Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
AT&T Security The Courts Your Rights Online

41 Months In Prison For Man Who Leaked AT&T iPad Email Addresses 459

In 2010, querying a public AT&T database yielded over 114,000 email address for iPad owners who were subscribed to the carrier. One of the people who found these emails, Andrew 'weev' Auernheimer, sent them to a news site to publicize AT&T's security flaw. He later ended up in court for his actions. Auernheimer was found guilty, and today he was sentenced to 41 months in prison. 'Following his release from prison, Auernheimer will be subject to three years of supervised release. Auernheimer and co-defendant Daniel Spitler were also ordered to pay $73,000 in restitution to AT&T. (Spitler pled guilty in 2011.) The pre-sentencing report prepared by prosecutors recommended four years in federal prison for Auernheimer.' A journalist watching the sentencing said, 'I felt like I was watching a witch trial as prosecutors admitted they didn't understand computers.'
This discussion has been archived. No new comments can be posted.

41 Months In Prison For Man Who Leaked AT&T iPad Email Addresses

Comments Filter:
  • Good (Score:4, Insightful)

    by kamapuaa ( 555446 ) on Monday March 18, 2013 @12:30PM (#43204821) Homepage

    Know I'll get modded down for going against Slashdot groupthink. But what is the argument suggesting? "It all happened on a computer, it shouldn't be prosecuted?" Stealing private information and releasing in publicly isn't just obviously illegal, it caused grief for 114,000 people.

    Even if AT&T has a shitty security system, that doesn't make it legal to break in. I'd love to see Slashdot do more mundane crimes. Maybe the home had a sign saying "beware of dog," but the dog was actually at the vet, so the robber was just publicizing a security flaw.

    • Re:Good (Score:5, Insightful)

      by 1729 ( 581437 ) <slashdot1729&gmail,com> on Monday March 18, 2013 @12:35PM (#43204911)

      He didn't "break in". He sent requests to a publicly-accessible web server, and AT&T sent back private information. This wasn't hacking, or even a DOS attack. AT&T is at fault here.

      • Re:Good (Score:5, Insightful)

        by Anonymous Coward on Monday March 18, 2013 @12:43PM (#43205015)

        That. It's a flaw that AT&T never would have addressed without public pressure. Further, Mr. Auernheimer did not release private info to the public -- the news agency to which he released the then already-public information is responsible for further publicizing it.

        Bottom line: it is ludicrous-speed absurd to prosecute somebody for publicizing already public information. If a newspaper accidentally prints the names and addresses of its entire subscriber base in the classifieds, and I call them to report it, can I then be held accountable for "releasing" the information?

        • He's being jailed for pointing out that the emperor wasn't wearing any clothes. Welcome to 21st Century America.
      • Re:Good (Score:4, Interesting)

        by coniferous ( 1058330 ) on Monday March 18, 2013 @12:45PM (#43205023) Homepage
        Actually, they are both at fault here.
        I don't see a huge effort by Andrew to contact AT&T and say "uh, guys, you have a huge problem here".
        It's very easy to percieve his actions in a malicious way.
        Not that AT&T didn't goof, but this was the wrong way to address it.
        • Re:Good (Score:5, Insightful)

          by 1729 ( 581437 ) <slashdot1729&gmail,com> on Monday March 18, 2013 @12:51PM (#43205101)

          Nearly everything Weev does is malicious, but the question is: is it (or should it be) illegal? He was convicted of identity fraud and "conspiracy to access a computer without authorization". Think about that: requesting unprotected publicly-accessible webpages is "access[ing]" a computer without authorization". By that standard, anyone who uses the internet could be convicted of a crime.

          • Re: (Score:3, Insightful)

            by coniferous ( 1058330 )
            Based on the context it was more then just accessing publicly available data. It's not as if he clicked on an link and went "Oh, look, a bunch oh e-mail addresses!". There was effort involved into getting to that list.

            That being said, even if he did run into a bunch of e-mail addresses by being in the wrong place at the wrong time.. e-mailing that list to someone and going "OMG LOOK AT THIS" was proof that he knew the seriousness of the list he found. It cannot be argued that he did not know what he was
            • e-mailing that list to someone and going "OMG LOOK AT THIS" was proof that he knew the seriousness of the list he found. It cannot be argued that he did not know what he was doing.

              And if a student finds a gun on school grounds and brings it to the attention of a teacher, that is proof that the student knows the seriousness of that situation. But I fail to see how that justifies throwing the book at the student.

