infosec-news January 2011 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Two Arrested For AT&T iPad Network Breac

[ISN] Two Arrested For AT&T iPad Network Breach

From: InfoSec News <alerts_at_nospam>
Date: Thu Jan 20 2011 - 11:10:31 GMT

By Thomas Claburn
January 19, 2011

United States Attorney Paul J. Fishman on Tuesday announced the arrest
of "two self-described Internet 'trolls'" for their alleged involvement
in the harvesting of e-mail addresses from some 120,000 Apple iPad users
in June, 2010.

Andrew Auernheimer, 25, of Fayetteville, Ark., and Daniel Spitler, 26,
of San Francisco, Calif., were arrested on Tuesday by FBI agents on
charges that they conspired to hack into AT&T's servers and that they
were in possession of information obtained from those servers.

The complaint against the two men says that they created a script called
"iPad 3G Account Slurper" to harvest data from AT&T's servers. Prior to
June, 2010, AT&T associated the e-mail addresses of subscribers to its
iPad 3G data plan with an Integrated Circuit Card Identifier (“ICC-ID”).
The company kept this information confidential but unwittingly exposed
ICC-ID numbers in URLs associated with its Web site.

The Account Slurper script was designed to look like an iPad 3G to
AT&T's servers. It presented a series ICC-ID numbers as a brute force
attack and received paired e-mail addresses when the guessed ICC-ID
number was valid.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.