Someone broke into the website of Goatse Security, the hacking group whose members exploited a hole in AT&T's systems last year to extract information about iPad owners.The attacker left an offensive message on the greyhat hackers' website, accusing them of self-aggrandizement.
He made his reasons for the attack pretty clear by writing that "
In cracking this site, I have sent specially crafted requests to the server with my browser ID spoofed to that of an iPad."
Please know that while this was not instrumental in this wondrous crack, it _WAS_ poetic in many ways. I also gave Goatsec the same warning that they gave AT&T... none at all, to patch their gaping hole."
The damage done to the site consisted mostly of deleted accounts and changed passwords, but the Goatsec webmasters managed to quickly restore it.
Considering that the site has little traffic and hosts no critical services, the hack's overall impact was very limited and was all about making a statement.
A Goatsec member
told CNET the attacker obtained root access to the Web server and characterized the whole incident as ironic because in doing so they ended up breaking more laws than the people he was protesting against.
Goatsec members Andrew Auernheimer, aka Weev, and Daniel Spitler, aka JacksonBrown, were officially
charged earlier this month with fraud and conspiracy to access a computer without authorization for their attack against AT&T.
The two hackers took advantage of a script on the company's website which returned email addresses if provided with valid iPad ICC-ID.
They then wrote a program to automatically generate and submit IDs which allowed them to harvest 120,000 email addresses, some of which belonged to high profile individuals.
AT&T is not happy with their claim that the attack's only purpose was to raise awareness about the security flaw and believes they wanted to damage its reputation.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