          • Re:Good (Score:4, Funny)

            by Anonymous Coward on Monday March 18, 2013 @01:17PM (#43205451)

            1. Set up web site with TOS disallowing access for any reason.
            2. Trick lawmakers into accessing your site.
            3. ???
            4. Profit!

          • It's not a perfect situation where there's a black-and-white answer. Think about the implications if the court rules PII / contact info about those people is publicly available information. EVERY marketer everywhere would fall all over themselves to get that information and add it to their databases, maybe even package and sell it, because it would have been called "publicly available" by a court of law. Can you imagine how awful that would be? Whereas, now, there is a stigma of 'a guy got hard time for com

        • And would AT&T do anything about it? What about the next security hole? Public embarrassment does a lot more to cause the necessary heads to roll than trying to do AT&T's jobs for them. They were incompetent and irresponsible with customer data and as far as i'm concerned, handing the data to the press was the absolute right call. How else to punish and teach?
        • I don't see a huge effort by Andrew to contact AT&T and say "uh, guys, you have a huge problem here".

          Then you have never tried to contact them about... well, anything.

          Not even being snarky, just relating my own experiences; I have to deal with AT&T every day, and getting them to so much as acknowledge a problem on their end, let alone do anything to fix it, is similar to attempting to snorkle to the bottom of the Marianas Trench.

      • Re: (Score:3, Insightful)

        by jxander ( 2605655 )

        Meatspace analogy :

        If a bank didn't have a door on it's vault, or any forms of security whatsoever, would you walk in and take out all the money? Even if you proceeded directly to the local police department to report the security flaw and deliver the unguarded money, you'd find yourself in quite a bit of trouble.

        • by jd659 ( 2730387 )
          A better analogy: A bank has a web server that takes person's name and returns that person's SSN. A "hacker" sends your username and gets your SSN. He does that for several people from the phone directory. Hacker goes to prison for the BANK'S FAULT of exposing SSNs.
          • A better analogy:

            A bank has a web server that takes person's name and returns that person's SSN. A "hacker" sends your username and gets your SSN. He does that for several people from the phone directory. Hacker goes to prison for the BANK'S FAULT of exposing SSNs.

            It's only the bank's fault for breaching a specific law regarding protection of private information by certain security means (strong authentication, encryption, etc) but if the hacker did anything but flip on his computer (such as construct a program, no matter how small or simple, that specifically talks to the open app on the web server) then he too is guilty of misuse of a computer system under current law.

            Debate the efficacy of the law, punishment, etc. all you want, but this is how the current law wor

          • Even better analogy: Someone looks through the windows of your house with binoculars and copies your handwritten family phone directory off your fridge.

        • Re:Good (Score:5, Insightful)

          by 1729 ( 581437 ) <slashdot1729&gmail,com> on Monday March 18, 2013 @12:54PM (#43205135)

          Meatspace analogy :

          If a bank didn't have a door on it's vault, or any forms of security whatsoever, would you walk in and take out all the money? Even if you proceeded directly to the local police department to report the security flaw and deliver the unguarded money, you'd find yourself in quite a bit of trouble.

          Here's a better analogy: you send the bank self-addressed stamped envelopes, and they willingly send private information about their clients back to you in those envelopes.

          • Re:Good (Score:4, Insightful)

            by jeffmeden ( 135043 ) on Monday March 18, 2013 @01:32PM (#43205675) Homepage Journal

            Meatspace analogy :

            If a bank didn't have a door on it's vault, or any forms of security whatsoever, would you walk in and take out all the money? Even if you proceeded directly to the local police department to report the security flaw and deliver the unguarded money, you'd find yourself in quite a bit of trouble.

            Here's a better analogy: you send the bank self-addressed stamped envelopes, and they willingly send private information about their clients back to you in those envelopes.

            If those envelopes were in any way a misrepresentation of your legal desire to communicate with your bank (such as an incorrect identity, overstated request, etc) then you, the sender, are guilty of mail fraud. Do not pass go, do not collect $200. The legal system seems to be pretty mysterious to a large part of slashdot...

        • Not a good analogy, as AT&T didn't lose their database, just exclusivity of it (i.e. now everyone else also has it). A better meatspace analogy might be if a store employee left open a door to an office, and someone walking by took pictures of next weeks sale items (which stores typically don't want released early) and sent that info to a newspaper. The store has not lost any items, just the info about them.

