Buster

Man Accused Of "Brute Force" iPad Hack Freed From Federal Custody

After nearly six weeks in custody, one of two men accused of stealing the personal details of more than 100,000 iPad owners was freed today on bail.

Andrew Auernheimer, 25, was released on $50,000 bail following a hearing in U.S. District Court in Newark, New Jersey. Auernheimer, pictured at right in a United States Marshals Service (USMS) mug shot, has been in federal custody since FBI agents arrested him in Arkansas on January 18.

Auernheimer and codefendant Daniel Spitler, 26, were named last month in a criminal complaint charging them with a “brute force” attack on AT&T that yielded confidential data on users of the popular Apple tablet.

Spitler, seen in this USMS booking photo, was released on $50,000 bond days after his arrest.

In a January 18 financial affidavit, Auernheimer reported that he has been unemployed since November 2008, and claimed to have only made $200 during the previous year. A father of two minor children who live overseas, Auernheimer’s residence appears fluid. He “lives w/friends, motels,” according to the affidavit.

Comments (1)

Ha, I remember this! Calling it a brute force attack is ludicrous! AT&T was completely negligent in their security implementation. The information was freely available to anyone with half a clue about how web pages work. The data was not properly encrypted nor protected. There were gaping huge holes in AT&T's security on the site used to activate iPhone/iPad accounts. Basically, entering iPad serial number sequences into a web page query resulted in the customer data being fed back. The two hackers wrote a simple script to automate increasing the serial number sequentially and dumped all the user account information. They didn't break in, AT&T handed them the data. So we waste a ton of federal money on the FBI investigation, etc. I say fine this guy and his accomplice and release them. Then charge AT&T with corporate negligence! Have a class action suit filed on behalf of all the customers impacted. The Anonymous attack on HGGary Federal was much more entertaining but again HGGary was negligent in their security! You can't call it breaking and entering when you've got the barn door wide open and a sign out front saying come on in! A supposed expert security firm doing contract work for the federal government with some extremely advanced forensics and counter espionage managed to not practice what they preached. They had a simple SQL injection security hole on a content management server and they used the same passwords on several different systems. Once Anonymous made it past the first barricade they were able to reuse the same passwords for other systems. This is extremely poor practice for security experts. The public embarrassment will likely shutdown HGGary Federal.