Two men described as "Internet trolls" have been charged today with allegedly hacking AT&T's servers to obtain the information of 120,000 iPad users, including some boldface names like Hollywood mogul Harvey Weinstein, New York Mayor Michael Bloomberg and President Obama's former chief of staff.
Then they allegedly bragged about it.
The hack attack occurred during the initial release of Apple's tablet computer, court documents state.
Daniel Spitler, 26, of San Francisco and Andrew Auernheimer, 25, of Fayetteville, Ark., have each been charged with one count of fraud and one count of conspiracy to access a computer without authorization, the U.S. prosecutors announced today in Newark, N.J.
"Hacking is not a competitive sport, and security breaches are not a game. Companies that are hacked can suffer significant losses, and their customers made vulnerable to other crimes, privacy violations, and unwanted contact," U.S. Attorney Paul J. Fishman said.
According to the complaint filed by the FBI in Newark, Spitler and Auernheimer allegedly used a "brute force" hack tactic over several days last June on AT&T servers to uncover email addresses related to iPad accounts.
After the attack, the Website Gawker.com was allegedly supplied with information obtained during the hack from the group Goatse Security, described in the complaint as a "loose association of internet hackers" that Spitler and Auernheimer were both allegedly associated with.
A representative from Goatse responded to an ABC News inquiry over email, saying the group was standing behind the men.
"Goatse Security is behind Mr. Spitler and Mr. Auernheimer 100%," Leon Kaiser, head of public relations for Goatse Security said.
The court papers cite Gawker's report and state that roughly 120,000 emails were captured, including from luminaries like Bloomberg and Weinstein. In addition, emails from Obama's former chief of staff Rahm Emanuel, ABC News anchor Diane Sawyer, and a raft of emails allegedly associated with the Department of Defense were hacked into, the documents state.
According to the complaint, Auernheimer and Spitler talked about the hack in chat logs seized by the FBI. At one point Spitler allegedly claimed he "hit oil" as they uncovered the emails. Auernheimer allegedly took credit for the attack in an email he sent to the U.S. Attorney's office in New Jersey in November.
"AT&T needs to be held accountable for their insecure infrastructure as a public utility and we must defend the rights of consumers, over the rights of shareholders," he wrote, according to the complaint.
Goatse Security also maintains Spitler and Auernheimer did nothing wrong, according to Kaiser.
"Goatse Security still holds the position that no criminal act was committed. Spitler and Auernheimer acted entirely within the law, and entirely for the interests of public security. The flaw was quite literally stumbled upon; AT&T was never targeted, and upon gathering of the data, it was not sold, distributed, or used otherwise (although it certainly had the potential to be used quite maliciously)," Kaiser said.