You may remember early last summer when the brand new iPad 3G ended up being a bit of an embarrassment for AT&T thanks to a security exploit. Some industrious hackers managed to use a brute force attack to extract user email addresses and names. Now, Reuters is reporting that Daniel Spitler and Andrew Auernheimer have been arrested and charged with perpetrating the attack. Auernheimer was previously arrested on an unrelated drug charge.
These shady folks created a hacking tool that masqueraded as 3G iPad, and queries AT&T's servers with random ICC numbers. When a number turned out to be valid, the AT&T servers would autofill the corresponding user's real email address and name. The security hole was blamed on a feature AT&T said was included to make log-ins more convenient for users. The hack exposed the information of high-profile politicians, business execs, and journalists. It's no surprise arrests have been the result.
Both defendants were charged with one count of fraud and one count of conspiracy to access a computer without authorization. If convicted, each charge could net the accused five years in prison and a $250,000 fine.