Two hackers who exploited a flaw on AT&T's website to extract the email addresses of 120,000 iPad owners were charged with fraud and conspiracy to access a computer without authorization.CNN reports that Andrew Auernheimer, 25, of Fayetteville, Arkansas, and Daniel Spitler, 26, of San Francisco, California, were arrested on Tuesday morning by the FBI.
Back in June 2010, the two men took advantage of a security vulnerability on the AT&T website to harvest the email addresses of iPad 3G owners.
The security issue was not technically difficult to exploit. It consisted of a publicly available script which, if provided with an iPad ICC-ID, returned the email address associated with it.
The hackers created a script that randomly tried ID numbers and managed to recover over 120,000 email addesses, some of which belonged to high profile individuals.
New York City Mayor Michael Bloomberg, former White House chief of staff Rahm Emanuel and Hollywood producer Harvey Weinstein were amongst the victims.
The criminal complaint describes the men's actions as a brute force attack against AT&T's services which had the intention of causing monetary losses to the company and damaging its reputation.
The hackers argued that they did not profit from the compromise and stressed that they only did it in order to raise awareness about the vulnerability.
It's worth noting that Auernheimer and Spitler initially reported the exposure of 114,000 emails and associated iPad ICC-IDs, but the official complaint notes over 200,000.
In November 2010, after learning that a case was being built against him, Andrew Auernheimer, aka weev, wrote an open letter to New Jersey Assistant U.S. Attorney Lee Vartan.
In it, he claimed that the searching of his home was unjust and said that the government should work together with his group of hackers instead of trying to prosecute him.
"AT&T needs to be held accountable for their insecure infrastructure as a public utility and we must defend the rights of consumers over the rights of shareholders," he said in the letter.