MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,191
16,005
https://www.macrumors.com/images/macrumorsthreadlogodarkd.png


101912-valleywag_ipad_personal_data.jpg


Reuters reports that U.S. prosecutors have filed criminal charges against two people involved in an AT&T security breach last year that saw email addresses and SIM identifiers for close to 120,000 U.S. iPad + 3G users exposed.
U.S. prosecutors filed criminal charges against two people accused of stealing the email addresses and other personal data of about 120,000 users of Apple Inc's (AAPL.O) iPad tablet computer.

Daniel Spitler and Andrew Auernheimer were each charged with one count of fraud and one count of conspiracy to access a computer without authorization, prosecutors said.
The FBI has been investigating the situation over the past seven months, and authorities have apparently now finally gathered enough evidence to charge those claimed to have accessed and shared the information. A press conference is reportedly scheduled for this afternoon to allow prosecutors and the FBI to discuss the case.

Auernheimer had previously argued that he had done nothing wrong, simply accessing information made freely available on AT&T's site due to improper security controls. Questions remained, however, about what was done with the information and why he had shared the details of the breach and the harvested information with Valleywag rather than going straight to AT&T.

Article Link: Charges Filed in 2010 AT&T iPad Security Breach That Revealed Personal Information
 

nwcs

macrumors 68020
Sep 21, 2009
2,214
3,466
Tennessee
If the FBI has been investigating them and brought the evidence to get them charged then they are probably toast.
 
Comment

Full of Win

macrumors 68030
Nov 22, 2007
2,615
1
Ask Apple
Questions remained, however, about what was done with the information and why he had shared the details of the breach and the harvested information with Valleywag rather than going straight to AT&T.

There was no 'question' why - it was a pissing match between Gawker/Gizmodo and Apple. Gawker used this as a foil against Apple, even thought the fault was with AT&T.

The list had some bigwigs names on it (military Generals, hollywood types). You don't mess with people like that and not expect some blowback.
 
Comment

Durendal

macrumors 6502
Apr 12, 2003
287
1
If the FBI has been investigating them and brought the evidence to get them charged then they are probably toast.
Weev is already toast. The Feds found tons of drugs when they raided his apartment shortly after he came out with the whole mess.
 
Comment

Joe-Diver

macrumors 6502
Aug 2, 2009
265
0
Fry 'em. Make examples out of them. Hit 'em as hard as you can.

Questions remained, however, about what was done with the information and why he had shared the details of the breach and the harvested information with Valleywag rather than going straight to AT&T.

That's the key....what was done with the information....that shows the true intentions and character of these folks.....and we don't need 'em.
 
Comment

ThomasJL

macrumors 6502a
Oct 16, 2008
873
1,699
AT&T fails again!

Yet another reason to choose any carrier instead of AT&T. AT&T is infamously known for cutting corners to save a buck, and it is not surprising that they took the cheapskate route by skimping on security.

Shame on Apple for making AT&T an exclusive carrier. Shame on Apple for not including the 1700 MHz AWS band in their iPads and iPhones, which would have allowed the device to be used on T-Mobile's 3G network (as well as other AWS 3G networks overseas).
 
Comment

0815

macrumors 68000
Jul 9, 2010
1,775
995
here and there but not over there
I wish people would stop calling this an iPad Security Breach - it was an AT&T security breach that was publishing emails from iPad users on the AT&T website ... nothing to do with iPad security.

I know, this kind of headlines generates more clicks which is good for advertisement - but still sad to see the misleading headline on sites like macrumors.
 
Comment

jamesryanbell

macrumors 68020
Mar 17, 2009
2,171
93
Everybody who is smart enough to do stuff like that needs to have good enough values NOT to do it. I just like to post utopian idiocy like that from time to time. Just keep going.
 
Comment

NoExpectations

macrumors 6502a
Sep 23, 2008
671
2
Set an example for other hackers and throw the book at them. Prosecute to the fullest.

