A man who successfully exploited a hole in AT&T’s web security to obtain information about iPad customers was sentenced on Monday to 41 months in prison and an additional three years of supervision following his release. While Andrew Auernheimer didn’t put the information he obtained to any malicious use, under the Computer Fraud and Abuse Act, he did commit a serious computer crime. He was charged with one count of identity fraud, as well as one count of conspiracy to access a computer without authorization.
The hacking occurred back in 2010, when he and a colleague discovered a security hole in AT&T’s website and wrote a program they called the iPad 3G Account Slurper. The program allowed them to access the email addresses and ICC-ID numbers, and other data about the users affected. (ICC-ID numbers identify an iPad and who it belongs to.) Rather than taking the information they retrieved and using it to harm the users affected, they sent their findings to a popular website so the security hole could be publicized and hopefully fixed. It’s just the latest in what seems to be a growing trend in hacktivism.
What are hacktivists? Continue reading Hack AT&T? That’ll Cost You Over 3 Years in Prison