DOCUMENT: Internet, Crime

FBI Affidavit Details iPad Hack Probe

Suspect offered stolen data to News Corp., Reuters


View Document

iPad Hack Warrant

JANUARY 18--One of the hackers accused of stealing the e-mail addresses and personal information of about 120,000 Apple iPad owners lauched a “brute force” attack on AT&T to harvest the data, which they then offered to provide to two large news organizations with the promise that, “I would be absolutely happy to describe the method of the theft.”

Details of the FBI probe that led to fraud and conspiracy charges being filed against Andrew Auernheimer and Daniel Spitler are contained in documents filed in support of a search last year of Auernheimer’s Arkansas home. An excerpt from an affidavit sworn by Agent Christian Schorle can be found here.

A criminal complaint unsealed today alleges that the security flaw was first discovered by Spitler, 26, who reported that, “I hit fucking oil” after some advice from Auernheimer got him out of a technical “rut.” Chat logs obtained by the FBI from a confidential source show the men discussing the value of the AT&T data and e-mail addresses, with Spitler mentioning  “ipad focused spam.” In another chat, Auernheimer, 25, told Spitler that “absolutely may be legal risk yeah, mostly civil you absolutely could get sued to fuck.” Auernheimer is pictured in the above mug shot.

After the gossip blog Gawker reported on the AT&T breach, Spitler “was afflicted by ‘post-troll paranoia’ and solicited advice” from fellow hackers, according to the criminal complaint. The exultant Auernheimer, it seems, had no such second thoughts. In chats, he wrote of succeeding in dropping “the stock price,” adding that “we fucking win and I get to like spin us as a legitimate security organization.” He also advised Spitler to destroy “evidence of their crime,” noting that, “yes we emerged victorious,” according to the U.S. District Court complaint.

In its original report, Gawker referred to Auernheimer and his anonymous “Goatse Security” cohorts as a “web security group” that had actually “notified AT&T of the breach and the security hole was closed.” In fact, according to investigators, “contrary to the Gawker Article, neither defendant nor anyone from Goatse Security” had ever contacted the telecommunications giant.

According to Schorle's affidavit, Auernheimer--writing from his Gmail account sent an e-mail to Arthur Siskind, a member of the board of Rupert Murdoch’s News Corporation. Noting that an “information leak on AT&T’s network” allowed details about Siskind and other media and tech figures to be “pulled straight out of AT&T’s database,” Auernheimer wrote that, “If a journalist in your organization would like to discuss this particular issue with us,” he would agree to detail the hack. The FBI affidavit does not disclose whether Siskind (or any other News Corporation officials) responded to Auernheimer’s entreaty.

In a second e-mail sent to “various executives at Thomson Reuters,” Auernheimer also offered himself up for an interview to describe the AT&T “data harvest,” which was achieved via a computer script dubbed “the iPad 3G Account Slurper.”

The e-mails to Siskind and Thomson Reuters were sent several days before “the authors of the Account Slurper provided the stolen e-mail addresses and corresponding ICC-IDs” to Gawker. The site, the FBI reported, “proceeded to publish on its website the stolen information.”

In a variety of comments after the AT&T breach, Auernheimer claimed credit for the hack, according to the FBI affidavit. In one online post cited by Agent Schorle, Auernheimer wrote, “This story has been broken for 15 minutes, twitter is blowing the fuck up, we are on the forntpage [sic] of google news and we are on drudge report (the big headline).”

It was only after news outlets began reporting that the FBI had launched a criminal probe of the incursion that Auernheimer began to distance himself from the attack, claiming in subsequent interviews that, “I did not do it. I am just a publication agent.” However, according to the criminal complaint, Auernheimer “again took credit” for the AT&T breach in a November 17 e-mail to a federal prosecutor in New Jersey. “AT&T needs to be held accountable for their insecure infrastructure as a public utility and we must defend the rights of consumers, over the rights of shareholders,” wrote Auernheimer.

The search warrant authorized agents to seize computer equipment, any communications between other suspected hackers, and “all correspondence with and posts to” Gawker. The warrant also allowed probers to seize correspondence related to an Auernheimer group known as “Gay Nigger Association of America,” or GNAA.

Along with providing an account of the probable cause established to raid Auernheimer’s Fayetteville home, the FBI affidavit also helpfully provided bureau definitions of “trolls” and a footnoted descripton of “furries.” (13 pages)

Comments (4)

I'm guessing Auernheimer will also get to be involved in a somewhat different "Gay N***** Association of America" in prison.
I have mixed feelings here with this one. Clearly this guy has a god complex. I do believe that companies who charge for services and are negligent in security for their paying clients should be held accountable. This toad is off his nut but that is the price we pay to use the internet. I agree that there is no such thing as internet security, entirely. Good guys are always way behind the bad guys. I want ATT to pay for the cost of this entire prosecution. Taxpayers should not be footing the bill for their gross negligence. Um...perhaps should have said he had a "jesus complex" due to that truly unfortunate facial hair.
The worst part of this was that these idiots really thought they had true value in 120,000 email addresses and phone numbers. The amount of information collected equals out to roughly 120 possible responses to anything they are promoting. What's this mean? After scrubbing the data these supposed "HaX0rs" would be better off placing an ad on Craigslist for what ever they are thinking about spamming. Ok, so wtf are you going to promote to an iPad user anyway, lets make cell phones smaller and start carrying an iPad, won't last ..Verizon only finally got the iPhone because of the new Windows Phone sales in China, and sales projections for the next three years. The iPhone 4,5,6 will be made but not the technology stirmaster we know it as. But back to the topic, ignorance is definately in the house with these two..focus goobers..
Sounds like this may be yet another buffer overflow vulnerability. Just going by the "brute force" reference so I could be wrong. But if it is, there is no excuse for AT&T to leave itself open to this sort of thing.