IDG News Service - A 26-year-old man who last year helped hackers steal personal information belonging to about 120,000 iPad users pleaded guilty to fraud and hacking charges in a New Jersey court Thursday.
Daniel Spitler pleaded guilty in federal court to two felony charges, according to Rebekah Carmichael, a spokeswoman with the U.S. Department of Justice. He faces a maximum of 10 years in prison on the charges, but his plea agreement recommends a 12- to 18-month sentence.
He is one of two men charged in the June 2010 incident that embarrassed Apple and AT&T and brought the hacking group, Goatse Security, international attention. The other man, Andrew Auernheimer, is still in negotiations over a plea agreement, according to court records. Both men are facing charges in the U.S. District Court for the District of New Jersey.
At the time of the incident, Goatse hackers claimed that they were merely trying to make AT&T aware of a security issue on its website. They discovered that anyone could query the site and learn the e-mail addresses and unique ICC-ID (integrated circuit card identifier) numbers belonging to the iPad users.
According to reports and court filings, they wrote a script that guessed the ICC-ID numbers (used to identify the iPad's SIM card) and then queried AT&T's website until it returned an e-mail address. Spitler had been accused of co-authoring this software, called "iPad 3G Account Slurper."
The group uncovered e-mail addresses belonging to members of the military, politicians and business leaders including New York Mayor Michael Bloomberg and former White House Chief of Staff Rahm Emanuel.
The incident became a huge embarrassment for AT&T after Auernheimer and Spitler handed their findings over to a reporter at Gawker.com.
In interviews after the hack, Auernheimer said his group had notified AT&T about the issue. But online chat logs filed in court by the prosecution cast doubt on that claim. "[Y]ou DID call tech support right?" asked one hacker, named Nstyr, in a chat log excerpt obtained by prosecutors. "[T]otally but not really," Auernheimer replied. "[I] don't... care [I] hope they sue me."
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
