Computerworld - One of the hackers in the group that snatched more than 100,000 iPad owner e-mail addresses from AT&T's servers was arrested Tuesday on felony drug charges after the FBI searched his Arkansas home.
Andrew "Escher" Auernheimer was arrested by Fayetteville, Ark., police and was booked into the Washington County Detention Center Tuesday afternoon, where he is being held on bonds totaling $3,160. Auernheimer, 24, faces four felony charges of possession of a controlled substance and one misdemeanor drug charge. According to CNET News, which first reported the arrest, police found drugs that included cocaine, ecstasy, LSD, and Schedule 2 and 3 pharmaceuticals when they searched his home. Auernheimer, who also goes by the hacker nickname "weev," is one of 10 members of Goatse Security, a hacking group that used an automated script to collect 114,000 iPad e-mail addresses from AT&T through a public feature of the carrier's Web site. Goatse revealed its e-mail harvesting after AT&T closed the hole, then defended its actions as "responsible disclosure" -- the term given to security revelations made public only after a vendor has patched a bug. In a letter to customers apologizing for the e-mail address disclosure, however, AT&T said the group "maliciously exploited" its Web site and promised it would "prosecute violators to the fullest extent of the law." In an interview with *Computerworld* last week, Auernheimer argued that Goatse's attack was "ethical" and denied that they did anything illegal. "We love America and did this in the public interest," Auernheimer said at the time. Wednesday, the Fayetteville Police Department declined to comment on the charges against Auernheimer, instead referring all questions to the FBI. Special Agent Bryan Travers of the FBI's Newark, N.J., division confirmed that the agency had served a search warrant at Auernheimer's home, but declined to answer any other questions, including whether agents removed computers from Auernheimer's residence. "This remains an open investigation," Travers said in an e-mail. The FBI launched an investigation into the Goatse attack last week, saying then that it was trying to determine if the group broke any laws. Another Goatse member, French hacker Sam Hocevar, said he couldn't answer questions about Auernheimer's arrest. "I am not a position to answer your questions, as I too am waiting for factual information," Hocevar said in an e-mail Wednesday. Auernheimer is no stranger to drugs, according to Brian Krebs, a former reporter for the *Washington Post* and now the author of the Krebs on Security blog. In 2006, said Krebs, Auernheimer started a talk at a security conference by telling the audience that he was tripping on acid. He has also regularly posted anti-Semitic statements on his LiveJournal blog, where he has claimed that the FCC is "Jewish-run" and that Jews "have long made a sham of the nobel [sic] prize." Auernheimer was arrested last March, according to a report by Fayetteville television station KHBS-TV, which noted that city police said he had given them a false name when they responded to a parking complaint. A court hearing is scheduled for Friday morning in Washington County Circuit Court. Regards Sandeep Thakur On Mon, Jun 14, 2010 at 12:38 AM, Sadguru Thakur <[email protected]>wrote: > *SUBJECT: FBI probe into AT&T iPad security breach begins* > > WASHINGTON/NEW YORK, USA:The Federal Bureau of Investigation has opened a > probe into a security breach of Apple Inc's iPad that exposed personal > information of AT&T Inc customers, including those of several high-ranking > government officials. > > iPad > > The breach, first reported by the website Gawker, occurred when a group > calling itself Goatse Security hacked into AT&T's iPad subscriber data, > obtaining a list of email addresses that also included celebrities, chief > executives and politicians. > > "The FBI is aware of these possible computer intrusions and has opened an > investigation to address the potential cyber threat," FBI spokesman Jason > Pack said on Thursday. > > AT&T, which has exclusive U.S. rights to carry the iPad and the popular > iPhone, has acknowledged the security breach but said it had corrected the > flaw and that only email addresses were exposed to hackers who identified a > security weakness. > > It declined to comment on the FBI investigation. > > The quick FBI probe into the security flaw came amid reports of several > high-ranking government officials on the list of iPad owners with > compromised personal information. > > In all, more than 100,000 email addresses are believed to have been > exposed. Goatse could not immediately be reached for comment. > > One source in the telecommunications industry said it was not surprising > that the FBI was looking at the breach. > > "If there's a high profile data compromise it's not unusual to get a phone > call from government officials," said the executive, who asked not to be > named. > > The iPad, launched in April, has already sold more than 2 million units > worldwide. > > NO COMPROMISE? > > The iPad, launched in April, has already sold more than 2 million units > worldwide. Buzz around the device -- which alongside the iPhone will form a > pivotal part of the company's international growth strategy -- helped propel > Apple past Microsoft Corp in May to become the world's most valuable > technology stock. > > But rivals from Dell Inc to Hewlett-Packard Co are scrambling to get rival > offerings onto the fledgling market, and the security breach could pose a > potential embarrassment for Apple's 2-month-old device. > > Security experts said it was unlikely that other information besides email > addresses had been compromised. > > Charlie Miller, an analyst with Independent Security Evaluators, argued > that the breach had nothing to do the iPad's security. > > "The actual vulnerability is pretty basic, but the loss of data is not > serious, in my opinion. The data on the iPad and the devices themselves were > never compromised or vulnerable," Miller said via e-mail. > > George Kurtz, chief technology officer for security software company > McAfee, also downplayed the severity of the breach. > > "I would guess that this application vulnerability gained so much attention > because, after all, it is Apple we are talking about," Kurtz wrote in a blog > post. > > "The hype around Apple products -- like the new iPhone and iPad -- is > amazing. However, the reality is this type of vulnerability isn't really > news and happens all day long." > > But the security gaffe isn't likely help AT&T win any friends among Apple > customers. The carrier has been criticized by iPhone users for the quality > its network. > > Still, few people thought the security snafu would hurt AT&T's relationship > with Apple. > > "Everybody realizes security is an issue all companies have to deal with," > BTIG analyst Walter Piecyk said. "Apple has endured the reputation of AT&T's > network, which seems to be a much bigger deal." > ©Reuters > > > > On Fri, Jun 11, 2010 at 2:39 AM, Sandeep Thakur <[email protected]>wrote: > >> BANGALORE, INDIA: If you are or know iPad users in the US, chances are >> their official email addresses might be in the hands of hackers. A group of >> hackers exploited a hole in an AT&T Web site to get e-mail addresses of >> about 114,000 iPad users, including what appears to be top officials in >> government, finance, media, technology, and military. >> >> The leak is expected to have affected all Apple iPad 3G subscribers in the >> U.S., according to Gawker, which broke the story yesterday. Among the iPad >> users who appeared to have been affected were White House Chief of Staff >> Rahm Emanuel, Diane Sawyer, New York Mayor Michael Bloomberg, movie producer >> Harvey Weinstein, and New York Times CEO Janet Robinson. >> >> A group that calls itself Goatse Security tricked the AT&T site into >> disclosing the e-mail addresses by sending HTTP requests that included SIM >> card serial numbers for iPads, the report said. Because the serial numbers, >> called ICC-IDs (integrated circuit card identifiers), are generated >> sequentially, the researchers were able to guess thousands of them and then >> ran a program to extract the data by going down the list. >> ©CIOL Bureau >> >> -- >> You received this message because you are subscribed to the Google Groups >> "nforceit" group. >> To post to this group, send an email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<nforceit%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/nforceit?hl=en-GB. >> > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
