or Connect
AppleInsider › Forums › Mobile › iPad › FBI investigating AT&T security breach that revealed iPad owner emails
New Posts  All Forums:Forum Nav:

FBI investigating AT&T security breach that revealed iPad owner emails

post #1 of 28
Thread Starter 
The Federal Bureau of Investigation said Thursday that it has begun a probe into an AT&T security breach that exposed the email address of over 100,000 registered iPad owners.

"The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat," FBI spokesman Jason Pack said.

The move comes one day after AT&T acknowledged that a security flaw on its website made it possible for hackers to query its database and uncover the email addresses of customers who had registered to use its mobile broadband service on their iPhone 3G.

"This issue was escalated to the highest levels of the company and was corrected by Tuesday," the carrier said. "We are continuing to investigate and will inform all customers whose e-mail addresses may have been obtained."

The attack on AT&T's web servers resulted in at least 114,000 iPad 3G users' emails being leaked to Goatse Security hackers when batches of iPad ICC-IDs were entered via specially formatted HTTP requests.

The group automated requests of the email address information for a wide swath of ICC-ID serial numbers using a script. Although the exploit revealed the addresses of several prominent government and corporate officials, no other information was revealed as part of the breach.

A representative for Goatse Security told the Wall Street Journal that it 'hasn't heard from law enforcement and that it didn't do anything illegal, so doesn't see why it would.'
post #2 of 28
I am going to have to advocate taser usage.
post #3 of 28
omg, the FBI agent's name is Pack. Is any of this real?
post #4 of 28
post #5 of 28
...hasn't done anything illegal..." OMG, are we going to do this AGAIN!!!!

We have a serious crisis in morality and ethics now days
post #6 of 28
These Goatses shared the info with Gawker Media, and after the lost/stolen iPhone4 debacle, well...
post #7 of 28
Okay. Let's hear it from the AT&T defenders.
post #8 of 28
Quote:
Originally Posted by Jerseymac View Post

Okay. Let's hear it from the AT&T defenders.

I don't get it?
This is simply an article stating the FBI is investigating what happened and who may have done it.
post #9 of 28
Quote:
Originally Posted by sip View Post

These Goatses shared the info with Gawker Media, and after the lost/stolen iPhone4 debacle, well...

Gawker is already in a deep hole and they don't have the sense to stop digging (if you will pardon the expression).
post #10 of 28
Quote:
Originally Posted by Jerseymac View Post

Okay. Let's hear it from the AT&T defenders.

They fixed it almost right away and it's not as bad as the oil spill.
post #11 of 28
....even Michael Bloomberg said so.


New York Mayor Michael Bloomberg, whose e-mail address was exposed because of the security vulnerability with his new iPad, shrugged it off Thursday and said he didn't understand the fuss.

"It shouldn't be pretty hard to figure out my e-mail address," Bloomberg said, "and if you send me an e-mail and I don't want to read it, I don't open it. To me it wasn't that big of a deal."
post #12 of 28
Nobody cares about celebrities being on that list but when you got Pentagon officials, White House staff, DARPA officials (who work on highly classified projects) that's another story and surely will invite the FBI. It may only be email addresses but what will be compromised next if this happens again?
post #13 of 28
Quote:
Originally Posted by Wurm5150 View Post

Nobody cares about celebrities being on that list but when you got Pentagon officials, White House staff, DARPA officials (who work on highly classified projects) that's another story and surely will invite the FBI. It may only be email addresses but what will be compromised next if this happens again?

More e-mail addresses will be "compromised?" As if they are even remotely secure to being with?

Really, I'm finding this entire episode to be a hoot and a half.
Please don't be insane.
Reply
Please don't be insane.
Reply
post #14 of 28
Quote:
Originally Posted by Dr Millmoss View Post

More e-mail addresses will be "compromised?" As if they are even remotely secure to being with?

Really, I'm finding this entire episode to be a hoot and a half.

They'll be fishing for info beyond email addresses? I work for the Air Force and believe me the DoD doesn't take any type of compromise lightly even if it's as small as email address breach.
post #15 of 28
It is amazing to see the number of hyperventilated, breathless, poorly reported, negative stories about Apple in the past couple of weeks -- iAd and Google, broken iPhone screen, Foxconn suicides, whether 326 ppi is truly 'retina screen,' wifi meltdown, iPad security breach....... it goes on and on. I know I am missing many many more.

It's getting to be ridiculous. Yet, Apple's PR still does not feel compelled to counter any of these distortions.

Time will tell if that's a smart strategy or not.

Speaking for myself, I am beginning to have my doubts on Apple's 'strategery' here.
post #16 of 28
Quote:
Originally Posted by quinney View Post

They fixed it almost right away and it's not as bad as the oil spill.

So typical. What happened to the part where they didn't tell anyone for two days?
post #17 of 28
As I posted elsewhere:

Has anybody checked out the Goagtse Security web site?

If you had, you would have found posted at the bottom of their web site at http://security.goatse.fr/ :
Quote:
Goatse Security is a wholly owned subsidiary of the GNAA


And checking out GNAA is, …well you decide. http://www.gnaa.eu/ In any event, I feel that disclosing confidential information as was done here*, should be equally illegal as buying stolen items or being an accessory after the fact.

