The hacker responsible for the AT&T iPad data breach has admitted his guilt in court this week, and faces a potential penalty of up to five years imprisonment and up to $250,000 in fines. The US Attorney’s Office in the District of New Jersey announced the plea submission, along with details of the hack – which saw subscriber details for iPad owners using the AT&T 3G capabilities of the first-gen tablet extracted in a brute force attack on the carrier’s servers – in a press release.
The relatively high-profile announcement appears to be a shift by the FBI’s Cyber Crimes Task Force to take center stage in the current online war between law enforcement, those responsible for data security, and those who would access it – whether they do so for commercial gain or for entertainment. In fact, U.S. Attorney Paul J. Fishman specifically calls out some of the other, increasingly-notorious hacking groups.
“Hacks have serious implications – from the personal devastation of a stolen identity to danger to our national security. In the wake of other recent hacking attacks by loose-knit organizations like Anonymous and LulzSec, Daniel Spitler’s guilty plea is a timely reminder of the consequences of treating criminal activity as a competitive sport.” U.S. Attorney Paul J. Fishman
The AT&T hack was born when Spitler and fellow Goatse Security team member (and co-defendant) Andrew Auernheimer spotted that AT&T linked user’s email addresses with their iPad 3G’s ICC-ID, and developed an “iPad 3G Account Slurper” that took advantage of a time-saving auto-complete system the carrier offered subscribers. Their tool guessed at potential ICC-IDs and then harvested the email addresses, which included contact details for well-known names like Diane Sawyer and Harvey Weinstein, as well as staff at the White House.
Spitler is expected to be be sentenced on September 28 2011.