FBI Affidavit Details iPad Hack Probe

JANUARY 18--One of the hackers accused of stealing the e-mail addresses and personal information of about 120,000 Apple iPad owners lauched a “brute force” attack on AT&T to harvest the data, which they then offered to provide to two large news organizations with the promise that, “I would be absolutely happy to describe the method of the theft.”

Details of the FBI probe that led to fraud and conspiracy charges being filed against Andrew Auernheimer and Daniel Spitler are contained in documents filed in support of a search last year of Auernheimer’s Arkansas home. An excerpt from an affidavit sworn by Agent Christian Schorle can be found here.

A criminal complaint unsealed today alleges that the security flaw was first discovered by Spitler, 26, who reported that, “I hit fucking oil” after some advice from Auernheimer got him out of a technical “rut.” Chat logs obtained by the FBI from a confidential source show the men discussing the value of the AT&T data and e-mail addresses, with Spitler mentioning  “ipad focused spam.” In another chat, Auernheimer, 25, told Spitler that “absolutely may be legal risk yeah, mostly civil you absolutely could get sued to fuck.” Auernheimer is pictured in the above mug shot.

After the gossip blog Gawker reported on the AT&T breach, Spitler “was afflicted by ‘post-troll paranoia’ and solicited advice” from fellow hackers, according to the criminal complaint. The exultant Auernheimer, it seems, had no such second thoughts. In chats, he wrote of succeeding in dropping “the stock price,” adding that “we fucking win and I get to like spin us as a legitimate security organization.” He also advised Spitler to destroy “evidence of their crime,” noting that, “yes we emerged victorious,” according to the U.S. District Court complaint.

In its original report, Gawker referred to Auernheimer and his anonymous “Goatse Security” cohorts as a “web security group” that had actually “notified AT&T of the breach and the security hole was closed.” In fact, according to investigators, “contrary to the Gawker Article, neither defendant nor anyone from Goatse Security” had ever contacted the telecommunications giant.

According to Schorle's affidavit, Auernheimer--writing from his Gmail account [email protected] sent an e-mail to Arthur Siskind, a member of the board of Rupert Murdoch’s News Corporation. Noting that an “information leak on AT&T’s network” allowed details about Siskind and other media and tech figures to be “pulled straight out of AT&T’s database,” Auernheimer wrote that, “If a journalist in your organization would like to discuss this particular issue with us,” he would agree to detail the hack. The FBI affidavit does not disclose whether Siskind (or any other News Corporation officials) responded to Auernheimer’s entreaty.

In a second e-mail sent to “various executives at Thomson Reuters,” Auernheimer also offered himself up for an interview to describe the AT&T “data harvest,” which was achieved via a computer script dubbed “the iPad 3G Account Slurper.”

The e-mails to Siskind and Thomson Reuters were sent several days before “the authors of the Account Slurper provided the stolen e-mail addresses and corresponding ICC-IDs” to Gawker. The site, the FBI reported, “proceeded to publish on its website the stolen information.”

In a variety of comments after the AT&T breach, Auernheimer claimed credit for the hack, according to the FBI affidavit. In one online post cited by Agent Schorle, Auernheimer wrote, “This story has been broken for 15 minutes, twitter is blowing the fuck up, we are on the forntpage [sic] of google news and we are on drudge report (the big headline).”

It was only after news outlets began reporting that the FBI had launched a criminal probe of the incursion that Auernheimer began to distance himself from the attack, claiming in subsequent interviews that, “I did not do it. I am just a publication agent.” However, according to the criminal complaint, Auernheimer “again took credit” for the AT&T breach in a November 17 e-mail to a federal prosecutor in New Jersey. “AT&T needs to be held accountable for their insecure infrastructure as a public utility and we must defend the rights of consumers, over the rights of shareholders,” wrote Auernheimer.

The search warrant authorized agents to seize computer equipment, any communications between other suspected hackers, and “all correspondence with and posts to” Gawker. The warrant also allowed probers to seize correspondence related to an Auernheimer group known as “Gay Nigger Association of America,” or GNAA.

Along with providing an account of the probable cause established to raid Auernheimer’s Fayetteville home, the FBI affidavit also helpfully provided bureau definitions of “trolls” and a footnoted descripton of “furries.” (13 pages)