A hacker in a group that discovered the AT&T iPad-related flaw was arrested on drug charges following the execution of an FBI search warrant of his home in Arkansas on Tuesday, according to published reports.
CNET’s Elinor Mills writes that the FBI found a broad selection of narcotics at the home of a man tied to “Goatse Security,” the group that recently claimed responsibility for extracting contact information on more than 114,000 iPad customers from AT&T’s Web site.
From the CNET story:
Andrew Auernheimer, 24, was being held in Washington County Detention Center in Fayetteville, Ark., according to Lt. Anthony Foster of the Washington County Sheriff’s office in that state. The drugs were found during the execution of the warrant, said Lt. Mike Perryman, of the Fayetteville Police Department. However, Perryman could not say what prompted the warrant.
Auernheimer, who goes by the name “Escher” and the hacker handle “Weev,” faces four felony charges of possession of a controlled substance and one misdemeanor possession charge, Foster said. The drugs included cocaine, ecstasy, LSD, and schedule 2 and 3 pharmaceuticals, he said.
Auernheimer is quite a colorful character. I met him in 2006 at the Toorcon security conference in San Diego, where he and Mischa Spiegelmock – an employee for blogging service LiveJournal – were delivering a talk on what they claimed was an unpatched security flaw in Mozilla’s Firefox browser that hackers were supposedly attacking to compromise Web surfers. At the time, Auernheimer introduced himself as Andrew “Weev” Wbeelsoi.
That presentation — which called on security researchers everywhere to stop publicizing and fixing software security vulnerabilities — was at times hilarious and bizarre. Weev started out by informing the audience that he was delivering his speech while tripping on acid. When I followed up with Weev after that talk to get more details on their claims, it was fairly plain that he wasn’t kidding about the acid trip. However, the two hackers would later admit to me that they didn’t really have the zero day exploits that they claimed, and that they were just trying to have a little fun with the security industry.
Apparently, the lesson to be learned from this story and the infamous iPhone 4 prototype leak is that if you embarrass Apple in any way (even indirectly via AT&T) somebody’s going to be knocking on or knocking down your front door with a search warrant in hand.
So, before you decide get up in Apple’s grill, it’s probably a good idea to cleanse your home of anything that could be even remotely construed as illegal.
Jobs of course insists (D8 w/ Walt Mossberg) that he was not involved in the Gizmodo bust, that he and his people had nothing to do with it, that it was the Gizmodo’s roommate who rang the heat. I’m not saying you should believe it, I’m not sure I would, but that’s his version of events.
I’m far from an Apple fan, mostly because of the way they try to push iTunes with Quicktime and nag to update for another chance at iTunes. However, they can trash tampering thugs in short order.
I know this keeps getting lost in the noise, but this is AT&T’s security hole, not Apple’s. AT&T called the feds, not Apple.
there is a difference.
Exactly! Great point.
Goatse targeted a logic flaw in AT&T’s application. Apple had no say in it’s development, aside from maybe a classic vendor relationship, where they expressed what they wished for in a customer experience.
However, AT&T’s own CIO told the WSJ that if they could do it over they would. Also, it seems to slip away that Goatse never really hunted down the broken application, one of their own was an iPad user who noticed it.
-Steve
While it was AT&T’s security breach, do you really think Apple had NO say in any of this? It can be guaranteed that Jobs was on the phone ripping them to shreds and demanding action!
Apple is the new Microsoft! 😉
With less unstability in it’s OS, I’d say.
Hm, perhaps you are right Brian. Everything does turn into an Apple vs. MS flamewar.
So is the Weev pictured in this story the same Weev from 4chan pictured in this story?
http://www.nytimes.com/2008/08/03/magazine/03trolls-t.html
You’ve got to be right Russ; it is him! :^0
‘It can be guaranteed that Jobs was on the phone ripping them to shreds and demanding action!’
I’d say it’s likely.
Any proof AT&T called? But it doesn’t really matter: AT&T are guilty of criminal negligence. I don’t think it’s enough to raise class actions against these nincompoops; I think their actions should be prosecuted and they themselves would be able to insure themselves against employee abuses to cover such prosecution.
But this is other people’s information. The public understand there have to be rules about taking care of other people’s money but they’re not quite there yet on information. Meaning it will take the politicians even longer. But those holding your information have to be held accountable in written law. That’s your protection. You want to sue them in a civil court too? Fine. But start with criminal charges. You have a right.
The behaviour of AT&T in such case is so typical of what’s always gone down in hacker stories. It’s unconscionable, it’s dishonest, and it’s wrong. The next step is usually that the company (AT&T) will build up a ‘fairy tale’ about how much the breach cost them.
No link to “Goatse“? Perhaps someone from /b/ will drop by and add one for you.
Hi, I’m very interested in Linux but Im a Super Newbie and I’m having trouble deciding on the right distribution for me (Havent you heard this a million times?) anyway here is my problem, I need a distribution that can switch between reading and writing in English and Japanese (Japanese Language Support) with out restarting the operating system.
Most of the “kids” I worked with during the 90’s tech boom went on to solid and respectable tech work. A few of the colorful character’s couldn’t be saved though I will admit that.
OMG. SMH. WTF.
1. What’s a hacker doing living in Arkansas to begin with? Is he on drugs?
2. They had no right busting this bloke. They had no right entering his house.
That’s some seriously in-depth security research Brian Krebs. Took you what, 30 seconds with google? Thanks for the going the extra mile to tell us so much we don’t already know.
Andrew Auernheimer is an idiot. Barnum was correct – a sucker is born every minute. People who rush to new technology without waiting for the snafus to be ironed out expose themselves to risks like this. Rather than blaming AT&T, blame yourselves. The ones starting now no longer have this risk. If you wait even longer then some of the other risks that have not been discovered yet will also be gone.
Apparently, the lesson to be learned from this story and the infamous iPhone 4 prototype leak is that if you embarrass Apple in any way (even indirectly via AT&T) somebody’s going to be knocking on or knocking down your front door with a search warrant in hand.