Update: FBI probes AT&T's iPad 3G e-mail leaks
It's looking at whether a crime was committed
IDG News Service - The U.S. Federal Bureau of Investigation has opened an investigation into the leak of an estimated 114,000 Apple iPad user e-mail addresses.
Hackers belonging to a group called Goatse obtained the e-mail addresses after uncovering a Web application on AT&T's Web site that returned an iPad user's e-mail address when it was sent specially written queries. After writing an automated script to repeatedly query the site, they downloaded the addresses, and then handed them over to Gawker.com.
Now the FBI is trying to figure out whether this was a crime. "The FBI is aware of these possible computer intrusions and has opened an investigation into addressing the potential cyberthreat," said Lindsay Godwin, an FBI spokeswoman.
The investigation was opened Thursday by the FBI's Washington Field Office, she said. Godwin did not know if the investigation was opened at the request of Apple or AT&T. AT&T declined to comment, and Apple has not replied to requests for comment.
According to Gawker, Goatse hackers were able to download e-mail addresses belonging to White House Chief of Staff Rahm Emanuel, New York Mayor Michael Bloomberg and ABC News anchor Diane Sawyer. They also gained access to addresses belonging to employees of Google, Amazon, Microsoft and the U.S. military.
The hackers did this by guessing thousands of unique numbers -- called ICC-ID (Integrated Circuit Card Identifier) -- belonging to iPad users and feeding them into the AT&T Web site.
They wrote a PHP script that flooded AT&T's Web site with possible ICC-ID numbers and logged responses when the site returned an e-mail address. According to an interview with AT&T Chief Security Officer Ed Amoroso, the script exploited a feature on the Web site designed to auto-fill a login form with an e-mail address in order to speed things up when iPad 3G users went to view their AT&T accounts.
In a blog post Thursday, Goatse said that it did nothing illegal. The group obtained the the e-mail addresses via a public Web interface and then gave them to Gawker, but no one else, and has since destroyed the data, it said. "We did not contact AT&T directly, but we made sure that someone else tipped them off and waited for them to patch until we gave anything to Gawker. This is as 'nice guy' as it gets."
U.S. law prohibits the unauthorized accessing of computers, but it is unclear whether the script that the Goatse group used violated the law, said Jennifer Granick, civil liberties director with the Electronic Frontier Foundation. "The question is, when you do an automated test like this, [are you] getting any type of unauthorized access or not," she said.
If it turns out the data in question was not misused, it is unlikely that federal prosecutors will press charges, she added.
- Apple plays hardball with iPad Mini reveal
- Apple breezes to PC sales' top spot as Windows share decays
- Analyst tallies perks of September launch of new iPhone, iPad
- Analyst predicts stellar iPad sales in next week's Apple earnings
- Nexus 7 holds up better than iPad in drop, water-dunk tests
- With iPad Mini, Apple would remain tablet king through '16, says IDC
- Apple demands ipad3.com domain
- Chrome for iOS snatches top spot on App Store
- iPad in the Enterprise: IT Must Stay Ahead of the Curve
- Skepticism mounts over Windows RT's enterprise role
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Macintosh White Papers | Webcasts