If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(New Europe)   Plan: 1) Hack into AT&T servers...DONE 2) Get 120,000 iPad users' emails to prove your genius...DONE 3) Get caught and convicted...DONE 4) Get offered a job by the CIA like that movie I once watched...PENDING   (neurope.eu) divider line 10
    More: Fail, iPads, computer fraud, federal jury  
•       •       •

4650 clicks; posted to Main » on 21 Nov 2012 at 9:14 AM (2 years ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



Voting Results (Smartest)
View Voting Results: Smartest and Funniest


Archived thread
2012-11-21 11:52:24 AM  
3 votes:
He didn't hack into shiat. AT&T made the info publicly available, and when he pointed it out, he got charge under a bullshiat and archaic computer law written in 1980.
2012-11-21 12:18:01 PM  
1 votes:

HindiDiscoMonster: FTA: Auernheimer' lawyer disagreed with the "prosecutors' interpretation of what constitutes unauthorized access to a computer under the Computer Fraud and Abuse Act"

Ummm yeah... unless AT&T hired him to do it....

unauthorized; adj.
1> not having any authority
2> without official authorization

/Perhaps the attorney needs to go back to school


Here's another attorney's explanation of this lame defense:

"Auernheimer's bigger problem, and perhaps his best shot on appeal, is that the CFAA doesn't define at all what "access[ing] a computer without authorization" means. Was GoatSec "without authorization" to send guessed ICC-IDs to the login page of AT&T's server, which it made available openly on the Internet? An important fact in the case is that the GoatSec's slurper script never entered anything into the password field of the login page; it just collected the emails the page offered up to it. Who decides who is "without authorization"? The government? The website operator? How do you know the website operator deems you to be "without authorization"? The CFAA gives no answers."

Link
2012-11-21 11:23:50 AM  
1 votes:

FingerlessMittens: The data base should have just gone to ATT to prove that the exploit worked.


It's all speculation either way, but these sort of flaws often go unaddressed -- even with the admins informing management daily -- until it bites them in the ass. Then it was the IT guy's fault the entire time.

/ The main difference between a 20-year-old IT guy and a 30-year-old IT guy is that the latter, if still employed, has learned to document everything
2012-11-21 10:12:31 AM  
1 votes:
The register has an article on it here:http://www.theregister.co.uk/2012/11/21/ipad_hacker_conviction/

"The case is been closely watched in the information security community because Auernheimer recovered the data from the AT&T website without bypassing any security controls."

The article contains a link to a blog post where they build the argument that what was done is little different from trying a url and seeing where it goes:

"But what are the limits of implicit authorization? Let's say you are reading a website that has "articleId=31337" at the end. You wonder what the next article is, so you go to the URL and change it "articleId=31338" and hit return. Have you "exceeded authorized access"? It's hard to say. If article "31337" is public, why not "31338"?

But in our scenario, let's say that article "31338" is a press release that is not intended to be published until tomorrow announcing the quarterly corporate earnings. While the article itself is online, a link to it won't be posted to the home page until tomorrow, so not even Google spiders can find it. Because you've gotten early access, you can make a huge profit buying/selling stocks.

Is it your fault for accessing the pre-posted financial results? Or their fault for making them accessible? What does the Computer Fraud and Abuse Act say on this matter?
"

I doubt the guy is as innocent as they claim but I equally suspect that ATT were lazy/stupid.
2012-11-21 09:37:05 AM  
1 votes:

abhorrent1: Goatse Security? LMAO


They found a hole in the back door.
2012-11-21 09:33:24 AM  
1 votes:

HindiDiscoMonster: FTA: Auernheimer' lawyer disagreed with the "prosecutors' interpretation of what constitutes unauthorized access to a computer under the Computer Fraud and Abuse Act"

Ummm yeah... unless AT&T hired him to do it....

unauthorized; adj.
1> not having any authority
2> without official authorization

/Perhaps the attorney needs to go back to school


except the CFAA isn't written that clearly. Everyone knows he committed the act, the lawyer is trying to push an interpretation of the law that says his clients act isn't technically covered by it. All he has to do is get a judge to buy his version. It's what you do when your client is clearly guilty.
2012-11-21 09:27:29 AM  
1 votes:
US government explained that the accused used an "account slurper" that was designed to match email addresses with "integrated circuit card identifiers" for iPad users, and which conducted a "brute force" attack to extract information about those users, who accessed the Internet through AT&T's network.

Bullshiat. Any halfway competent server should eject you and log the IP after a half-dozen or so unsuccessful attempts. If they're talking about locally decrypting a short password, then that's something else.

/waits for AT&T joke.
2012-11-21 09:24:57 AM  
1 votes:
Jukt Micronics is hiring.
2012-11-21 09:24:24 AM  
1 votes:
FTA: Auernheimer' lawyer disagreed with the "prosecutors' interpretation of what constitutes unauthorized access to a computer under the Computer Fraud and Abuse Act"

Ummm yeah... unless AT&T hired him to do it....

unauthorized; adj.
1> not having any authority
2> without official authorization

/Perhaps the attorney needs to go back to school
2012-11-21 09:23:42 AM  
1 votes:
How well did that work out for Kevin Mitnick?
 
Displayed 10 of 10 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report