Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jun 23, 2011, 02:27 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Hacker Pleads Guilty in AT&T iPad Breach






Daniel Spitler pleaded guilty Thursday to two felony charges related to the publishing of 120,000 AT&T customers' email addresses on Gawker.com. One other member of hacking group "Goat-se Security", Andrew Auernheimer, was charged as well and is still in plea bargain negotiations. Spitler's plea agreement recommends a 12-18 month sentence.
Quote:
According to reports and court filings, they wrote a script that guessed the ICC-ID numbers (used to identify the iPad's SIM card) and then queried AT&T's website until it returned an e-mail address. Spitler had been accused of co-authoring this software, called "iPad 3G Account Slurper."
The original breach occurred in June of last year. The hackers discovered a security hole on AT&T's website that allowed users to plug in a SIM card identifier called an ICC-ID, and receive back the email address connected to that SIM card.

More than 114,000 email addresses were disclosed including the personal email addresses of a number of high-profile political and business figures, though it appears no actual damage occurred beyond the exposure of the email addresses.

Article Link: Hacker Pleads Guilty in AT&T iPad Breach

Last edited by Doctor Q; Jun 23, 2011 at 11:33 PM.
MacRumors is offline   0 Reply With Quote
Old Jun 23, 2011, 02:32 PM   #2
dethmaShine
macrumors 68000
 
Join Date: Apr 2010
Location: Into the lungs of Hell
Well, the punishment is due.

But lets first hear this: http://www.youtube.com/watch?v=nf7Q-163KyQ
__________________
Steve is smiling down from above.
-darkfiber
dethmaShine is offline   0 Reply With Quote
Old Jun 23, 2011, 02:34 PM   #3
supmango
macrumors 6502
 
Join Date: Feb 2008
Remind me again what AT&T got for this? Oh, that's right. A slap on the wrist.
supmango is offline   0 Reply With Quote
Old Jun 23, 2011, 02:39 PM   #4
unlinked
macrumors 6502a
 
Join Date: Jul 2010
Location: Ireland
Quote:
Originally Posted by supmango View Post
Remind me again what AT&T got for this? Oh, that's right. A slap on the wrist.
Did they even get a slap for this?

What did the guys plead guilty to anyway? It sounds like all they did was download info AT&T made available on their site. It AT&T had put all that info in a single txt file would downloading it have been a crime?
unlinked is offline   1 Reply With Quote
Old Jun 23, 2011, 02:39 PM   #5
johnalan
macrumors regular
 
Join Date: Jul 2009
Location: Dublin, Ireland
I bet he didn't think he'd spend time in prison when he did it.
johnalan is offline   4 Reply With Quote
Old Jun 23, 2011, 02:43 PM   #6
NoExpectations
macrumors 6502a
 
Join Date: Sep 2008
Quote:
Originally Posted by supmango View Post
Remind me again what AT&T got for this? Oh, that's right. A slap on the wrist.
It's also easy to steal merchandise in a store, why would a store get punished when someone steals from them?

AT&T got more than a slap....bad PR is hard to recover from.

Hackers are criminals. They should realize that.
NoExpectations is offline   9 Reply With Quote
Old Jun 23, 2011, 02:44 PM   #7
soco
macrumors 68030
 
soco's Avatar
 
Join Date: Dec 2009
Location: NJ
Quote:
Originally Posted by NoExpectations View Post
AT&T got more than a slap....bad PR is hard to recover from.
This is so true. People forget this all too often.
__________________
TMobile iPhone 5s MacBook Pro (2011)
Canon EOS Rebel T3 Canon 28mm f/1.8
Contribute to MacRumors: Become a Demi-God!
soco is offline   0 Reply With Quote
Old Jun 23, 2011, 02:47 PM   #8
ChazUK
macrumors 603
 
ChazUK's Avatar
 
Join Date: Feb 2008
Location: Essex (UK)
Quote:
Originally Posted by aardwolf View Post
It shows up on the main page... It's G-o-a- t-s-e
Thanks. I had a look at the original Gawker article in the end to see, bought back bad memories.
__________________
Windows 8 Desktop | HP Chromebook 11 | Moto G GPE | LG G Watch | iPhone 4s | iPad Mini Retina | Asus MemoPad ME176C
ChazUK is offline   0 Reply With Quote
Old Jun 23, 2011, 02:48 PM   #9
RawBert
macrumors 68000
 
RawBert's Avatar
 
Join Date: Jan 2010
Location: North Hollywood, CA
I wonder how many job offers he's received because of this.
__________________
THE ART OF RAW
Steve Lives On
RawBert is offline   1 Reply With Quote
Old Jun 23, 2011, 02:58 PM   #10
iphoneblack
macrumors member
 
