Hacker Who Exposed AT&T iPad Security Breach Arrested On Felony Possession Charges



One of the members of the Goatse Security group, which recently exposed the AT&T security breach that exposed over 114,000 iPad 3G customers’ personal data, has been arrested for drug possession following the execution of an FBI search warrant on his home.

24 year old Andrew Auernheimer is now being held in the Washington Country Detention Center in Fayetteville, Arkansas for four felony charges of possession of a controlled substance and one misdemeanor possession charge. The drugs found at his house included cocaine, LSD and ecstasy.

It appears that the search warrant was prompted by complaints made by AT&T, who — in a recent letter to afflicted customers — blamed “hackers” for “maliciously exploit[ing] a function designed to make your iPad log-in process faster by pre-populating an AT&T authorization page with the email address you used to register your iPad for 3G service.”

That’s one way of putting it. Another way of putting it is that AT&T’s security malfeasance exposed the private user details of over a hundred thousand customers, and are now busy hunting down and vilifying the benign group of security activists who alerted them to the problem before less well-meaning hacker groups could exploit the data.

While Auernheimer’s arrest for drug charges is obviously warranted by the letter of the law, it’s hard to escape the fact that the Feds shouldn’t have even been at his house. Goatse did both the public and AT&T a service by publicizing a dangerous security vulnerability before it could be maliciously exploited. They didn’t publish the exploit until AT&T had closed the hole. They insisted that any published customer records had the personal information removed first.

In short, without these guys, this security hole would still exist and over a hundred thousand iPad users would still be at risk. Instead, AT&T is publicly vilifying them and they are getting their houses raided. Always a class act!