AT&T iPad data leak: Hack or hype?

FBI looks into the case, amid questions of whether a crime was committed

The FBI has launched an investigation into the possible hack of AT&T’s Web site, in which hackers took the e-mail addresses of more than 100,000 Apple iPad users, including some in U.S. military and civilian agencies.

The question appears to be who, if anyone, should be targeted in the investigation.

"The FBI is aware of these possible computer intrusions and has opened an investigation," FBI spokeswoman Katherine Schweit told the Wall Street Journal, but she declined to comment on the focus of the investigation.

A group of hackers exploited a flaw in AT&T’s Web site and, with an automated script, collected the e-mail addresses of about 114,000 users of the 3G iPad, including notable people in industry, media and politics, along with some in the military and other government agencies. The list included New York City Mayor Michael Bloomberg, Diane Sawyer of ABC News, film producer Harvey Weinstein and White House Chief of Staff Rahm Emanuel, according to Gawker, which first reported the breach.

E-mail addresses of users at the Army, the Defense Advanced Research Projects Agency, the Federal Aviation Administration, the Federal Communications Commission, the Justice Department and NASA also were collected.

Security experts have said the incident is unlikely to result in damage to the iPad users because the only thing exposed were e-mail addresses, along with the users’ ICC identification numbers, which authenticate them on AT&T’s network. That could result in increased spam or phishing attacks, but in many cases, the e-mail addresses of high-profile people and government employees are publicly available already.

One of the hackers who took the addresses told CNET that the group released the e-mail addresses to a Gawker reporter only after AT&T had been informed and had closed the weakness in its Web site – and after the reporter agreed not to show the full e-mail addresses and ICC IDs. They were partially blacked out in images shown on the Gawker site.

The group also has said that incident wasn’t actually a hack or intrusion, because the information was available to anyone, gained from a public Web site without the use of a password.

Meanwhile, AT&T has apologized for the incident, telling CNET, "We apologize that this happened. Nothing is more important to us. It's the No. 1 priority, protecting customer privacy."

Security experts have criticized AT&T for having that information accessible to anyone clever enough to retrieve it, but otherwise have downplayed the impact of the incident, suggesting it is getting attention mostly because of the iPad’s popularity, Apple’s reportedly strained relationship with AT&T -- its exclusive provider for the iPhone and iPad -- and the notoriety of the people on the e-mail list.

"I would guess that this application vulnerability gained so much attention because, after all, it is Apple we are talking about," George Kurtz, chief technology officer for McAfee, wrote in a blog post. “However, the reality is this type of vulnerability isn't really news and happens all day long."

Bloomberg, one of the victims, also dismissed the incident. "It shouldn't be pretty hard to figure out my e-mail address," he said in a report by MSNBC, "and if you send me an e-mail and I don't want to read it, I don't open it. To me it wasn't that big of a deal."

The FBI has said only that its investigation is in the early stages. But if investigators find the the information gained from the site was not used for fraudulent purposes, security experts said, it is unlikely that any charges would be filed.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.