Modernizing Authentication — What It Takes to Transform Secure Access
Hacker Andrew Auernheimer, 27, was found guilty earlier this week of conspiracy to access a computer without authorization and fraud in connection with personal information, for his involvement in a 2010 AT&T breach that exposed 114,000 iPad owners' e-mail addresses.
"Auernheimer and Daniel Spitler, 26, of San Francisco, California, were charged last year after the two discovered a hole in AT&T’s website in 2010 that allowed anyone to obtain the e-mail address and ICC-ID of iPad users," writes Wired's Kim Zetter. "The ICC-ID is a unique identifier that’s used to authenticate the SIM card in a customer’s iPad to AT&T’s network."
"They wrote a script for a computer and harvested 114,000 addresses -- without ever breaking into anything or cracking a single password," writes LiveScience's Ben Weitzenkorn. "That last detail is important. Because of the way AT&T set up the service, the email addresses were already published and publicly available, though difficult to find. "
"The weird thing about [Auernheimer] being found guilty ... is that he didn’t actually hack anything," writes Macgasm's Kaylie Moise. "He didn’t steal any passwords or break into AT&T’s customer database, which AT&T confirmed during the hearing."
"Tor Ekeland, Auernheimer’s lawyer, said he will appeal the verdict," writes Businessweek's Edvard Pettersson. "'This is a dangerously vague and broad interpretation of what constitutes unauthorized access under the computer fraud and abuse act,' Ekeland said in a telephone interview. 'It criminalizes normal behavior.'"
"After Auernheimer was found guilty on Tuesday, he sent out a Tweet saying he expected these results," writes redOrbit's Michael Harper. "'Hey epals don’t worry! We went in knowing there would be a guilty here. I’m appealing of course,' wrote Auernheimer."
"Auernheimer faces up to 10 years in prison and $500,000 in fines," writes CNET News' Steven Musil.