Back in the Summer of last year, a hacker group called Goatse Security found a breach in AT&T's server security that allowed them to access the email addresses of iPad 3G users. They downloaded over one hundred thousand of those email addresses, then alerted AT&T, who promptly fixed the hole. This past week, two of the hackers belonging to that group were each charged with crimes related to that breach.
Andrew Auernheimer and Daniel Spitler have each been charged with "one count of conspiracy to access a computer without authorization and one count of fraud," according to the New York Times article on the subject. Last July, after the events transpired, the FBI received more than 150 pages of chat logs which detail how the men were able to download these email addresses. What it basically came down to was a program on the AT&T servers which when given an iPad's ID number, would return the email address associated with that iPad. Mr Auernheimer and Mr. Spitler then only had to write a small script to guess ID numbers and store the returned addresses.
Both of the men charged insist they did nothing illegal. Mr. Spitler, when asked why he felt that way, replied by saying "cause I didn't hack anything." Their defense rests in the fact that they were accessing data on a public server with no password or encryption, basically that this data was available to anyone on the Internet. There is no evidence thus far that shows anyone trying to sell the data they uncovered, and they informed AT&T of the security hole, allowing them to fix the problem. AT&T on the other hand, is labeling the data mining as "malicious" and claim that their customers could have been "exposed ... to spam or fraud."
If you feel the need to increase your company network and server security, call Razorpoint today, 212.744.6900!