Agreed. Items in retail stores are also "readily available". If you steal those, it's called theft. If you steal and spread personal information "just because you can", you should be prosecuted.
 
Comment

aprilfools

macrumors regular
Dec 15, 2004
212
1
Southern California
Great. take em down down down...

Take them down, down to china town!
I'm one of those that most likely got compromised as an iPad with 3G user since day one. I used to get zero spam and ever since that happened, I get spam all the time. Coincidence? I don't think so.

Besides the spam aspect, on a bigger note, these guys need to become an example for the rest of the POS hackers out there.
 
Comment

Mark Booth

macrumors 68000
Jan 16, 2008
1,634
468
Once again, Gawker Media is involved. Maybe these two profited in some way from providing the information to Valleywag (Gawker)? It wouldn't be the first time Gawker paid for a story.

Mark
 
Comment

Full of Win

macrumors 68030
Nov 22, 2007
2,615
1
Ask Apple
Off with their heads.

Sorry, but Danno is dead.

The problem with "off with their heads" is that the next time something like this happens, it will be released as a file on BT by ANON or some untraceable person.

AFAIK this list has not made it to the general public...yet.
 
Comment

Cleve

macrumors regular
Jun 7, 2007
195
0
Excellent analogy. I could not agree more.

Horrible example, I could not agree less.

What they did isn't the same as stealing. Stealing implies that there was something taken. This is just duplication.

It is the same as taking a picture of something and showing something else. In this case, the information was sensitive and insecure. They showed it to a news organization to generate awareness.

If they hadn't, do you think AT&T would have done anything about it?

Now Weev may have other issues with drugs which is another matter entirely but as to the charges here, it sets a bad precedent for whistleblowers.
 
Comment

mohrt

macrumors regular
Sep 15, 2008
107
7
Agreed. Items in retail stores are also "readily available". If you steal those, it's called theft. If you steal and spread personal information "just because you can", you should be prosecuted.

I don't see how that analogy applies. Items in retail stores are physical items, not intangible data. Retail items cannot be "spread" like data. Items in retail stores are for sale, this data was not.

Not that I'm advocating what he did, but the analogy is not accurate. Maybe the question is, did he "steal" the data, the same as walking out of a retail store without paying for an item? Or is the problem that he collected the data and made it much more readily available to the public? If someone scrapes email addresses off public websites and puts the collected list on a torrent, is that illegal?
 
Comment

Rajani Isa

macrumors 65816
Jun 8, 2010
1,158
70
Rogue Valley, Oregon
Horrible example, I could not agree less.

What they did isn't the same as stealing. Stealing implies that there was something taken. This is just duplication.
Try that one in court. SEE: RIAA, MIAA, etc.

Hell, Aldritch Ames only duplicated information - he didn't steal it at all!

While there were no physical goods taken, it WAS an illegal act; this was a form of theft. The only legal and ethical thing to have done with that list was send it to AT&T and say "Look what I found on your website".

Maybe Apple as well. Just to make sure someone put some heat on AT&T to close that security hole.

I don't see how that analogy applies. Items in retail stores are physical items, not intangible data. Retail items cannot be "spread" like data. Items in retail stores are for sale, this data was not.

Not that I'm advocating what he did, but the analogy is not accurate. Maybe the question is, did he "steal" the data, the same as walking out of a retail store without paying for an item?

So you then think Installous is perfect legit - that as we don't take physical copies of the programs installed via Installous it's not theft?

Or is the problem that he collected the data and made it much more readily available to the public? If someone scrapes email addresses off public websites and puts the collected list on a torrent, is that illegal?

It's one thing to scrape info off a public site - info posted TO the public (like our email addresses here if we have them marked viewable, etc.) where the people it pertains to have opted to have it show.

The issue with the AT&T thing is there is no way those people wanted their SIM info displayed to the public; it was obviously a security breach.

T
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.