AT&T iPad data leak: Hack or hype?

FBI looks into the case, amid questions of whether a crime was committed

The FBI has launched an investigation into the possible hack of AT&T’s Web site, in which hackers took the e-mail addresses of more than 100,000 Apple iPad users, including some in U.S. military and civilian agencies.

The question appears to be who, if anyone, should be targeted in the investigation.

"The FBI is aware of these possible computer intrusions and has opened an investigation," FBI spokeswoman Katherine Schweit told the Wall Street Journal, but she declined to comment on the focus of the investigation.

A group of hackers exploited a flaw in AT&T’s Web site and, with an automated script, collected the e-mail addresses of about 114,000 users of the 3G iPad, including notable people in industry, media and politics, along with some in the military and other government agencies. The list included New York City Mayor Michael Bloomberg, Diane Sawyer of ABC News, film producer Harvey Weinstein and White House Chief of Staff Rahm Emanuel, according to Gawker, which first reported the breach.

E-mail addresses of users at the Army, the Defense Advanced Research Projects Agency, the Federal Aviation Administration, the Federal Communications Commission, the Justice Department and NASA also were collected.

Security experts have said the incident is unlikely to result in damage to the iPad users because the only thing exposed were e-mail addresses, along with the users’ ICC identification numbers, which authenticate them on AT&T’s network. That could result in increased spam or phishing attacks, but in many cases, the e-mail addresses of high-profile people and government employees are publicly available already.

One of the hackers who took the addresses told CNET that the group released the e-mail addresses to a Gawker reporter only after AT&T had been informed and had closed the weakness in its Web site – and after the reporter agreed not to show the full e-mail addresses and ICC IDs. They were partially blacked out in images shown on the Gawker site.

The group also has said that incident wasn’t actually a hack or intrusion, because the information was available to anyone, gained from a public Web site without the use of a password.

Meanwhile, AT&T has apologized for the incident, telling CNET, "We apologize that this happened. Nothing is more important to us. It's the No. 1 priority, protecting customer privacy."

Security experts have criticized AT&T for having that information accessible to anyone clever enough to retrieve it, but otherwise have downplayed the impact of the incident, suggesting it is getting attention mostly because of the iPad’s popularity, Apple’s reportedly strained relationship with AT&T -- its exclusive provider for the iPhone and iPad -- and the notoriety of the people on the e-mail list.

"I would guess that this application vulnerability gained so much attention because, after all, it is Apple we are talking about," George Kurtz, chief technology officer for McAfee, wrote in a blog post. “However, the reality is this type of vulnerability isn't really news and happens all day long."

Bloomberg, one of the victims, also dismissed the incident. "It shouldn't be pretty hard to figure out my e-mail address," he said in a report by MSNBC, "and if you send me an e-mail and I don't want to read it, I don't open it. To me it wasn't that big of a deal."

The FBI has said only that its investigation is in the early stages. But if investigators find the the information gained from the site was not used for fraudulent purposes, security experts said, it is unlikely that any charges would be filed.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.