Two charged in June hack of 120,000 iPads

Hackers accused of stealing e-mail and personal information face charges in federal court

Criminal charges have been filed in federal court against two hackers who allegedly stole e-mail addresses and personal information from about 120,000 iPads in June 2010.

According to Reuters, “Daniel Spitler and Andrew Auernheimer were each charged with one count of fraud and one count of conspiracy to access a computer without authorization.”

Spitler and Auernheimer allegedly hacked the AT&T servers that contained the information for 3G wireless iPad users. According to a post at ReadWriteWeb, the attack was created using a specially formatted HTTP request that would return ICC-ID information from iPads (that is, users 3G SIM cards).

Major businesses and high-level government agencies were affected by the hack, including "major service branches" of the military, NASA, Federal Communications Commission, the Defense Advanced Research Projects Agency, the Senate, House of Representatives, National Institutes of Health and the Justice and Homeland Security departments, according to ReadWriteWeb.


Related coverage:

iPad Data Leak: Hack or Hype?

AT&T iPad breach could allow hackers to track users, intercept communications


Spitler and Auernheimer were said to be working for an organization named Goatse Security and intended to show people that the iPad was not as secure as people thought. But the FBI and New Jersey Attorney General Paul Fisher, who is bringing the charges, apparently did not buy the argument that the two were “white hat” hackers attempting to do good for society.

The hack worked because the method allegedly used by Auernheimer and Spitler mimicked an information request from an actual iPad, tricking the AT&T servers into thinking it was communicating with a real device and giving up the information.

According to ReadWriteWeb, “Goatse Security said it notified AT&T of the breach, but only after sharing the script with an unknown number of third-parties. AT&T closed the security hole shortly after being notified.”

Spitler will appear in federal court in Newark, N.J., on Tuesday, and Auernheimer is scheduled to appear in federal court in Arkansas.

About the Author

Dan Rowinski is a staff reporter covering communications technologies.

Reader Comments

Thu, Jan 20, 2011 Adelaide, Australia

The article headline bears no resembalnce to the true situation ie. no iPads were not hacked but rather information about them from AT&T's server. It's pretty poor journalism, editorial oversight etc if the misleading headline was a deliberate device to catch readers' attention to get them to read teh article. Please raise your journalistic standards. Most disappointing !!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above