Site of AT&T-iPad hackers is hacked

The Goatse Security site has been compromised by an unidentified individual who claimed he did it to "give them a taste of their own medicine."

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
3 min read

The Web site of the hacker group whose members were charged with computer crimes after they exposed a hole in AT&T's site for iPad customers last year was hacked today.

For at least a few hours an obscenity-laden message on the Goatse Security site said: "I have taken the liberty of exposing your gaping hole...As you are a group of self-aggrandizing [profanity redacted], I have also contacted the media to ensure that this incident gets the coverage it deserves.

"In cracking this site, I have sent specially crafted requests to the server with my browser ID spoofed to that of an iPad. Please know that while this was not instrumental in this wondrous crack, it _WAS_ poetic in many ways. I also gave Goatsec the same warning that they gave AT&T... none at all, to patch their gaping hole. User Accounts have been deleted, and passwords changed," the note said.

The message gave "props" to the FBI and some hackers and made disparaging references to AT&T and Apple, among others.

Earlier, CNET was contacted by someone claiming credit for the hack who declined to identify himself, saying only that he is an individual security professional at #Sigdie on the EFnet Internet Relay Chat. Asked why the site was hacked, the source said, "I felt it was appropriate to give them a taste of their own medicine. I felt some negative publicity would hopefully cool things down and force them to rethink their behavior."

Asked for comment, Goatse Security spokesman Leon Kaiser confirmed the hack. "It appears that someone has found the root password to the Goatse Security blog. Ironically, in doing so, the person in question has broken more laws than 'Weev' or 'JacksonBrown' are accused of breaking."

The site was back to normal around 6:30 p.m. PT, Kaiser said.

The source claiming credit for the hack declined to provide specifics on how it was done beyond saying "the site was not secure." Asked to comment on the allegation from Kaiser, he said "no laws were broken."

The group made headlines last June when they disclosed a vulnerability in the AT&T Web site and released e-mail addresses and iPad serial numbers for about 120,000 AT&T 3G wireless accounts to Gawker Media. At the time, Andrew Auernheimer, also known as "Weev," told CNET that actions were done to protect affected users.

However, AT&T and law enforcement had a different take and charged Auernheimer and Daniel Spitler, whose handle is "JacksonBrown," last week with one count each of conspiracy to access a computer without authorization and one count of fraud in connection with personal information.

Asked to comment on speculation that the group organizers perpetrated the hack to gain publicity, Kaiser denied that, saying in an e-mail on Thursday: "Someone used the admin password to gain access to the blog. Goatse Security was not informed about this beforehand, nor did we nor do we sanction it." The group also released this statement.

Updated January 27 at 11:21 a.m. PT with group denying responsibility for hack and January 26 at 7:46 p.m. PT with site back under control and 5:38 p.m. PT with source claiming credit for the hack and more message details.