http://www.theregister.co.uk/2011/06/23/ipad_data_hacker_guilty/ By Dan Goodin in San Francisco The Register 23rd June 2011 A San Francisco man has admitted writing the code that plucked personal data of 120,000 early iPad adopters from servers AT&T had left wide open to the attack. Daniel Spitler, 26, pleaded guilty in federal court in New Jersey to one count each of identity theft and conspiracy to gain unauthorized access to internet-connected computers, prosecutors said. A member of the troll and griefer collective known as Goatse Security, he surrendered to authorities in January, when he and alleged accomplice, Andrew Auernheimer, were criminally charged in the hack. Auernheimer, aka Weev, has pleaded not guilty. According to prosecutors, Spitler, Auernheimer, and other Goatse members identified a vulnerability on AT&T's servers that mapped an iPad's ICC-ID, or integrated circuit card identifier, to the name and email address of its owner. Spitler admitted he was the one who wrote the "iPad 3G Account Slurper" script, which exploited the flaw to harvest as much data as possible. It worked by injecting large numbers of possible ICC-IDs into AT&T web addresses and recording the information that was returned each time it successfully guessed a valid number. For the attack to work, Spitler had to make his code mimic characteristics of the iPad. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Mon Jun 27 2011 - 00:39:50 PDT
This archive was generated by hypermail 2.2.0 : Mon Jun 27 2011 - 00:46:19 PDT