      • Re:Good (Score:5, Insightful)

        by malakai ( 136531 ) on Monday March 18, 2013 @01:07PM (#43205315) Journal

        First off, the whole reason these guys got whacked by the judge is because they did the standard script-kid thing and went onto IRC and boasted about it, and talk about how they were going to take down AT&T, and make a name for their security company ( Goatse Security, obvious play on goat sex troll )

        He didn't "break in". He sent requests to a publicly-accessible web server, and AT&T sent back private information. This wasn't hacking, or even a DOS attack. AT&T is at fault here.

        By that rationale, any request on a web server via the HTTP GET or POST that could escalate privilege or divulge private data should go unpunished. You realize the number of vulnerabilities accessible via a well crafted GET URL? XSS, SQL Injection, tons of stuff. Ignore the fact HTTP is even involved here. This is no different than finding a weakness at any other level of the OSI model, the fact people can easily understand HTTP GET's doesn't make them any less serious and dangerous to an attacker.

        Honestly, this has been argued over the Ping of Death back in the day. I mean, your simply sending an ICMP packet via a ping command, it's not like your hacking.

        In the end it's about context. Exploiting a weakness is by definition hacking. Just because the hack isn't enigmatic, doesn't mean it's not a hack. Look at Jon Draper and a plastic whistle that happened to hit 2600hz easily.

        "But it's just a guy blowing a whistle into a phone, it's not hacking".

        These guys crafted a specific HTTP GET request that returned private data. The key in this request was generated by them based off a known flaw in ATT's systems (using ICC-ID as a semi private key). Then they shared that data with a news organization.

        Sure, those of us in the industry can shake our head at how stupid AT&T was, but at the same time most of us recognize the line these two guys crossed. It's one thing to send an e-mail to AT&T and copy a security mailing list with a simple example, it's another to write a program and automate the extraction of over 120k e-mails and then package the data and send it to Gawker, while boasting about it on IRC channels.

        Auernheimer likened his actions to walking down the street and writing down the physical addresses of buildings, only to be charged with identity theft.

        I could make the same argument for randomly trying passwords against accounts. "I'm just checking to see if this key happens to work in this door...."

        • by fatphil ( 181876 )
          > By that rationale, any request on a web server via the HTTP GET or POST that could escalate privilege or divulge private data should go unpunished.

          Not at all! The site leaking the information should be held responsible, and if it's clear punishment is due, they should take it like a man.

          > These guys crafted a specific HTTP GET request that returned private data.

          No craft was involved. They were handed that GET request by the server, in order for their browser to later resolve it for their own legal u
      • He didn't "break in". He sent requests to a publicly-accessible web server, and AT&T sent back private information. This wasn't hacking, or even a DOS attack. AT&T is at fault here.

        He wasn't just looking to get to his att.com home page and happened upon a list of email addresses. Getting at those addresses took some deliberate work on his part (a big part of the law is not so much about perceptions of ease/publicity, but in perceptions of *intent*). If you leave your windowshades open a little at home, and someone comes along outside and peeps inside to watch you doing [insert something from imagination here] it is the "peeper" who is committing a crime, not the "peep-ee". In this c

        • Getting at those addresses took some deliberate work on his part

          That "deliberate work" amounted to this:

          Weev: "Can I have the email address for whoever is associated with this number?"
          AT&T: "Sure, it's xxx@yyy.zzz!"

          Now that's a criminal mastermind hacker if I ever saw one!

        • by Hatta ( 162192 )

          In this case Mr. Auernheimer did intend to obtain addresses that were *only going to be exposed to someone deliberately looking for them* and therefore he is afoul of the law.

          The law prohibits unauthorized access. Not unlikely access. No authorization control means access is authorized.* The deliberate ignorance of the prosecutors and jury notwithstanding.

          *Assuming anything else breaks the entire internet irrevocably.

    • Re:Good (Score:5, Insightful)

      by MetalliQaZ ( 539913 ) on Monday March 18, 2013 @12:37PM (#43204937)

      AT&T publishes the addresses on the web, even though they aren't advertised, they are essentially free to anyone who knows where to look.

      Guy finds it, attempts to blow the whistle

      Guy is criminal, AT&T takes no liability

      Justice!

