NEW YORK (Reuters) – U.S. prosecutors have charged two men with stealing and distributing email addresses for about 120,000 users of Apple Inc’s popular iPad.
Investigators accused Daniel Spitler and Andrew Auernheimer of using an “account slurper” to conduct a “brute force” attack over five days last June, to extract data about iPad users who accessed the Internet through ATT Inc’s 3G network.
Among the possible victims were celebrities, businesses executives and government officials like New York City Mayor Michael Bloomberg, ABC News anchor Diane Sawyer, movie mogul Harvey Weinstein and perhaps then-White House Chief of Staff Rahm Emanuel, prosecutors said.
Spitler, 26, and Auernheimer, 25, were taken into custody by FBI agents on Tuesday morning, U.S. Attorney Paul Fishman in New Jersey said in a statement.
Prosecutors said both defendants are associated with Goatse Security, a group of “self-professed Internet ‘trolls’” who try to disrupt online content and services. They said Auernheimer has bragged in published interviews about his trolling.
“Hacking is not a competitive sport, and security breaches are not a game,” Fishman said. “Companies that are hacked can suffer significant losses, and their customers made vulnerable to other crimes, privacy violations and unwanted contact.”
The defendants were each charged with one count of fraud and one count of conspiracy to access a computer without authorization. Each charge carries a maximum punishment of five years in prison plus a $250,000 fine.
‘BRUTE FORCE ATTACK’
Lawyers for both defendants were not immediately available to comment. Apple spokeswoman Trudy Muller declined to comment. ATT spokesman Mark Siegel said that company cooperates with law enforcement when necessary to protect customer privacy.
Responding to an email request to Goatse for comment, Sam Hocevar, a member of Goatse’s “team,” according to the group’s website, confirmed the charges relate to the June hacking. He said he did not have additional information.
Apple launched the iPad last April. Industry analysts on average expect the company to have sold 5.5 million of the tablet computers in its fiscal first quarter, which includes the holiday shopping season.
According to the complaint, the account slurper randomly guessed at data held on ATT’s servers until it could match names with emails.
The defendants then supplied stolen data to gossip website Gawker, which published some details, the complaint said.
EMAIL THREAT
“Having email addresses by itself is not much of a threat: people give them out all the time, and spammers can and do guess them easily,” said Eugene Spafford, executive director of the Center for Education and Research in Information Assurance and Security at Purdue University.
“It is more an issue if you can pair addresses with places of employment, such as government agencies,” he added. “Then it becomes possible to collect further information, and perhaps get a toehold into Google, Bing or other information sources.”
ATT was Apple’s partner in the United States to provide wireless service on the iPad. After the hacking, it shut off the feature that allowed email addresses to be obtained.
The case “has hopefully awakened users to the value of a simple email address,” said Jamz Yaneza, a threat research manager at Trend Micro Inc, an Internet security company.
Spitler lives in San Francisco, and was expected to appear Tuesday in federal court in Newark, New Jersey. Auernheimer lives in Fayetteville, Arkansas, and was expected to appear in a federal court there.
The case is U.S. v. Spitler et al, U.S. District Court, District of New Jersey, No. 11-mag-04022.
(Reporting by Jonathan Stempel in New York; Additional reporting by Sinead Carew; Editing by Dave Zimmerman, Derek Caney and Steve Orlofsky)
Article source: http://news.yahoo.com/s/nm/20110118/us_nm/us_apple_ipad_8
Category: Prison Time
