Daniel Spitler, accused of last year’s intrusion into AT&T servers, pleaded guilty to one count of “conspiracy to gain unauthorized access to computers connected to the Internet” and one count of identity theft today before a district judge in Newark, New Jersey. Spitler and co-defendant Andrew Auernheimer released information they allegedly obtained to Gawker, which published the files in redacted form.
Rumor has it that under the plea deal, Spitler will receive a 12- to 18-month sentence, much less than the maximum sentence of 10 years. Auernheimer has not yet entered a plea in his case.
Spitler was suspected of being connected to Goatse Security, a hacker collective, which he confirmed in his plea. The collective posted a letter on its website after the original intrusion, clarifying that they believed publicizing the security flaws of the system was “a service to our nation”, and that “the idea of the Russians or Chinese being able to subvert American infrastructure is a nightmare. We understand that good deeds many times go punished, and AT&T is trying to crucify us over this.” Among the users whose information was leaked were New York City mayor Michael Bloomberg, and then White House Chief of Staff Rahm Emanuel.
Goatse further claimed to have destroyed the sensitive information after the hack was completed. However, logs obtained by the DOJ have Auernheimer suggesting, “This could be like, a future massive phishing operation serious like this is valuable data we have a list a potential complete list of AT&T iphone [sic] subscriber emails”
US Attorney Paul Fishman said in a statement, “In the wake of other recent hacking attacks by loose-knit organizations like Anonymous and LulzSec, Daniel Spitler's guilty plea is a timely reminder of the consequences of treating criminal activity as a competitive sport.”
It is difficult to tell whether Spitler, and the rest of Goatse at large, actually had US security's best interests at heart in executing the hack, but law enforcement's responses to security breaches have been disheartening. In particular, lumping Goatse, LulzSec and Anonymous together seems to indicate a lack of fine-grained understanding on the part of authorities.
