“I hack, I ruin, I make piles of money. I make people afraid for their lives,” said a notorious Internet “troll” charged by federal authorities in New Jersey with stealing email addresses for nearly 120,000 iPad users, including Senators, U.S. Representatives, officials with
the Justice and Homeland Security departments, and executives from Dow Jones, Condé Nast, Time Warner, HBO, Goldman Sachs, and JP Morgan, as well as
New York Mayor Michael Bloomberg
In published interviews, Andrew “Escher” Auernheimer claimed he hacked into AT&T servers to show how vulnerable they were. He later accused a prosecutor in Newark of conducting a “smear campaign” against him. This came after Auernheimer posted videos urging people to arm themselves with “lots of” guns and saying, “Jesus wasn’t a kike.”
“Oh hey, my security consulting group just found a security breach at AT&T,” Auernheimer, 25, wrote on his blog, weev.livejournal.com , on June 9. “This story has been broken for 15 minutes, twitter is blowing the [expletive] up, we are on the forntpage[sic] of goodle news and we are on the drudge report (big headline).”
A short time later, federal authorities busted him for possession of cocaine, LSD, Ecstasy and pharmaceuticals after the FBI searched his home for computer equipment.
UPDATE/THE FULL STORY : Government: Evidence clearly points to two men as hackers of 120,000 Apple iPad accounts through AT&T : An anti-Semitic blogger who bragged about stealing e-mail addresses and other personal information of 120,000 Apple iPad users by hacking into AT&T’s server, was arrested this morning during a court appearance on a drug charge in Arkansas, while the man believed responsible for cracking the code surrendered to FBI agents in Newark.
In published interviews, Auernheimer — known as “Weev” — admitted to the “brute force” attack but claimed his group “did this as ‘niceguy’ as we could.”
Auernheimer, who has lectured at hackers’ conventions, reportedly told CNET that
Spitler “used this AT&T security maintenance app. It was part of the normal user experience that tipped him off to something that would allow him to scrape this data.”
“If charges are pressed,” Auernheimer insisted, “we will fight it and win.”
Prosecutors in Newark are bringing those charges against Auernheimer and Spitler, 26, for illegally hacking AT&T Inc’s servers, affecting Apple iPad users who accessed the Internet through AT&T’s 3G network, and then bragged about it.
All told, the hackers reportedly swiped email addresses for members of several branches of the military, NASA, the FCC, the Senate, the House of Representatives, the Department of Justice, the Department of Homeland Security and the National Institute of Health, as well as for executives from The New York Times Company, Dow Jones, Condé Nast, Viacom, Time Warner, News Corporation, HBO, Hearst as well as others from Google, Amazon, AOL, Microsoft, Goldman Sachs, JP Morgan, Citigroup and Morgan Stanley.
They even posted a video that shows how they did it:
Authorities say the two men were part of Goatse Security, a hacker group that notoriously exposed a security flaw in AT&T’s system, which allowed them access to the personal information. Despite Auernheimer’s claims, FBI investigators said the breach was made public before AT&T was able to secure the system.
Agents said Auernheimer even emailed a members of News Corp’s Board of Directors, saying, “Your iPad’s unique network identifier was pulled straight out of AT&T’s database.”
“Andrew A” included the News Corp. official’s ICC-ID as proof, and wrote: “We have collected many such identifiers for members of the media and major tech companies, court records show.
“If a journalist in your organization would like to discuss this particular issue with us,” he added in the documented email, “I would be absolutely happy to describe the method of theft in more detail.”PHOTO by Auernheimer
Auernhemier wrote similar emails to various executives at Thomson Reuters, according to an FBI request for a search warrant of his home, and to the former White House chief of staff, Rahm Emanuel, and Diane Sawyer of ABC News. His email address was confirmed by his parents, who lives in Fullerton, CA, the FBI says.
“Security is a myth,” Auernheimer once told an interviewer from an online magazine. “There is no system that cannot be broken.”
Auernheimer turned up on various law enforcement radar screens with a series of YouTube “sermons,” in which he waves a gun while discussing, among other topics, “the biblical basis for keeping and bearing arms and the importance of drinking mescaline.
“Christ said it’s more important to have guns than to have clothes, or to be protected from the cold….,” Auernheimer says on one video, while locking and unlocking a handgun. “You need guns. You need lots of them.”
