New York Man Hacked into AT&T’s Servers
On November 20, 2012, the US Attorney’s Office for the District of New Jersey announced Andrew Auernheimer was convicted for breaching AT&T’s servers and stealing email address and other personal information of 120,000 iPad 3G users. Auernheimer gave the stolen information to an Internet magazine.
Court documents indicate that AT&T linked all iPad 3G user’s email addresses to an Integrated Circuit Card Identifier (ICC-ID) number when a person registered their iPad. When AT&T’s website recognized the number and email address, the person was directed to a faster and more user-friendly website.
Hackers soon discovered that AT&T’s website was displayed in the plain text of the site URL. The hackers then wrote a script called “iPad 3G Account Slurper” and used it in AT&T servers. The website was attacked for several days, and from June 5, 2010 to June 9, 2010, the hackers stole about 120,000 ICC-IDs and email addresses.
The information was immediately sold to the website called Gawker, and the information was published in a dedacted form. Famous people’s email addresses were hacked including Diane Sawyer, Harvey Weinsten, New York Mayor Michael Bloomberg, and Rahm Emanuel—the former White House Chief of Staff.
Auernheimer was convicted of accessing AT&T’s servers without authorization and disclosing the information to Gawker. He faces up to five years in prison and a fine up to $250,000 for each charge. The co-defendant, Daniel Spitler, was convicted of the same charges and is currently awaiting sentencing as well.
Special agents with the FBI under the direction of Michael B. Ward, Special Agent in Charge in Newark, led the investigation. Numerous other agencies helped during the investigation and prosecution. Executive Assistant U.S. Attorney Michael Martinez and Assistant U.S. Attorney Zach Intrater with the Computer Hacking and Intellectual Property Section under the U.S. Attorney’s Economic Crimes Unit led prosecution.
Source: Federal Bureau of Investigation