Join Date: May 2008
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Not from ATT & apple for sure
__________________
You have received a warning at Mac Forums.
Reason:-------Frivolous Post
Please don't post for the sake of being, or trying to be "first". Thanks.-------
iphoneblack is offline   0 Reply With Quote
Old Jun 23, 2011, 03:00 PM   #11
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
Quote:
Originally Posted by RawBert View Post
I wonder how many job offers he's received because of this.
Zero. Hacking doesn't exactly take a genius, and it shows lack of morals and in this case lack of good judgement. Getting caught makes it worse. Not exactly what recommends you to any employer.

Look at it like this: If I did something bad that costs a customer lots of money, my company will say "well, we couldn't expect that; he came well recommended, had no complaints about him for years; no idea why he suddenly sold your customer data to a competitor; not our fault". If a convicted hacker did the same thing, my company would be in deep trouble, because any jury would say that the damage is their fault for hiring a known criminal.
gnasher729 is offline   3 Reply With Quote
Old Jun 23, 2011, 03:01 PM   #12
logandzwon
macrumors 6502a
 
Join Date: Jan 2007
Releasing personal info was bad mojo. IF they are being giving time for that, maybe I can understand. For actually gathering the information and doing the "hack" I think at most they should get a small fine and community service hours.
logandzwon is offline   1 Reply With Quote
Old Jun 23, 2011, 03:10 PM   #13
supmango
macrumors 6502
 
Join Date: Feb 2008
Quote:
Originally Posted by NoExpectations View Post
It's also easy to steal merchandise in a store, why would a store get punished when someone steals from them?

AT&T got more than a slap....bad PR is hard to recover from.

Hackers are criminals. They should realize that.
A store that is holding YOUR merchandise for you would have some accountability if they allowed it to be stolen.

A better analogy is a museum that is holding a collection of valuable artifacts from some other museum or group of museums. Don't you think there would be some kind of retribution if the museum was robbed? Especially if the robbery was due to a flaw in the security of the museum.

Obviously the value of the merchandise (data) should be considered. But more than likely some rather important people had their email addresses exposed.

I agree the hackers should be punished, but that does not negate AT&T's responsibility.
supmango is offline   0 Reply With Quote
Old Jun 23, 2011, 03:19 PM   #14
waterskier2007
macrumors 68000
 
waterskier2007's Avatar
 
Join Date: Jun 2007
Location: White Lake, MI
Send a message via AIM to waterskier2007
Am I the only one who could care less if my email was "leaked". Sure, what they did is wrong but I think people blow things out of proportion a lot...
__________________
2012 Mac Mini, 2.6 GHz, 16GB RAM, 1TB HDD
2.4Ghz 15" Macbook Pro
16 GB iPhone 5 : 32 GB iPhone 4S : 16 GB iPad 3
16 GB Nexus 7 (2012)
waterskier2007 is offline   -1 Reply With Quote
Old Jun 23, 2011, 03:21 PM   #15
burtonrider117
macrumors newbie
 
Join Date: Jun 2011
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

I can not believe that companies like at&t can get hacked by some guy sitting in their bedroom and they're not the ones standing trial! It's far from okay and irresponsible on their part.
burtonrider117 is offline   -1 Reply With Quote
Old Jun 23, 2011, 03:50 PM   #16
mylios101
macrumors newbie
 
Join Date: Feb 2008
Writing a script to guess some numbers and querying AT&T's website is in no way hacking anything.
mylios101 is offline   1 Reply With Quote
Old Jun 23, 2011, 03:54 PM   #17
pmjoe
macrumors 6502
 
Join Date: Mar 2009
Both this article and the one linked saying they pled guilty left me totally confused as to what they actually did. It sounds like all they did was discover that if you went to a certain public URL on one of AT&T's servers and gave it a valid SIM number, it'd give an email address back that was associated with that SIM number. It wasn't even clear to me if the people who were charged did anything with the data, and it sounded to me like they may have reported the security hole.

