San Francisco Hacker Charged with Stealing E-mail Addresses from iPad Owners
Federal authorities arrested Daniel Spitler, a San Francisco resident, on suspicion of stealing and distributing the e-mail addresses of more than 120,000 iPad owners.
Spitler, 26, and Andrew Auernheimer, a Fayetteville, Ark. resident, were taken into custody by FBI agents Tuesday morning. Both self-described "Internet trolls" were charged with conspiracy to hack AT&T's servers, and possessing personal subscriber information that they got from hacking the servers, including e-mail addresses, according to the U.S. Attorney General's Office.
Spitler surrendered to FBI agents in New Jersey and is scheduled to appear in federal court in Newark later today.
Court documents detail online conversations between the two defendants, where Spitler says: "I just harvested 197 email addresses of iPad 30 subscribers there should be many more."
Since the introduction of the iPad in January 2010, AT&T has provided iPad users with Internet connectivity using AT&T's 3G wireless network. During the registration process for subscribing, a user is required to provide an e-mail address, billing address, and password.
Prior to June 2010, AT&T automatically linked an iPad 3G user's e-mail address to the Integrated Circuit Card Identifier, a number unique to that iPad when it was registered. As a result, every time a user accessed the AT&T Web site, the identification number was recognized and the email address was automatically populated for faster access. AT&T kept the identification numbers and associated addresses confidential, according to the claim.
Then last summer, Auernheimer, gained national attention when a group that he represents, Goatse Security, exposed a security breach of more than 114,000 iPads.
Media reports detailed a letter that AT&T fired off to its customers, apologizing but still blaming the breach on "malicious hackers."