One of the hackers accused of exploiting a hole on AT&T's website to extract the email addresses of iPad users pleaded guilty to identity theft and conspiracy to gain unauthorized access to a computer system.Daniel Spitler, 26, of San Francisco admitted to writing an automated script which generated valid iPad ICC-ID and inserted them into AT&T website in to extract information about the owners.
According to IRC chat logs obtained by prosecutors, Spitler discussed with Andrew Auernheimer, 25, a co-defendant in the same case, the possibility of the harvested emails being used for phishing.
"This could be like, a future massive phishing operation like this is valuable data we have [...] a potential complete list of AT&T iphone subscriber emails," said Auernheimer. "Ipad but yeah" responded Spitler.
The two hackers, members of a group called Goatse Security, executed the attack soon after the iPad launch in June 2010 and managed to extract 120,000 email addresses belonging to early subscribers.
The victims included high-profile individuals like New York City Mayor Michael Bloomberg, former White House chief of staff Rahm Emanuel, Hollywood producer Harvey Weinstein, New York Times CEO Janet Robinson and journalist Diane Sawyer.
Spitler surrendered to FBI agents back in January. His alleged accomplice, Auernheimer, was arrested the same month in Fayetteville, Arkansas. He has not yet entered a plea.
Spitler faces a total of 10 years in prison and fines of $500,000 for the two counts. His sentencing is scheduled for September 28 in Newark federal court.
"Computer hackers are exacting an increasing toll on our society, damaging individuals and organizations to gain notoriety for themselves. Daniel Spitler's guilty plea is a timely reminder of the consequences of treating criminal activity as a competitive sport," said New Jersey U.S. Attorney Paul Fishman.