    • Re:Good (Score:5, Insightful)

      by Mullen ( 14656 ) on Monday March 18, 2013 @12:40PM (#43204977)

      As someone else pointed out, all he did was request data from a public server and AT&T sent it to him. Also, he got 41 months for forwarding 114,000 email addresses to news site, which is overkill. Had he physically broke into an AT&T office and took the email addresses from someone's desk, he would have received less prison time.

      He should have been given community service at the most, and then got an award for exposing a flaw from AT&T.

    • You're missing some things here:

      The Principle of "Full Disclosure" -- Meaning, companies often don't fix vulnerabilities in a timely fashion until the risk is exposed by making the vulnerability public. This principle has been important in the history of and current landscape of information security, and many people think its effects have been a net benefit.

      Harm -- how were these people exactly harmed by having their email addresses revealed? If someone posted my email and iPad MAC on a web site, woul

    • Know I'll get modded down for going against Slashdot groupthink. But what is the argument suggesting? "It all happened on a computer, it shouldn't be prosecuted?" Stealing private information and releasing in publicly isn't just obviously illegal, it caused grief for 114,000 people.

      He didn't release it publicly. He released it to a news site (which did the responsible thing).

      It didn't cause grief to anyone, but AT&T.

    • The crime wasn't breaking in (as this has been repeated over and over again), it was disclosure.

      Part of the problem is that the prosecutors are simply ignorant as to what they are prosecuting. So any "evidence" presented was done without understanding of what they were asserting. That's quite disturbing on its own.

      The "offense" isn't necessarily hacking, because that is not what happened (though it is 'believed' to have happened). What he did was collect the information and present it to the media to bri

    • Re:Good (Score:5, Insightful)

      by TemperedAlchemist ( 2045966 ) on Monday March 18, 2013 @01:08PM (#43205329)

      Give away emails to demonstrate a security flaw? 41 months in prison.

      Rape, molest, and humiliate a sixteen year old girl? 12 months in prison.

      Justice.

      ---

      I love you, America.

    • by Hatta ( 162192 )

      But what is the argument suggesting?

      We are suggesting that requesting an URL is not a crime.

    • Re:Good (Score:4, Interesting)

      by PRMan ( 959735 ) on Monday March 18, 2013 @01:35PM (#43205727)

      How about this analogy:

      Your doctor tells you your medical records will be posted in the front window of a white house at 123 Main St. You notice that the street is full of white houses. Just out of curiosity, you go to 125 Main St and see someone else's medical records. 121 Main St., the same thing. In fact every house on the block has a different person's medical records. You see a bunch of other people on the street, going to get their medical records from their respective houses. You joke out loud that you could make a lot of money selling everyone's medical records to some guy in the Ukraine. You tell the hospital that this is a lousy way to communicate medical records.

      You get 41 months in prison for viewing everyone's medical records (in plain view) and for your "intent" to sell them to some guy in the Ukraine.

  • I suppose the prosecutors figured out that Auernheimer managed to lay his hands on over 100,000 email addresses that iPad owners had used to register their devices. So not random email addresses, but email addresses that were in actual use, and with some rather significant personal information attached.

    So what exactly do they need to understand about computers beyond that?
    • by Jawnn ( 445279 ) on Monday March 18, 2013 @12:41PM (#43204985)
      That the defendant did not "break in". He did not circumvent any system or other contrivance designed to secure sensitive information. Those systems and contrivances simply did not exist. The worst that can be said of what he did was that he was irresponsible in sending the clearly sensitive information to someone else. The right thing to do, of course, would have been to contact AT&T. Had he done that, there wouldn't even be a case for restitution, unless maybe it was to compensate the defendant for doing the work that AT&T failed to do.
      • by Looker_Device ( 2857489 ) * on Monday March 18, 2013 @12:45PM (#43205027)

        The right thing to do, of course, would have been to contact AT&T. Had he done that, AT&T would have threatened him to keep quiet and then never fixed the flaw

        FTFY

      • I never said he did "break in". But clearly he copied 114,000 email addresses that he shouldn't have copied. As a "journalist" (that's what the article says; I doubt it) did _not_ say: "I felt like I was watching a trial with a defendant who admitted he doesn't understand the law". Or common decent behaviour. Or the fact that just because you figure out how to do something, doing it might still not be a good idea.
  • by i kan reed ( 749298 ) on Monday March 18, 2013 @12:34PM (#43204893) Homepage Journal

    The purported target, AT&T, is hardly the nicest organization, but the actually affected people were just regular people. This doesn't seem especially out of line with the USA's normal unhealthy sentencing. We want to punish, not correct, those convicted here.

