FBI Investigating iPad E-Mail Leaks

CWmike writes "The Federal Bureau of Investigation has opened an investigation into the leak of an estimated 114,000 Apple iPad user e-mail addresses. Hackers belonging to a group called Goatse obtained the e-mail addresses after uncovering a web application on AT&T's website that returned an iPad user's e-mail address when it was sent specially written queries. After writing an automated script to repeatedly query the site, they downloaded the addresses, and then handed them over to Gawker.com. Now the FBI is trying to figure out whether this was a crime. US law prohibits the unauthorized accessing of computers, but it is unclear whether the script that the Goatse group used violated the law, said Jennifer Granick, civil liberties director with the Electronic Frontier Foundation. 'The question is, when you do an automated test like this, [are you] getting any type of unauthorized access or not,' she said. If it turns out the data in question was not misused, it is unlikely that federal prosecutors will press charges, she added."

Not you too, Slashdot

[Kashell]

These guys aren't hackers. They are security advisors. They are the good guys. I suppose the editors didn't bother, you know, clicking a few links?

Here, I've done your homework. Was it that hard?

http://security.goatse.fr/blog/

>>
"Anyways, there was no illegal activity or unauthorized access, this was not a shady backroom hookers and blow deal with Nick Denton as revenge for the iPhone raid (though that would be totally sweet), we did not sell your data to spammers (on the contrary, we destroyed it after Ryan used it; it had served its purpose to us) and we did not try to hack your iPads. Your iPads are safer now because of us."
>>

Re:Not you too, Slashdot

[blackraven14250]

It wasn't reconfigured or reprogrammed to change the function of the script on AT&T's website. The system was doing exactly what it was intended to do, give the iPad information as a number was given to the script. It gave the information to the wrong people, because the script was public, but that doesn't qualify. These guys didn't change anything on AT&T's side, just utilized tools that were already there.

Re:Not you too, Slashdot

[DJRumpy]

They may have discovered it, but they didn't report it to AT&T. From TFA:

"The person or group who discovered this gap did not contact AT&T."

Not that 'good' in my opinion.

Re:AT&T - not Apple

[Anonymous Coward]

I realize saying AT&T made the headline more sensational, but really - RTFA and you'll see this is AT&T's data breach, NOT Apple's

Please explain the logic underlying this sentence.

Re:Someone is lying, who do you think it is?

[OverlordQ]

From their 'goatse security' homepage (before they edited it)

g0udatron[gapp]: Perl/PHP/js/c/objc/c++ pirate. m68k/z80/mips/x86 asm. series 7, series 66, series 62, series 42 licensed Texas broker. Bane of EFnet #anxiety and co-founder of the CUSSE certification track.

Hurm, what's this CUSSE?

Certified Unethical Security Systems Expert

Huuuuurm?

CUSSE Principles
        * Keeping 0-Days Private
        * IRC
        * Taking down Whitehats
        * Poor Netiquitte
        * Hacking the Planet
        * Ruin
        * No Disclosure
        * Mayhem
        * Nobody is Safe
        * Info is Money
        * Destruction
        * Only Death Saves You
        * Conf

Yup, they sound perfectly professional and believable.

Re:Someone is lying, who do you think it is?

[Krusty_Klown]

The guy admitted in a cnet interview that he did NOT tell AT&T for fear of them coming after him. link [cnet.com]