He urged viewers not to take arms against police. Rather, he said, “Be smart about your violence….You kill only the evil lizards that are responsible for subjugating your perfect society.”
“It is very important for Christians to take mescaline,” Auernheimer adds, during a rant in which he interpret biblical passages as proof that Jesus “wanted to throw a coup on the Jewish government” because they were “lying, murderous pigs.”
“If you think scientology’s expensive, go try to convert to Judaism,” he says into the camera. “See how much they charge you for basic temple services…. Jesus wasn’t a Jew, and Jesus wanted you to f–k shit up.”
He later told Corrupt.com: “For Western values to survive, those who attack them must be exterminated. We should start with the [science fiction and fantasy enthusiasts], and move to the media moguls who are glorifying prostitution and drug use.”
Then, in an interview with The New York Times, Auernheimer reportedly said: “The question we have to answer is: How do we kill four of the world’s six billion people in the most just way possible?”
After he was booted from YouTube, Auernheimer moved his “sermons” to blip.tv . There, he urged “trolls” to continue hacking.
“[W]hat you do matters, what you’re doing is right and good and don’t let anybody tell you it doesn’t have a significant effect, because I know that it does.”
According to the FBI, Auernheimer also told The New York Times he had collected hundreds of Social Security numbers — and, as proof, sent the number of the author of the story.
U.S. Attorney Paul Fishman has scheduled an afternoon news conference to outline the case against Auernheimer and Spitler, both charged with fraud and conspiring to access a computer without authorization.
Spitler will be brought before a federal judge in Newark this afternoon, while Auernheimer is due for his first court appearance in Fayetteville.
Beginning the first week of June, an “iPad 3G Account Slurper” was employed against the AT&T servers, wrote FBI agent Christian Schorte, in the application for a warrant to search Auernheimer’s home.
The slurper, he said, “was designed to mimic the behavior of an iPad 3G so that AT&T servers would falsely believe that the servers were communicating with an actual iPad 3G.”
During the “brute force” attack, the slurper cycled through different possible account numbers until it hit on genuine AT&T accounts, then stole the email addresses and other information, Schorte wrote.
It then provided the addresses to the popular gossip site, gawker.com , the FBI agent said.
Gawker then published an article about the attack, “Breach Details: Who Did It and How,” and AT&T immediately launched an internal investigation.
“The data we gathered was not disclosed publicly,” Auernheimer wrote on his blog. “[We] wanted to LIMIT the public’s exposure to risk, not add to it. I believe we were successful at pursuing that goal.
“When a reporter (I forget whom) asked me if AT&T customers should replace their SIM cards, I answered negatively, as I did not feel that AT&T needed to have a bunch of paranoid customers demanding a new SIM.
“I felt, however, it was appropriate for some iPad owners (military, government and corporate leadership) to be able to be made aware of the issue that their iPad could be geolocated or have traffic intercepted. I thought that it was fair that the public know that if they did not check their email associated with the iPad ICC-ID, they could not be coaxed into clicking a malicious PDF link that could have allowed an attacker to takeover their iPad.
“Issues like this are important for people to be able to mitigate.”
Auernheimer also said he considered it unfair that AT&T called his group malicious.
In an open letter to one of Fishman’s assistant U.S. Attorneys, Lee Vartan, Auernheimer called his prosecution “harassment” and a “smear campaign” that Vartan was conducting through “a desire for professional distinction.” He predicted that the federal prosecutor “may be required to resign” as a result of the investigation.
“[U]ltimately, you will be held accountable to the people for your actions,” Auernheimer wrote, adding that he believed the government was prepared to “engage in the manufacture of evidence” to prosecute him.
“AT&T needs to be held accountable” for its “negligent endangerment of United States infrastructure,” he wrote to Vartan. “We must defend the rights of consumers over the rights of shareholders.
“[W]e should work together for a common goal instead of fighting for territory, and wasting our fiscal and legal resources.”
The government clearly sees things differently.
Because he was “very public concerning his hacking and trolling activities, giving interviews to The New York Times, as well as other publications,” Schorte countered , Auernheimer clearly “was not working for the public interest.”
Click here to sign up for Daily Voice's free daily emails and news alerts.