    As long as that attitude remains dominant, miscarriages of justice will occur within every branch of justice(except for the super-rich).

  • In an interview Weev says he wants to run for Congress, despite regarding the government as "seditious thugs". http://www.techweekeurope.co.uk/interview/angel-or-demon-hacker-would-the-real-weev-please-stand-up-110637 [techweekeurope.co.uk]
  • by bigonese ( 1606593 ) on Monday March 18, 2013 @12:37PM (#43204953) Homepage
    Two young men in steubenville rape a young women and get 1 - 2 years in jail. A man writes a script to get email address from a website and gets 3.5 years in jail. Something's not right.
    • by Seumas ( 6865 ) on Monday March 18, 2013 @12:42PM (#43205009)

      It's simple. Society is sick.

      Their response to one is "Well, boys will be boys!".

      Their response to the other is "Oh my god, if they can webscrape publicly accessible information, the next thing these vial social outcasts will be doing is hax0ring into NORAD and launching nuclear warheads and initiating WWIII and I can't have that because I haven't finished watching Real Housewives, yet!"

      • these vial social outcasts will be doing is hax0ring into NORAD and launching nuclear warheads and initiating WWIII and I can't have that because I haven't finished watching Real Housewives, yet!"

        Would you like to play a game?

        Oh and I think you meant vile.. A vial is something you use in your chemistry lab! ;)

    • by Derekloffin ( 741455 ) on Monday March 18, 2013 @12:49PM (#43205067)
      Come on now, the combine trauma of those 100,000 people having their emails... oh never mind, I just can't say it with a straight face.
      • I'm not sure here if the damage was based on "AT&T's reputation" -- meaning, it hurts their income for people to know you don't need to hack them.

        OR

        Over 100,000 people now have their reputation's damaged for being associated by email to AT&T.

        You know that only 300,000 of AT&T's closest advertisers, spammers and script kiddies have these email addresses.

        Is the going rate 2 pennies an email to buy as an advertiser or am I being too pricey here?

    • by Nimey ( 114278 )

      The rapists are juveniles. Sentencing is different when you commit a crime before the age of majority, and rightly so.

    • by krlynch ( 158571 ) on Monday March 18, 2013 @12:57PM (#43205177) Homepage

      The Steubenville convictees are legally juveniles. Society has decided that we don't throw the book at them. Had they been adults, they would not be getting sent to a juvenile facility, and they would not be getting out in so short a time. It's hardly an apt comparison.

      • by Hatta ( 162192 )

        The Steubenville convictees are legally juveniles.

        Where as weev is simply emotionally juvenile.

    • by dkleinsc ( 563838 ) on Monday March 18, 2013 @01:06PM (#43205295) Homepage

      It's all about who the victim and the perpetrator of the crime is: In the Steubenville case, the victim is a powerless teenage girl, and the perps are a couple of somewhat powerful (at least locally, where the high school football team is a privileged class) teenage boys. In this case, the victim is AT&T (the largest campaign donor in the US), and the perp is a relatively powerless computer geek.

      This is just a subset of the more extreme differences: Rob $2000 from a bank, and if you're lucky you won't be shot by the police. Rob $2 billion from a bank, and the SEC or OCC will settle with you for $500 M (25% of your take) and no admission of wrongdoing.

      And no, that's not the way it's supposed to work, but it's the way it's actually working.

    • Two young men in steubenville rape a young women and get 1 - 2 years in jail. A man writes a script to get email address from a website and gets 3.5 years in jail. Something's not right.

      You have a point in that "computer crimes" are often subject to penalties that are far overkill because the legal system has few people, both lawyers and judges, who understand technology well. However, the rape case got the verdict it did for a variety of reasons.
      1) The young woman wasn't actually "raped" in terms of nobody put his penis inside her, but some idiot young men fingered her and photographed it.
      2) She was so drunk that she had no idea what happened. It was the photos that made this even

    • by garry_g ( 106621 )

      Two young men in steubenville rape a young women and get 1 - 2 years in jail.

      A man writes a script to get email address from a website and gets 3.5 years in jail.

      Something's not right.

      Of course ... once you mess with a big company, your deed is so much worse than anything you could do to another person ...

  • This people do not have any understanding of computers or the internet in general. I doubt it is going to change in the future. Since this type of people are generally not computer literature at all and never have been.

