Goatse Security trolls were after "max lols" in AT&T iPad hack

On Tuesday the FBI arrested and charged two men in their mid-20s for their involvement in last year's attack on AT&T servers that mined over 100,000 e-mail addresses from iPad 3G owners. Andrew "weev" Auernheimer and Daniel "JacksonBrown" Spitler were taken into custody and charged in federal court with one count each of fraud and conspiracy to access a computer without authorization.

The criminal complaint filed in US District Court in the District of New Jersey has been released, which includes excerpts of some 150 pages of IRC chat logs between Auernheimer, Spitler, and other members of a self-professed "troll" group known as Goatse Security. Those chat logs, turned over to the FBI by an unnamed confidential source, reveal that the group (Auernheimer in particular) wanted to "embarrass" AT&T publicly over the security flaw they discovered and make the stock price go down in order to troll the company. Auernheimer also attempted to spin the story in the press and attempt to paint Goatse Security as a legitimate data security company, and later attempted to destroy evidence after it was announced that the FBI planned to investigate the matter.

According to the chat logs, Spitler discovered the original vulnerability in AT&T's servers, which were configured to recognize when iPads were attempting to access them. When an iPad was detected, the device would then send the device's ICCID number from its SIM card, encoded in plain text in a URL. The server would then return the e-mail address associated with the ICCID to auto-populate a username field. Spitler realized he could spoof the user agent string, supply a potentially valid ICCID number in the correct URL, and AT&T's servers would return the matching e-mail address.