A 26-year-old San Francisco man has pleaded guilty today to one count of conspiracy to gain unauthorized access to computers connected to the Internet in addition to one count of identity theft. Each charge carries a maximum penalty of five years in prison and a $250,000 fine. Daniel Spitler, in the picture to the right, wrote a script last June called the “iPad 3G Account Slurper” and used it to collect e-mail addresses and unique iPad 3G authentication numbers, according to a statement from the U.S. Department of Justice office in Newark, New Jersey. Spitler used his script to exploit AT&T’s website to obtain a list of over 114,000 email addresses of iPad 3G users. AT&T acknowledged, fixed, and apologized for the breach shortly after the incident became mainstream.
Looking for media attention in all likelihood, Spitler and his web security group Goatse Security (how ironic) subsequently forwarded this information to Gizmodo’s parent company, Gawker, who exposed some of the breached email addresses in a censored format. Many government officials and other prominent figures had their email addresses exposed, including New York City Mayor Michael Bloomberg. The chat log below, obtained by the U.S. Department of Justice, revealed Spitler’s conversation with co-defendant Andrew Auernheimer about what to do with their newly acquired data. Auernheimer is currently facing the same charges as Spitler, but has yet to plead guilty and is currently released on bail.