As reported today by various sources, on June 23, 2011 in Newark, Daniel Spitler, 26, of San Francisco, California, pleaded guilty in federal court to hacking into AT&T’s computer servers last year and stealing the e-mail addresses and personal data of about 114,000-120,000 Apple iPad users, out of which 16,000 belong to New Jersey users.
Spitler pleaded guilty to one count of conspiracy to gain unauthorized access to computers connected to the Internet and a second count of identity theft, and admitted carrying out the breach with Andrew Auernheimer, 25, of Fayetteville, Arkansas, and later blogging about it on the website Gawker. Spitler reportedly confessed to being a member of the Goatse Security group as part of his guilty plea.
Spitler told U.S. District Judge Susan D. Wigenton that he and Auernheimer were both members of Goatse Security, an association of hackers and “trolls” — people who disrupt Internet services and content, often treating security breaches as a game and bragging about it to enhance their notoriety. Gawker published an article on the breach as well as a redacted version of the stolen information.
AT&T’s servers were attacked over several days in early June of last year. Spitler and Auernheimer wrote a program targeting a security vulnerability in AT&T’s servers that allowed mining personal data from users of the touch-screen tablet computers with AT&T’s 3G wireless network.
As a result of a plea agreement, Spitler could face 12 to 18 months in prison when he is sentenced in September. The charges against Auernheimer, who left police custody in March on $50,000 bail are still pending.