Goatse Security hacker pleads guilty to coding AT&T iPad user breach

A California man has pleaded guilty to writing code that used a security flaw in AT&T's iPad interface to exposed thousands of high-profile user's personal information.

Daniel Spitler, 26, of San Francisco pleaded guilty to one count of conspiracy to gain unauthorised access to computers connected to the internet and one count of identity theft. He admitted helping to write the code that enabled the theft of data from AT&T, and then helping publish it online.

Spitler and his accused accomplice Andrew 'Escher' Auernheimer, AKA weev, are charged with writing a script which exploited a weakness in AT&T's handling of iPad user identification. Each 3G iPad received a unique Integrated Circuit Card Identifier (ICC-ID) number that could be matched to an email address and the code Spitler admits writing harvested this data.

The team, named after an unsavoury internet meme, than passed the data to internet gossip site Gawker.com, and revealed the email addresses of White House chief of staff Rahm Emanuel, the head of the US B1 strategic bomber group and numerous executives at Apple, Google, Microsoft and Amazon. They were arrested shortly afterwards.

"The magnitude of this crime affected everyone from high ranking members of the White House staff to the average American citizen," said Michael Ward, special agent of the FBI's Newark division.

"It's important to note that it wasn't just the hacking itself that was criminal, but what could potentially occur utilising the pilfered information. Because of the popularity and widespread use of the new and emerging technology of the iPad and devices like it, it was absolutely critical that emerging threats to it were addressed promptly and aggressively."

Spitler's alleged accomplice Auernheimer is still defending his innocence, and broke a gagging order to insist that the team were being persecuted by Apple, although the flaw used came from AT&T's software.

Spitler faces a maximum of five years in prison and a $250,000 (£156,000) fine and is due to be sentenced on 28 September.

"Computer hackers are exacting an increasing toll on our society, damaging individuals and organisations to gain notoriety for themselves," said US attorney Paul Fishman.

"Hacks have serious implications – from the personal devastation of a stolen identity to danger to our national security. In the wake of other recent hacking attacks by loose-knit organisations like Anonymous and LulzSec, Daniel Spitler's guilty plea is a timely reminder of the consequences of treating criminal activity as a competitive sport."