Two Arrested For AT&T iPad Network Breach

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/news/storage/security/showArticle.jhtml?articleID=229000863

By Thomas Claburn 
InformationWeek
January 19, 2011

United States Attorney Paul J. Fishman on Tuesday announced the arrest 
of "two self-described Internet 'trolls'" for their alleged involvement 
in the harvesting of e-mail addresses from some 120,000 Apple iPad users 
in June, 2010.

Andrew Auernheimer, 25, of Fayetteville, Ark., and Daniel Spitler, 26, 
of San Francisco, Calif., were arrested on Tuesday by FBI agents on 
charges that they conspired to hack into AT&T's servers and that they 
were in possession of information obtained from those servers.

The complaint against the two men says that they created a script called 
"iPad 3G Account Slurper" to harvest data from AT&T's servers. Prior to 
June, 2010, AT&T associated the e-mail addresses of subscribers to its 
iPad 3G data plan with an Integrated Circuit Card Identifier (“ICC-ID”). 
The company kept this information confidential but unwittingly exposed 
ICC-ID numbers in URLs associated with its Web site.

The Account Slurper script was designed to look like an iPad 3G to 
AT&T's servers. It presented a series ICC-ID numbers as a brute force 
attack and received paired e-mail addresses when the guessed ICC-ID 
number was valid.

[...]

___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/