26, 2017, 7:45 AM
Apple Watch NikeLab Limited Edition unveiled.
April 22, 2017, 6:20 AM
What is the Apple’s iPhone 8 specifications and release date?
April 14, 2017, 5:43 AM
Xiaomi Mi Pad 3 tablet with Hexa –Core SoC, Android Marshmallow
April 6, 2017, 6:40 AM
Vivo launches V5 Plus IPL edition smartphone
April 4, 2017, 11:10 AM
Samsung S8 and S8 Plus: On Sale April 21 at Major Wireless Dealers
March 30, 2017, 7:35 AM
Most Popular Articles
Surface Pro 5 Rumors - New Release Date and Price
April 22, 2017, 6:45 AM
SAPPHIRE PULSE Radeon RX 580 8GD5 – Great Value for the Money
April 20, 2017, 7:47 AM
Apple Watch NikeLab Limited Edition unveiled.
April 22, 2017, 6:20 AM
Dell Inspiron 17 7000 – A Premium Laptop featuring 7th Gen Intel Core i7 in a 2-in-1 Frame.
April 19, 2017, 7:45 AM
Meet the Smartphone with four cameras - Alcatel Flashphone
April 5, 2017, 11:20 AM
Latest Blog Posts
Google Android App – Huge improvement on Nighttime Photography
Apr 27, 2017, 7:40 AM
Google Co-Founder, Sergey Brin has an Airship
Apr 26, 2017, 6:43 AM
Samsung Galaxy S8 and S8 Plus – Lots of Glass that Breaks Easily
Apr 25, 2017, 7:20 AM
Samsung Galaxy S8 – Warning for Pet Owners
Apr 24, 2017, 5:59 AM
Sound Bars and the Costs?
Apr 23, 2017, 6:30 AM
Link your Brain to Your Computer – In Four Years…Maybe
Apr 22, 2017, 7:03 AM
Google Home can now identify users by their voice.
Apr 21, 2017, 7:15 AM
Amazon Lex – Now Available for Developers.
Apr 20, 2017, 6:58 AM
You can now use Instagram offline on your Android Smartphone
Apr 19, 2017, 8:00 AM
Now you can livestream to YouTube from your mobile device.
Apr 18, 2017, 8:05 AM
Google Home – Is It a Spy Device?
Apr 17, 2017, 7:30 AM
Apple added to self –driving test permit list
Apr 15, 2017, 6:21 AM
Project Scorpio – Coming on June 11
Apr 14, 2017, 6:20 AM
Looks Like Samsung Has Been Forgiven.
Apr 13, 2017, 6:50 AM
United Airlines - Blasted on China’s Social Network and the Stock Market
Apr 12, 2017, 6:50 AM
Amazon's Third-Party Sellers Hacked
Apr 11, 2017, 6:25 AM
Microsoft Surface Pro5 Details Revealed
Apr 9, 2017, 6:41 AM
Own An Android Phone? Then you could be hacked over Wi-FI
Apr 7, 2017, 6:47 AM
Apple confirms iOS 10.3 bug and its effect on iCloud Services
Apr 6, 2017, 6:30 AM
Apple Rolls Out New Version of Apple Music
Apr 5, 2017, 10:35 AM
Apple in the News
Apr 4, 2017, 9:03 AM
Apple iPhones Will Soon Feature Graphics Chips Designed BY Apple
Apr 3, 2017, 6:23 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information