AT&T iPad hacker pleads guilty

Last year, he helped obtain 120,000 iPad users' e-mail addresses and other information

A 26-year-old man who last year helped hackers publish personal information belonging to about 120,000 iPad users pleaded guilty to fraud and hacking charges in a New Jersey court Thursday.

Daniel Spitler pleaded guilty in federal court to two felony charges, according to Rebekah Carmichael, a spokeswoman with the U.S. Department of Justice. He faces a maximum of 10 years in prison on the charges, but his plea agreement recommends a 12- to 18-month sentence.

He is one of two men charged in the June 2010 incident that embarrassed Apple and AT&T and brought the hacking group, Goatse Security, international attention. The other man, Andrew Auernheimer, is still in negotiations over a plea agreement, according to court records. Both men are facing charges in the U.S. District Court for the District of New Jersey.

At the time of the incident, Goatse hackers claimed that they were merely trying to make AT&T aware of a security issue on its website. They discovered that anyone could query the site and learn the e-mail addresses and unique ICC-ID (integrated circuit card identifier) numbers belonging to the iPad users.

According to reports and court filings, they wrote a script that guessed the ICC-ID numbers (used to identify the iPad's SIM card) and then queried AT&T's website until it returned an e-mail address. Spitler had been accused of co-authoring this software, called "iPad 3G Account Slurper."

The group uncovered e-mail addresses belonging to members of the military, politicians and business leaders including New York Mayor Michael Bloomberg and former White House Chief of Staff Rahm Emanuel.

The incident became a huge embarrassment for AT&T after Auernheimer and Spitler handed their findings over to a reporter at Gawker.com.

In interviews after the hack, Auernheimer said his group had notified AT&T about the issue. But online chat logs filed in court by the prosecution cast doubt on that claim. "[Y]ou DID call tech support right?" asked one hacker, named Nstyr, in a chat log excerpt obtained by prosecutors. "[T]otally but not really," Auernheimer replied. "[I] don't... care [I] hope they sue me."

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cybercrimeApplelegalhardware systemsconsumer electronicsat&t

More about Andrew Corporation (Australia)AppleAT&TAT&TBloombergDepartment of JusticeICCIDG

Show Comments
[]