iPad Hackers Face the Law

If you found yourself for a moment last summer amidst the likes of powerful politicians, wealthy CEOs and movers-and-shakers like Rahm Emanuel, Diane Sawyer, and Harvey Weinstein as victims of a widespread iPad hacking scheme, you may feel a little safer logging into your tablet today.

If you found yourself for a moment last summer amidst the likes of powerful politicians, wealthy CEOs and movers-and-shakers like Rahm Emanuel, Diane Sawyer, and Harvey Weinstein as victims of a widespread iPad hacking scheme, you may feel a little safer logging into your tablet today.

The two men accused of hacking into AT&T servers and stealing e-mail addresses and other information of 114,000 iPad 3G users last June are now in federal custody, facing charges of fraud and conspiracy in obtaining and distributing e-mail addresses.

Daniel Spitler, 26, and Andrew Auernheimer, 25 first got the attention they wanted, and now more, last June when they exposed a security loophole on AT&T‘s Web site to the entertainment site Gawker that released private information of the iPad’s first generation users.

The personal data included not just e-mail addresses but also the unique identifying IDs used to authenticate the SIM card in a customer’s iPad to AT&T’s network.

Both men, said prosecuters, are members of Goatse Security, a group of “self-professed Internet ‘trolls'” who aim to disrupt online content and services. They said Auernheimer, in particular, bragged in interviews and on his own blog about his hacking.

While Goatse Security led the hacking scheme, prosecutors say Auernheimer and Spitler led the effort by writing the script that harvested the data from AT&T’s website, and then shared the script with others before AT&T could fix the mistake.

There are no plans, prosecutors said, to charge anyone else in the case.

Auernheimer was taken into custody by the F.B.I. in Fayatteville, Ark., while Spitler, of San Francisco, surrendered to authorities in Newark, NJ.

Each was charged with one count of fraud and one count of conspiracy to access a computer without authorization. The charges each carry a maximum punishment of five years in prison plus a $250,000 fine.

The attack took place just a few months after Apple first released the iPad, to enormous success, in January 2010. Â  As the devices’ exclusive Internet provider, AT&T required customers to provide personal data such as e-mail address, billing address and password when they first opened their accounts.

Paul J. Fishman, the U.S. attorney for New Jersey, likened Mr. Auernheimer and Mr. Spitler to “a group of people who took a car for a joy ride.””The reason they bragged about it is because in the community that they travel in, it’s important for them that the people in their community know about the hack,” Mr. Fishman said.

AT&T responded to the charges with a statement that the company took the privacy of its customers “very seriously.”

“We cooperate with law enforcement whenever necessary to protect it,” said a spokesman.