Group 12 Hacks
Andrew Auernheimer
By Weev (talk) - I (Weev (talk)) created this work entirely by myself., CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=15281571
What Happened: Andrew discovered a hole in AT&T’s website, in which, granted him access to AT&T email addresses of iPad users. They were able to do this by bypassing all the security systems, such as passwords, as a simple malfunction was discovered. He breached personal data and information, revealing it to anyone who wanted the information. How It Happened: The hole aloud the infiltrators to gain almost instant access into AT&T’s emails. Little work was to be done as a malfunction in the franchises site enabled him to gain access to personal details. As Andrew is an expert in ‘Goatse Security’ a specialist group in hacking, was able to easily hack through the website. He mentioned that they used a basic security practice, in which also helped him hack into the website. In terms of the 120,000 iPad user emails stolen, Andrew understood that in order to receive these details, he would need an ICC-ID from the users. In order to achieve this, he created a script in which acted as various iPads contacting the site, trying to harvest the e mails of these iPad users. Andrew posted a comment on reddit the day before his sentencing stating “My regret is being nice enough to give AT&T a chance to patch before dropping the dataset to Gawker. I won’t nearly be as nice next time.” Clearly he is stating that he is preparing for another attack on AT&T after his release. Federal prosecutors used this post to support their reach for a 4 year sentence. The ethical issues of the case: Andrew Auernheimer had the decision of choosing whether to infiltrate AT&T’s personal data (unethical) or to report the incident to the company (ethical). He chose the unethical solution, therefore dealing with the consequences, was arrested. He was served a 3.5 years sentence for his crimes. The most prominent ethical issue revealed in this case, is the invasion of Privacy. In relation to this case, Andrew released private detailed information to anyone who wanted it, a serious breach in privacy. The security and protection taken against it or what may have already been in place: Andrew Auernheimer is apart of a hacking group, known as ‘Goatse Security’ system, a group that are specialists in hacking and infiltrating networks.With a simple flaw in the website, and a common security practice, Andrew was able to infiltrate AT&T’s website with ease. However, if AT&T had used a much more sophisticated and advanced security system, perhaps this event may have been prevented. AT&T appeared to not have had a secure enough network, leaving a hole in their network systems.