Forgot your password?
typodupeerror
Privacy Security Apple Your Rights Online

FBI Investigating iPad E-Mail Leaks 209

Posted by timothy
from the seeking-cause-of-action dept.
CWmike writes "The Federal Bureau of Investigation has opened an investigation into the leak of an estimated 114,000 Apple iPad user e-mail addresses. Hackers belonging to a group called Goatse obtained the e-mail addresses after uncovering a web application on AT&T's website that returned an iPad user's e-mail address when it was sent specially written queries. After writing an automated script to repeatedly query the site, they downloaded the addresses, and then handed them over to Gawker.com. Now the FBI is trying to figure out whether this was a crime. US law prohibits the unauthorized accessing of computers, but it is unclear whether the script that the Goatse group used violated the law, said Jennifer Granick, civil liberties director with the Electronic Frontier Foundation. 'The question is, when you do an automated test like this, [are you] getting any type of unauthorized access or not,' she said. If it turns out the data in question was not misused, it is unlikely that federal prosecutors will press charges, she added."
This discussion has been archived. No new comments can be posted.

FBI Investigating iPad E-Mail Leaks

Comments Filter:
  • by Kashell (896893) on Thursday June 10, 2010 @11:09PM (#32531390)
    These guys aren't hackers. They are security advisors. They are the good guys. I suppose the editors didn't bother, you know, clicking a few links?

    Here, I've done your homework. Was it that hard?

    http://security.goatse.fr/blog/

    >>
    "Anyways, there was no illegal activity or unauthorized access, this was not a shady backroom hookers and blow deal with Nick Denton as revenge for the iPhone raid (though that would be totally sweet), we did not sell your data to spammers (on the contrary, we destroyed it after Ryan used it; it had served its purpose to us) and we did not try to hack your iPads. Your iPads are safer now because of us."
    >>
  • by blackraven14250 (902843) on Thursday June 10, 2010 @11:28PM (#32531478)
    It wasn't reconfigured or reprogrammed to change the function of the script on AT&T's website. The system was doing exactly what it was intended to do, give the iPad information as a number was given to the script. It gave the information to the wrong people, because the script was public, but that doesn't qualify. These guys didn't change anything on AT&T's side, just utilized tools that were already there.
  • by DJRumpy (1345787) on Thursday June 10, 2010 @11:29PM (#32531488)

    They may have discovered it, but they didn't report it to AT&T. From TFA:

    "The person or group who discovered this gap did not contact AT&T."

    Not that 'good' in my opinion.

  • Re:AT&T - not Apple (Score:1, Informative)

    by Anonymous Coward on Friday June 11, 2010 @12:29AM (#32531814)

    I realize saying AT&T made the headline more sensational, but really - RTFA and you'll see this is AT&T's data breach, NOT Apple's

    Please explain the logic underlying this sentence.

  • by OverlordQ (264228) on Friday June 11, 2010 @01:43AM (#32532116) Journal

    From their 'goatse security' homepage (before they edited it)

    g0udatron[gapp]: Perl/PHP/js/c/objc/c++ pirate. m68k/z80/mips/x86 asm. series 7, series 66, series 62, series 42 licensed Texas broker. Bane of EFnet #anxiety and co-founder of the CUSSE certification track.

    Hurm, what's this CUSSE?

    Certified Unethical Security Systems Expert

    Huuuuurm?

    CUSSE Principles
            * Keeping 0-Days Private
            * IRC
            * Taking down Whitehats
            * Poor Netiquitte
            * Hacking the Planet
            * Ruin
            * No Disclosure
            * Mayhem
            * Nobody is Safe
            * Info is Money
            * Destruction
            * Only Death Saves You
            * Conf

    Yup, they sound perfectly professional and believable.

  • by Krusty_Klown (533651) on Friday June 11, 2010 @02:06AM (#32532218)
    The guy admitted in a cnet interview that he did NOT tell AT&T for fear of them coming after him. link [cnet.com]

Thufir's a Harkonnen now.

Working...