Expose Blatant Security Hole From AT&T… Face Five Years In Jail

Expose Blatant Security Hole From AT&T... Face Five Years In Jail  | ipadsecuritydante812838123 | Civil Disobedience News Articles Science & Technology US News …from the security-through-threat-of-intimidation dept.

A few years ago, we wrote about some hackers who exposed a really basic security flaw in AT&T’s setup for iPad users. Basically, if you fed an ID to a website, it would return the email address of the account. And, on top of that, AT&T appeared to hand out the IDs in numerical order, so it was easy to just run through a bunch of IDs in order and collect a ton of users’ info. And that’s what these hackers did — collecting a variety of emails including the President of News Corp., the CEO of Dow Jones and Mayor Bloomberg in New York. They got lots of other government officials as well: “Rahm Emanuel and staffers in the Senate, House of Representatives, Department of Justice, NASA, Department of Homeland Security, FAA, FCC, and National Institute of Health, among others.”

This seemed like a pretty massive flaw in the design of the system by AT&T… but of course, all of the blame is falling on the guys who exposed the hole. It seems noteworthy that the pair of hackers who exposed this are known for trollish online behavior, and Andrew Auernheimer, who goes by the name weev, has flat out called himself an internet troll. It seems that the FBI decided to use the trollish nature of Auernheimer and collaborator Daniel Spitler to argue that this hack actually violated the incredibly poorly-worded and misunderstood Computer Fraud and Abuse Act (CFAA). That’s a law that we’ve been discussing for a few years now, as law enforcement and courts keep trying to stretch the definition of what counts as “unauthorized access” under the bill.

Unfortunately, in this case, a jury was convinced that the discovery of this security hole left by AT&T was actually a crime, and Auernheimer is now facing five years in jail. Not surprisingly, he plans to appeal. Of course, part of the issue is that Auernheimer discussed, but did not actually do, a variety of bad things he could have done with the data in question, before eventually just revealing the security hole to the media.

Obviously, there may be a fine line between “white hat” exposure of security flaws and nefarious activity, but given that all that really happened here was the exposure of really poorly thought-out programming by AT&T, it seems bizarre that the guy who exposed it is now facing years in jail.

 

Techdirt.com

[mailpoet_form id="1"]

About The Author

Wendy Blanks is an independent researcher, journalist and activist. She is the Founder of TruWire Productions, LLC., and the Owner/Chief Editor for The Sleuth Journal. She has done investigative research in multiple fields and has a passion for sharing true news on various topics such as government corruption, natural health, human rights, globalism and other important issues that plague our society. Thankfully, we live in the age of information and sharing knowledge has become easier than ever. She has a deep desire to expose the truth in propagated information that is spewed from corporate/mainstream media. True journalism has been dead for some time and it is her goal to revive it. The Sleuth Journal streamlines groups of like-minded individuals and organizations to create a massive knowledge base for a ‘conscious awakening’ of what is really going on in today’s oligarchy pyramid that we call ‘society’. So many people are zombies by media, television and other means of mass brainwashing and we need to reverse the effects and give people back their minds, and in return, their power and will to change and challenge the system. Like The Sleuth Journal on Facebook. Follow The Sleuth Journal on Twitter. Join The Sleuth Journal group on Linkedin. Be sure to visit Drone Patrol to view and report drone sightings.

Related posts