Man admits writing script that slurped celebrity iPad data

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2011/06/23/ipad_data_hacker_guilty/

By Dan Goodin in San Francisco
The Register
23rd June 2011

A San Francisco man has admitted writing the code that plucked personal 
data of 120,000 early iPad adopters from servers AT&T had left wide open 
to the attack.

Daniel Spitler, 26, pleaded guilty in federal court in New Jersey to one 
count each of identity theft and conspiracy to gain unauthorized access 
to internet-connected computers, prosecutors said. A member of the troll 
and griefer collective known as Goatse Security, he surrendered to 
authorities in January, when he and alleged accomplice, Andrew 
Auernheimer, were criminally charged in the hack.

Auernheimer, aka Weev, has pleaded not guilty.

According to prosecutors, Spitler, Auernheimer, and other Goatse members 
identified a vulnerability on AT&T's servers that mapped an iPad's 
ICC-ID, or integrated circuit card identifier, to the name and email 
address of its owner.

Spitler admitted he was the one who wrote the "iPad 3G Account Slurper" 
script, which exploited the flaw to harvest as much data as possible. It 
worked by injecting large numbers of possible ICC-IDs into AT&T web 
addresses and recording the information that was returned each time it 
successfully guessed a valid number. For the attack to work, Spitler had 
to make his code mimic characteristics of the iPad.

[...]


___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/