Wow, really?!? You can get a maximum of 10 years for downloading data from a public web server? What was the charge??? Who decides which data makes it a criminal offense?
pmjoe is offline   -1 Reply With Quote
Old Jun 23, 2011, 03:55 PM   #18
Rodimus Prime
Banned
 
Join Date: Oct 2006
Quote:
Originally Posted by mylios101 View Post
Writing a script to guess some numbers and querying AT&T's website is in no way hacking anything.
no but it shows AT&T system had crap security and there is no denying that. It depends how it is done if you get a job offer.
One guy wrote a script to test something security wise on face book and turned out it spread like wild fire. Now Facebook offered him a job but it took some pretty fancy work to exploit the flaw and even find it. On top of that he made no attempted to even hide who he was when he did it. It just spread a lot father than he planned on because at first it was just a test to see if it could be done.
he told facebook exactly how he did it and what the hole he found. They gave him a job but that was more of a white hacker example.
Rodimus Prime is offline   0 Reply With Quote
Old Jun 23, 2011, 03:57 PM   #19
orfeas0
macrumors 6502a
 
Join Date: Aug 2010
Location: Athens, Greece
Quote:
Originally Posted by NoExpectations View Post
It's also easy to steal merchandise in a store, why would a store get punished when someone steals from them?

AT&T got more than a slap....bad PR is hard to recover from.

Hackers are criminals. They should realize that.
Ok so someone hacked and got a bunch of e-mail addresses. Did he exploit/steal anyone? No. He even helped at&t by pointing out that security breach before someone else with worse intentions hacked it.
And you think that person should rot in jail for a year and more? Have you seen how is a jail inside? It's not easy to go in there you know. And especially for someone who didn't commit such a big crime...
orfeas0 is offline   -1 Reply With Quote
Old Jun 23, 2011, 03:57 PM   #20
Radoo
macrumors member
 
Join Date: Feb 2011
Location: Europe
Quote:
Originally Posted by gnasher729 View Post
Zero. Hacking doesn't exactly take a genius, and it shows lack of morals and in this case lack of good judgement. Getting caught makes it worse. Not exactly what recommends you to any employer.
And that is how hackers get bad reputation... Maybe people should google more about hacker vs cracker.
__________________
Radoo is offline   0 Reply With Quote
Old Jun 23, 2011, 03:57 PM   #21
Holoshed
macrumors regular
 
Join Date: Mar 2011
Location: North Carolina
Send a message via AIM to Holoshed
Quote:
Originally Posted by mylios101 View Post
Writing a script to guess some numbers and querying AT&T's website is in no way hacking anything.
Exactly! The general public has no idea what a script kiddie is vs a hacker and the media has branded hacker as someone who is "out to destroy all computers."

To be honest I really am not sure what of this was illegal except maybe posting the emails.

It's like a website that gives the current time when polled and someone writes a script to poll it every second.

If no password or security is offered it is not hacking. Through my web travels I find numerous examples of this, the worst is one of AT&Ts competitors but anyhow...
__________________
Developer and geek with lots of Apple devices
Holoshed is offline   1 Reply With Quote
Old Jun 23, 2011, 04:42 PM   #22
Plutonius
macrumors 601
 
Plutonius's Avatar
 
Join Date: Feb 2003
Location: New Hampshire
Quote:
Originally Posted by pmjoe View Post
Wow, really?!? You can get a maximum of 10 years for downloading data from a public web server? What was the charge??? Who decides which data makes it a criminal offense?
He pled guilty two two felony charges. Sounds pretty serious to me.
Plutonius is offline   0 Reply With Quote
Old Jun 23, 2011, 05:43 PM   #23
AppleDude
macrumors member
 
Join Date: Jun 2006
Quote:
Originally Posted by dethmaShine View Post
Well, the punishment is due.
I'm no anarchist but from my perspective, these folks did the world a huge favor. By exposing a security flaw without any malicious intentions, they have made use all a little safer from those who possess the same skills but use their powers for evil. So I tip my hats to them and would like to see the most lenient sentencing the law permits.
AppleDude is offline   0 Reply With Quote
Old Jun 23, 2011, 05:49 PM   #24
doctor-don
macrumors 6502a
 
Join Date: Dec 2008
Location: Georgia USA
A hacker is a hacker is a hacker.

OFF WITH HIS HEAD.
doctor-don is offline   -1 Reply With Quote
Old Jun 23, 2011, 05:50 PM   #25
doctor-don
macrumors 6502a
 
Join Date: Dec 2008
Location: Georgia USA
Quote:
Originally Posted by dethmaShine View Post
Well, the punishment is due.

But lets first hear this: http://www.youtube.com/watch?v=nf7Q-163KyQ
Are you trying to crash computers?
doctor-don is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
AT&T iPad Security Breach Hacker Sentenced to 41 Months in Prison MacRumors Politics, Religion, Social Issues 94 Mar 19, 2013 12:22 PM

Forum Jump

All times are GMT -5. The time now is 06:48 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC