FBI Investigating iPad E-Mail Leaks 209
CWmike writes "The Federal Bureau of Investigation has opened an investigation into the leak of an estimated 114,000 Apple iPad user e-mail addresses. Hackers belonging to a group called Goatse obtained the e-mail addresses after uncovering a web application on AT&T's website that returned an iPad user's e-mail address when it was sent specially written queries. After writing an automated script to repeatedly query the site, they downloaded the addresses, and then handed them over to Gawker.com. Now the FBI is trying to figure out whether this was a crime. US law prohibits the unauthorized accessing of computers, but it is unclear whether the script that the Goatse group used violated the law, said Jennifer Granick, civil liberties director with the Electronic Frontier Foundation. 'The question is, when you do an automated test like this, [are you] getting any type of unauthorized access or not,' she said. If it turns out the data in question was not misused, it is unlikely that federal prosecutors will press charges, she added."
Re:Not you too, Slashdot (Score:5, Insightful)
These guys aren't hackers. They are security advisors. They are the good guys. I suppose the editors didn't bother, you know, clicking a few links? Here, I've done your homework. Was it that hard?
I'm sorry, but googling 'goatse' was not on the list of activities I had planned for the night. I mean, seriously? This said, you have my admiration for your fortitude and thanks for the sacrifices for the cause.
Also, really, with a name like 'goatse' most people aren't going to automatically leap to the idea of it being a white-hat group.
assholes (Score:5, Insightful)
FUCKED! UP!
Re:Ha ha, I love the genius of the hackers' name (Score:5, Insightful)
I don't know if I would call them journalists:
Title: Apple's Worst Security Breach
"Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the cellular-enabled tablet—could be vulnerable to spam marketing and malicious hacking."
This is squarely AT&T's fault, yet the first paragraph implies it was "Apple Worst Security Breach". I also like how they imply that a spammer getting your e-mail address is the be-all-end-all of hacking. Really? These folks have never seen spam before? How will they venture out onto the internet without feeling exposed and dirty? Oh wait. They get a new e-mail address. *sigh*
Re:Not you too, Slashdot (Score:5, Insightful)
Hacker is not a term that means you are the bad guy although it conjures the fear in the ignorant (i.e. the general public). It just meant someone who hacks.
This was a hack.
http://en.wikipedia.org/wiki/Hack_(technology) [wikipedia.org]
Re:Not you too, Slashdot (Score:3, Insightful)
I have to admit, I had to ignore years of experience with Internet forums to follow a link to "goatse.fr."
Re:Not you too, Slashdot (Score:3, Insightful)
These guys aren't hackers. They are security advisors. They are the good guys.
So, if you were one of the people who had their personal email leaked, would you be thanking the good guys right now for doing it? It's sort of like if a security consultant pushed somebody through a broken railing to "demonstrate" the flaw in security. Couldn't they have just called AT&T and pointed it out? Or would that not have been rad enough?
"Not misused"? (Score:1, Insightful)
How is handing email addresses over to Gawker (i.e. a third party) anything other than misusing them?
Why is this "news"? (Score:2, Insightful)
It's not a hack, it's only indirectly related to Apple (despite Gawker's attempts to paint it otherwise), and the government email addresses that were "exposed" are public anyway. It's not difficult for me to send email to Rahm Emanuel. Goatse's brute force script isn't that interesting (see http://praetorianprefect.com/archives/2010/06/114000-ipad-owners-the-script-that-harvested-their-e-mail-addresses/ [praetorianprefect.com]) so why are we wasting so much time on this non-story?
Downloading 114k users != white hat (Score:3, Insightful)
A white hat would see the hole, download a few to verify, write a script as a proof of concept and verify that the script worked, and then report the hole to AT&T. Downloading over 100,000 email addresses and sending them to the press is NOT what responsible security researchers do.
Re:assholes (Score:2, Insightful)
Re:Ha ha, I love the genius of the hackers' name (Score:2, Insightful)
I like how they seem to think it's amazing to get some of those e-mail addresses, I mean, come on, just look at it:
http://cache.gawkerassets.com/assets/images/7/2010/06/500x_ileakinside3.jpg [gawkerassets.com]
Do you think Les Hintons e-mail address may be les.hinton@dowjones.com ?!
Top secret!
Re:Ha ha, I love the genius of the hackers' name (Score:3, Insightful)
You think if Vodafone got a bunch of iPads and was selling them at $1 on a 5 year plan that apple wouldn't shit itself?
As long as Vodafone paid Apple what they agreed upon, I doubt Apple would care. Why would they?
The security breach was with AT&T, because it was on their servers and only affected their customers.
Sensible l (Score:2, Insightful)
Re:No relation (Score:3, Insightful)
There were plenty of much more responsible ways to get that vulnerability fixed. That was clearly not the intent of the people involved, since they chose this course of action rather than a responsible one.
Re:Not you too, Slashdot (Score:3, Insightful)
Language evolves, whether we like it or not. I used to be a gay hacker untill they changed the meaning of "gay" and "hacker", now I'm just a happy nerd.
Changing the meaning of "hacker" only affects us, but when they changed "gay" it affected hundreds of years of song and poetry -- "Deck the Halls" for example. I have an MP3 I ripped from an old 78 with lyrics "gay as a New Year's party"; it has a completely different meaning today than it did in my dad's youth, because the meaning of the word has changed.
We just have to live with it. I blame Hollywood for the change in "hacker". Blame gays for the change of "gay".