Two charged in June hack of 120,000 iPads

Hackers accused of stealing e-mail and personal information face charges in federal court

Criminal charges have been filed in federal court against two hackers who allegedly stole e-mail addresses and personal information from about 120,000 iPads in June 2010.

According to Reuters, “Daniel Spitler and Andrew Auernheimer were each charged with one count of fraud and one count of conspiracy to access a computer without authorization.”

Spitler and Auernheimer allegedly hacked the AT&T servers that contained the information for 3G wireless iPad users. According to a post at ReadWriteWeb, the attack was created using a specially formatted HTTP request that would return ICC-ID information from iPads (that is, users 3G SIM cards).

Major businesses and high-level government agencies were affected by the hack, including "major service branches" of the military, NASA, Federal Communications Commission, the Defense Advanced Research Projects Agency, the Senate, House of Representatives, National Institutes of Health and the Justice and Homeland Security departments, according to ReadWriteWeb.


Related coverage:

iPad Data Leak: Hack or Hype?

AT&T iPad breach could allow hackers to track users, intercept communications


Spitler and Auernheimer were said to be working for an organization named Goatse Security and intended to show people that the iPad was not as secure as people thought. But the FBI and New Jersey Attorney General Paul Fisher, who is bringing the charges, apparently did not buy the argument that the two were “white hat” hackers attempting to do good for society.

The hack worked because the method allegedly used by Auernheimer and Spitler mimicked an information request from an actual iPad, tricking the AT&T servers into thinking it was communicating with a real device and giving up the information.

According to ReadWriteWeb, “Goatse Security said it notified AT&T of the breach, but only after sharing the script with an unknown number of third-parties. AT&T closed the security hole shortly after being notified.”

Spitler will appear in federal court in Newark, N.J., on Tuesday, and Auernheimer is scheduled to appear in federal court in Arkansas.

About the Author

Dan Rowinski is a staff reporter covering communications technologies.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.