Internet trolls


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Prior to mid-June 2010, AT&T automatically linked an iPad 3G user’s e-mail address to the ICC-ID, a number unique to the user’s iPad, when heregistered.The email address was automatially populated providing the user with speedier and more-friendly access to the websiteWhen the hackers discovered this, they developed a script called “ipad 3g acct slurper” which they would deploy against AT&T servers
  • Lord of the rings and kill bill andsin city
  • After disclosing the hacked information to Gawker, the two did little to hide their identity.
  • According to the court papers filed by the FBI, a confidential informant helped federal authorities make their case against the two defendants by providing them with 150 pages of chat logs from an IRC channel
  • Both are being tried in Newark, New Jersey around March
  • Internet trolls

    2. 2. Hackers Andrew Auernheimer  25 years old  Fayetteville, Arkansas Daniel Spitler  26 years old  San Francisco, California Members of Goatse Security  Loose association of Internet hackers and self- professed Internet trolls – people who “intentionally, and without authorization, disrupt services and content on the Internet”
    3. 3. Background Information Crime  Hacked into AT&T’s Servers (June 2010) iPad 3G  Prior to mid-June 2010, AT&T linked the user’s email address to the Integrated Circuit Identifier  Every time a user accessed AT&T website, ICC-ID was automatically displayed in the URL in plain text and email address was populated for speedier and more user-friendly access to the website  Hackers develop a PHP script “iPad 3G Account Slurper”
    4. 4. iPad 3G Account Slurper Purpose: Get as many ICC-ID/Email combinations as possible 1. Mimicked the behavior of an iPad 3G so that the AT&T servers would be fooled into giving it access 2. Launched brute force attack to randomly guess ranges of ICC-IDs  If guessed correct, the server would return an email address for a specific, identifiable iPad 3G user Combinations were provided to the website Gawker ( which published the stolen information in redacted form along with an article concerning the breach
    5. 5. Stolen Emails June 5, 2010 through June 9, 2010  Approx. 120,000 ICC-ID/email combinations stolen Famous emails compromised  Diane Sawyer – ABC News Anchor  Janet Robinson - New York Times Co. CEO  Harvey Weinstein – Movie Producer  Michael Bloomberg – NYC Mayor  Rahm Emanuel – ex-White House Chief of Staff (2010)
    6. 6. Crime Discovery Public service by finding a flaw in AT&T security system Auernheimer brags on his LiveJournal blog (June 9 )  “Oh hey, my security consulting group just found a privacy breach at AT&T… ”  Link to Gawker article Online interview with CNET (June 10)  Admits that one of the group members discovered the flaw via AT&T security maintenance app and when they realized they can get other data from it, they created a script to do a brute force attack. Email sent to the US Attorney’s Office in NJ (November 17)  “AT&T needs to be held accountable for their insecure infrastructure as a public utility and we must defend the rights of consumers, over the rights of shareholders…I advise you to discuss this matter with your family, your friends, victims of crimes you have prosecuted, and your teachers for they are the people who would have been harmed had AT&T been allowed to silently bury their negligent endangerment of United States infrastructure.”
    7. 7. Chat Messages Confidential informant provides 150 pages of chat logs from an IRC channel  How the breach would be conducted to damage AT&T  Promoted themselves and Goatse Security  Possibility of selling email addresses to spammers  Possible legal issues  How to destroy evidence of their crime
    8. 8. Penalty Arrested in January 2011 by FBI  Being tried in Newark, NJ around March Charges  One count of conspiracy to access a computer without authorization  One count of fraud in connection with personal information Possible Sentence:  Maximum of 5 years in prison for each count  Fine of $250,000