Two men were arrested on Tuesday and are facing charges of fraud and conspiracy to access a computer without authorization, following an investigation that started with last year’s much publicized harvesting of e-mails and AT&T authentication IDs of 114,000 early-adopters of Apple’s iPad.
According to the NYT, Daniel Spitler of San Francisco and Andrew Auernheimer of Fayetteville – members of a group calling itself Goatse Security that has a history of warning about security vulnerabilities – are the only ones who will be prosecuted for the breach, even though the group counts some ten members altogether.
The likely reason for this decision on the part of the district attorney is that the prosecution possesses a transcript of chat logs between Spitler and Auernheimer, in which they discuss the way they accessed the information and muse on how to use it.
And even though there is no proof or indication that they intended to sell the information, they shared the script they used to take advantage of the vulnerability in the AT&T site with people outside their group – making it likely that other accounts beside the 114,000 confirmed by Goatse have been compromised.
If found guilty, both Spitler and Auernheimer are looking at five years in prison and a $250,000 fine – for each of the two charges. Both man are likely to plead not guilty to the charges, as they and the rest of the group maintain they compromised the site only to point out at the poor security on the AT&T site.
“AT&T needs to be held accountable for their insecure infrastructure as a public utility and we must defend the rights of consumers over the rights of shareholders,” wrote Auernheimer in an open letter to Assistant U.S. Attorney Lee Vartan back in November.