*

Quote:
A group known as Goatse Security has published the personal e-mail addresses of the victims—many of whom are popular celebrities, prominent executives and high-ranking dignitaries—that it obtained by exploiting an automated script on an AT&T server.

http://www.macworld.com/article/1519...data_leak.html


post #18 of 28
Quote:
Originally Posted by anantksundaram View Post

It is amazing to see the number of hyperventilated, breathless, poorly reported, negative stories about Apple in the past couple of weeks -- iAd and Google, broken iPhone screen, Foxconn suicides, whether 326 ppi is truly 'retina screen,' wifi meltdown, iPad security breach....... it goes on and on. I know I am missing many many more.

It's getting to be ridiculous. Yet, Apple's PR still does not feel compelled to counter any of these distortions.

Time will tell if that's a smart strategy or not.

Speaking for myself, I am beginning to have my doubts on Apple's 'strategery' here.

Isn't it now part of the release profile that has happened for the last couple of Apple products? Apple announces some really cool kit, suddenly breathless announcements starting popping up and the media go berserk with odd, goofy and highly reactionary stories. The actual release comes and things quiet down a bit.

Hmmmm. reminds me of something else............... hmmmmmm.

*Lights up a cigarette* I knew there was something truly satisfying about Apple. And yeah it WAS good for me.
post #19 of 28
Quote:
Originally Posted by Jerseymac View Post

So typical. What happened to the part where they didn't tell anyone for two days?

If I was seriously defending them, you would know it (or maybe you wouldn't)
post #20 of 28
... \ ...
"Why iPhone"... Hmmm?
Reply
"Why iPhone"... Hmmm?
Reply
post #21 of 28
Quote:
Originally Posted by quinney View Post

If I was seriously defending them, you would know it (or maybe you wouldn't)

Oh. So it was a joke instead of some kinda shot. Most amusing.

And you followed it up by taking a shot. Typical.
post #22 of 28
Quote:
Originally Posted by anantksundaram View Post

It is amazing to see the number of hyperventilated, breathless, poorly reported, negative stories about Apple in the past couple of weeks -- iAd and Google, broken iPhone screen, Foxconn suicides, whether 326 ppi is truly 'retina screen,' wifi meltdown, iPad security breach....... it goes on and on. I know I am missing many many more.

It's getting to be ridiculous. Yet, Apple's PR still does not feel compelled to counter any of these distortions.

Time will tell if that's a smart strategy or not.

Speaking for myself, I am beginning to have my doubts on Apple's 'strategery' here.

Even if Apple isn't publicly responding to bad reporting, that doesn't necessarily mean that they aren't doing anything to repsond to misreported stories. I think the reporter is more likely to get a phone call from someone in Apple PR than Apple sending out a press release to refute it.
Please don't be insane.
Reply
Please don't be insane.
Reply
post #23 of 28
Quote:
Originally Posted by SHOBIZ View Post

...hasn't done anything illegal..." OMG, are we going to do this AGAIN!!!!

We have a serious crisis in morality and ethics now days

Affirmative.
post #24 of 28
Quote:
Originally Posted by quinney View Post

omg, the FBI agent's name is Pack. Is any of this real?

Yup is truth, the e-mail of the Chief of staff was among other emails stolen. Senate members and other high profile people also.
post #25 of 28
Quote:
Originally Posted by plokoonpma View Post

Yup is truth, the e-mail of the Chief of staff was among other emails stolen. Senate members and other high profile people also.

You don't think it's possible to get the email for the Chief of Staff by other means?

I'm not saying it's OK. It's not - for a lot of reasons. AT&T should be thankful it was only email addresses that were discovered because ANY release of customer information is a really bad thing. If I were an exec there, we'd have a top to bottom review of security processes (actually, if I were there, we'd be doing that routinely). But, fortunately, release of an email address isn't the end of the world. Heck, you might even get more offers from Nigeria.

Quote:
Originally Posted by AppleInsider View Post

A representative for Goatse Security told the Wall Street Journal that it 'hasn't heard from law enforcement and that it didn't do anything illegal, so doesn't see why it would."

Goatse and Gawker make a good pair. No concept of morals or law. I guess it never occurred to them that it sometimes takes a little while for LE to put a case together. Not to mention that simply because something is legal doesn't make it right.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #26 of 28
The Goatse Security folks are going to jail, even if the government has to make up a new law to convict them with.

Surely they will plea bargain it down to something less, do a few years, and gain the free notoriety, book deals, movie deals and what-not.

Even if they can't profit from their crime (even if it's not a crime now it soon will be) directly, they certainly will be hired for other penetration (did I really say that?) testing.
post #27 of 28
Quote:
Originally Posted by SpotOn View Post

The Goatse Security folks are going to jail, even if the government has to make up a new law to convict them with.

I think there's a law against making up laws against actions which were not against the law at the time they were committed.

Also, I'm not sure Goatse is in the US, which may make it more difficult to prosecute.

That said, there are apparently enough related precedents that if jurisdiction can be established there may well be a reckoning for Goatse.
post #28 of 28
Interesting details that didn't make it into much of the alarmist lay press:
http://security.goatse.fr/blog/
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPad
  • FBI investigating AT&T security breach that revealed iPad owner emails
AppleInsider › Forums › Mobile › iPad › FBI investigating AT&T security breach that revealed iPad owner emails