    I doubt they know even what an IP address is or an hard drive.

    • But they is more English literature than you are, I hope.

      Are IP addresses or hard drives relevant here? Sometimes, you don't need to understand every facet of a subject, even the the most common terms, to understand a specific case like this. All they need to understand is how a webserver works, which can be explained satisfactorily in a few minutes. Of course, it seems they neglected to take those few minutes.

    • Since this type of people are generally not *computer literature* at all and never have been.

      They probably aren't computer literate either.

  • the ATT servers were not secured. the data was figurately lying out on the street, in the old days there would be a black or brown binder holding a galloping shitload of greenbar paper, and if you flipped the binder open, it would say, "LIST OF iPHONE USERS DATA." that is thus insecure data, hence public. ATT's trash blowing across the street. the guy should not have been prosecuted, he should have been given a code for free wi-fi at McDonalds for two weeks.

    take note... data wants to be free. if it isn

    • And you don't understand how rational people work.

      A naked woman standing in the street doesn't mean you suddenly have the right to sexually assault her, or does that sound like its okay in your mind as well?

      And lets be clear. Data doesn't give a fuck, so stop that bullshit.

      And to be more clear: He took distinct actions to access data. Applying reverse engineering and some packet sniffing he SEARCHED FOR AND FOUND the data in question. It wasn't linked from any normally accessible location or anything el

  • In 2010, querying a public AT&T database yielded over 114,000 email address for iPad owners who were subscribed to the carrier.

    If the database was publicly-accessible, how is it a criminal act, as a member of said "public", to actually access it? That's like a newspaper that accidentally publishes data it considers private and prosecuting readers.

    The criminal act was negligence by AT&T. This is simply a distraction and face-saving prosecution to wash AT&T clean of culpability.

    Strat

    • If the database was publicly-accessible, how is it a criminal act, as a member of said "public", to actually access it? That's like a newspaper that accidentally publishes data it considers private and prosecuting readers.

      It wasn't publicly accessible. The information of _one_ iPad owner was accessible to that _one_ iPad owner. He figured out how to make his computer pretend to be many different iPads.

      There was some interesting discussion recently about anti-hacking laws were huge problems were caused by the fact that the law makes "exceeding authorized access" a crime, which can then be used to apply in all kinds of situations that actually don't have to do anything with hacking. This one is the opposite: The guy didn't

  • whistle blowing?

    if he would have called AT&T and told them he found this, they would have accused him of hacking, he leaks it to a journalist and gets jail? did the journalist turn him in?

    • by Endo13 ( 1000782 )

      He probably admitted to it himself, completely underestimating the sheer stupidity our justice system is capable of.

  • Many conflicting articles have been released concerning when the flaw was disclosed to whom. IANAL, but I *think* this may have been the crux of the prosecution's case. If the flaw was disclosed to others before AT&T or perhaps the people whose emails were discovered = crime. If not = no crime.

    I am not advocating this position as correct. Just trying to present an opinion.

    One of the better articles on the subject of disclosure, still leaves many murky grey area problems for any professional security

  • Applicants could peek ahead at the status of their admissions by adding a few numbers to their URLs on the site. Harvard rejected all of the people who tried the hack. And told other ivy b-schools about them too who also rejected them.
  • by tekrat ( 242117 ) on Monday March 18, 2013 @01:14PM (#43205403) Homepage Journal

    They would only be fined 1 days worth of profits...
    Corporations are people too? Bullshit. Corporations are treated better than people, under the law. I seriously suggest that every individual incorporate themselves and, when accused of any wrongdoing, claim it was via the corporation, and suggest that the law take it up with the board of directors.

  • by sl4shd0rk ( 755837 ) on Monday March 18, 2013 @02:14PM (#43206231)

    The same type of reckless design that went into AT&T's website for registration is symptomatic of the direction the industry has been heading. It represents that YOUR PRIVACY in the hands of a monopoly is not worth two-shits to them. Even if it was "only an email address" it could have easily been your SSN# on a CD, or medical record on an unencrypted laptop, voting record or ballot on a voting machine, whatever. Weev sounds like a jackass, but I would have expected better security from AT&T. If you're going to take the place to be a reactionary "victim" then maybe you should ask yourself who victimized you first -- AT&T perhaps? If AT&T left your car unlocked, would you still blame the thief?

Keep up the good work! But please don't ask me to help.

Working...