I don't ask you how to Google. I ask you to substantiate your claims that the article is biased and the truth is different from what is described there. If you are convinced this is the case, it must be easy for you to provide some evidence. Of course, you may consider this trolling and refuse to continue the discussion. The readers would then left to judge if your bare unsubstantiated claims are proof enough. I was assuming you wrote that comment in order to try to convince the readers in the truth of your claims. However maybe I was wrong.
The article's bias is pretty evident where it referred to them as "trolls". The only "evidence" I have that there is more to the story than what this article said is just what I read in other articles. Sadly, I did not bookmark any of them so I can't easily return to them to provide links to you. I'd have to Google for them. So if you would like to read more than just this one account, you would need to Google as well. But if you want to base your opinion on only what you read in this one article AND what some random guy on the Internet (me) gives you, then I won't judge you for that. Carry on.
I think the fact that he was a known troll is just a fact. He himself called himself a troll, one quote: "Trolling can frequently have large economic repercussions as, as I learned when I trolled Amazon.". This is not an evidence of bias. Of course, being a troll does not mean being a criminal, but the fact that Auernheimer was a troll is well established and confirmed even by himself.
The problem with Googling is that you know what to Google for to provide evidence. I have no idea what evidence you have, so how I can Google for evidence that only you know what it is?
You don't Google the evidence. You Google the guy. You have his real name. You have his online name. You have the name of his security firm. Those things alone will provide days worth of reading material. Read some. What I read described his actions a little more. And talked more about the vague language in a 30 year old law. And talked about how the Feds used a very self-serving interpretation of that language.
I know all this. I've read his backstory, and his current story, and the court materials, and other materials, and remain convinced that he created a tool to circumvent AT&T access controls and downloaded private information, he violated every standard of responsible disclosure (actually, he didn't disclose it to AT&T at all, he went straight to the press, after doing much more than is necessary for vulnerability demonstration), that he fully knew this is not necessary for demonstrating the vulnerability and that he did it for reasons of personal enjoyment and popularity, if not monetary gain.
What I did not find is any evidence that shows the decision was wrong or biased, and so for the article. Since you were repeatedly unable to point to any evidence yourself, I conclude your statement about it was baseless and rooted in personal emotions, not facts. You are still welcome to provide contradicting evidence.
My bias comment about the original article was mostly from them calling the guys "trolls" along with some other things that seemed to have a certain tone. But after rereading it, most of the article is indirectly attributed to "Prosecutors" and "the government" so I will concede that the article may not be "biased" per se. But I maintain that there is more to the story than they reported. And since you are determined to make me Google this all again and point you to specific articles & "evidence" here goes...
Goatse Security obtained its data through a script on AT&T's website, accessible to anyone on the internet. When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address...
AT&T said: ...wrote software code to randomly generate numbers that mimicked serial numbers of the AT&T SIM card for iPad – called the integrated circuit card identification (ICC-ID) – and repeatedly queried an AT&T web address.
The exploit was a simple script: a hacker could throw an ICC-ID at AT&T's servers, and they would return its registered email address. ICC-ID are easily guessable,...
federal agent Christian Schorle does his best to dig up evidence that Auernheimer is less of an advocate for security and more of a full-fledged Internet miscreant.
All of these things help shape my opinion on the matter:
1) I don't believe the data harvested is that significant. Having a list of email address these days is practically worthless and pretty easy to get. Having an email address matched to an iPad ID number might be a little more useful to someone, but I fail to see how beyond some better targeted SPAM. I was not able to find any articles about that leaked info being to blame for any other iPad/AT&T breaches but I didn't look very hard.
2) I don't believe that any security systems were circumvented to obtain the data. It seems to me that a wget or cURL call on a loop would have done 75% of the work. Calling this a "hack" is kind of an insult to people who actually do hack into secure systems. It is barely even "brute force", if at all. I would put this in the "automated scraping" bucket.
3) I don't believe he committed a crime here. Sure, the guys seems like a bit of a crusty wild man and possibly a bit of a douche. But thanks be to the Earth & Stars that neither of those things are felonies. Unfortunately, it seems they had already determined this guy was bad. And when you start a search with your mind already made up about the results, you are almost always going to end up at that result... no matter if it is wrong or right.
1. Your belief about significance of the data is immaterial - these emails were private and were not intended for disclosure. The fact that you think they're not that interesting does not matter - I may think the content of your private email account is nothing of interest and will give nobody any useful information - that still doesn't give me the right to access it.
2. As I noted elsewhere, here the word "hack" is not used in a sense of "cleverly use the technology" but in the sense "used computers to access information he was not authorized to access". Unfortunately, the battle for the former meaning agains the latter is long lost, and the press is using this word in the latter meaning for years now.
The fact that he had to write the script which uses special algorithm based on geographic distribution of IDs means the information was not public and he had to commit some work and apply his own ingenuity to access it.
3. Unauthorized access of private information is a crime. I'd rather it stay so - otherwise I'd have to rely on a good will of people like Auernheimer to keep my private information private. I think the consequences of this would be very grim. The problem is not that this guy was an ass - he was an ass long before that, and still was free to commit his jackassery. Until he crossed the line between being jackass and committing a crime. I agree that it is not the most heinous crime committed in the US ever - it is probably a small crime, like petty theft or trespass - but it still is. I hope he will be punished in accordance with the severity of the crime - not too hard, not too lightly.
> I agree that it is not the most heinous crime committed in the US ever - it is probably a small crime, like petty theft or trespass - but it still is. I hope he will be punished in accordance with the severity of the crime - not too hard, not too lightly.
But he was convicted of a felony. There is no "lightly" on a felony... only varying degrees "You're F'ed!" Fines will be high. Even if probation/community service is used rather than prison (yes, PRISON... not jail), the punishment lasts for a lifetime for a felon. Many, many, many forms have a special check box for felons.
