FBI investigates AT&T Security Glitch

by Anya Jennings on June 29, 2010

The FBI is investigating a security glitch that allowed Goatse Security to obtain at least 114,000 private email addresses of Apple iPad users. According to FBI spokesman Jack Pack, “The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat”.

The intrusions occurred when a group calling themselves Goatse Security  was able to obtain the email addresses of people like New York Times CEO Janet Robinson, Diane Sawyer of ABC, big time Hollywood producer and director Harvey Weinstein, White House chief of staff Rahm Emamuel and New York City Mayor Michael Bloomberg, by exploiting an AT&T security hole.

Goatse claims it identified the potential AT&T security hole to alert iPad users that their email addresses could be easily obtained by hackers. On their blog site Goatse Security states:

This disclosure needed to be made. iPad 3G users had the right to know that their email addresses were potentially public knowledge so they could take steps to mitigate the issue (like changing their email address). This was done in service of the American public. … If you’re potentially on a list of exploit targets because someone has an iPad Safari vulnerability and they scraped you in a gigantic list of emails it is best that you are informed of that sooner than later (after you’ve been successfully exploited). We did this to help you.

In an effort to protect the customer data that it retrieved Goatse says that the:

…… Security analyst responsible for the discovery personally verified this hole was closed Tuesday and no longer a threat to the public before we went to Ryan Tate at Gawker with the dataset and attack details. Ryan Tate was the only one to receive our dataset, and what results from it he published were redacted to prevent the compromise of those involved.

Gawker Media LLC broke the story of the security breech and has reported that the FBI has requested that they retain all documents related to it.

In their original report  Ryan Tate reported with respect to the  Goatse data , that Gawker was unable to ascertain “… whose hands the exploit fell into and what those people did with the names they obtained. “

Actually Gawker seems to imply that the 114,000 email address obtained by Goatse may be just the tip of the iceberg.

According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it’s possible that confidential information about every iPad 3G owner in the U.S. has been exposed.  Gawker

AT&T apparently corrected the glitch after learning about it from a “business customer.”  However this Gawker statement concerning the possible scope of the AT&T breech is probably the reason the FBI has opened an investigation. Which means that despite the fix AT&T might not be off the hook. Michael Gartenberg, a partner at Altimeter Group believes:

This is an AT&T problem. It’s not an Apple problem; it becomes an Apple problem because there are iPads involved, and as soon as an Apple product is peripherally involved that makes the story 100 times more sensational…. But it really is an AT&T issue.

And, Praetorian Security Group maintains that it was in fact AT&T‘s poorly designed software that enabled Goatse to capture those 114,000 emails.

Well, another day, another week, another month, another major technology company with security issues.  How much of an impact has this security breach had on sales? Has it impacted your buying decisions?

Leave a Comment

Leave a Comment

Modis