Feds still questioning AT&T iPad site hackers

Hacker group members have gone before grand jury that's probing allegations they broke law by revealing site flaw and exposing e-mails for iPad users.

Elinor Mills
Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
2 min read

Several members of a hacker group responsible for exposing a hole on an AT&T Web site for iPad customers have been questioned by a federal grand jury about the incident, the group confirmed to CNET on Friday.

"No warrants or indictments yet. Two Goatse analysts, 'Sloth' and 'Rucas,' went before a grand jury on the 11th," Andrew Auernheimer, a key member of the hacker group that calls itself Goatse, wrote in an e-mail response to questions. "This makes well over a month of grand jury proceedings."

Auernheimer and another member of the group declined to give the real names of the hackers who were questioned or to provide additional information.

Bryan Travers, a spokesman in the FBI's office in Newark, N.J., which is leading the investigation, said he could not confirm or deny the information because he can not comment on an active case. The reluctance of law enforcement to discuss the investigation makes it difficult to independently verify information from the hacker group.

Auernheimer, whose hacker handle is "weev," was arrested in June after FBI agents searching his Fayetteville, Ark., home for evidence related to the AT&T case allegedly found drugs. Auernheimer did not show up for a hearing on the drug charges and was arrested on July 21 for failing to appear at the arraignment, said John Threet, a prosecutor in Washington County, Ark. An arraignment date on all of the charges is set for August 23, he said.

The group had gone public about a week earlier with a flaw in the AT&T site that exposed the e-mail addresses of about 114,000 iPad users and the serial numbers of the SIM (Subscriber Identity Module) cards in the devices. This put iPad users at increased risk of phishing attacks, as well as other potential attacks targeting the device specifically, security experts said.

The U.S. Department of Justice acknowledged that it and the FBI were conducting a criminal investigation into the AT&T case in a letter addressed to Auernheimer that he posted to the Internet in July.

"As you also know, you are a target of that investigation," states the letter from U.S. Attorney Lee Vartan. "In the event that I do not hear from either you or an attorney acting on your behalf by June 30, I shall conclude that you do not wish to discuss this matter with my Office. Consequently, I will present evidence to a federal grand jury, which may result in you being named as a defendant in an indictment."

In the e-mail to CNET, Auernheimer insisted that the group had done nothing illegal.

"AT&T published private information for the world to see, essentially sticking their private diary on a shelf of the public library. The true extent of how responsible our disclosure was will come out in the trial if there is one."