A good-willed hacker has been caught by the FBI in trying to secretly fix a hole in the AT&T network. The hacker, Auernheimer, said he has done “nothing ethically wrong” and is being persecuted for “telling the truth” by exposing a security hole in AT&T’s Web site that was leaking e-mail addresses and unique device numbers for about 120,000 3G iPad users last year, including government and high-profile corporate customers.
The hackers are part of a group called Goatse Security which consists of 9 core members that are scattered around the U.S. and one European member located in France. The FBI claims that Auernheimer was planning on using the security hole for a profit, but Auernheimer strongly denied the claim. He states “I’ve never once made a dime off embarrassing a large corporation. I’ve never attempted to make a dime and AT&T is basically a public figure that is open to criticism. I think it’s fair,” he said. “Embarrassing somebody by telling the truth is not malice. It’s necessary speech.”
The Justice Department released Internet Relay Chat (IRC) of the hackers e-mailing and communicating with spammers about selling the AT&T e-mail addresses. Auernheimer, 26, said he is barred from using IRC, communicating with anyone in his hacking group or any potential witnesses or co-defendants, and doing random Web browsing, but can use the Internet for “commerce.” He was forced to leave his Fayetteville, Ark., home because of a bail condition requiring him to stay in the jurisdiction, he added, and as a result, he is living in Jersey City, N.J. He currently is learning Erlang programming language and is “open to security work.”
I think that the news story has a great deal to do with the ACM Code of Ethics and Professional Conduct. Auernheimer did break the law when he tried to “fix” the hole in the AT&T website, and according to the Justice Department they have evidence of him trying to sell the stolen e-mail addresses to spammers. He claims that he didn’t do anything “ethically wrong” but that’s just his opinion and in my opinion he is wrong. He should have contacted AT&T about the hole and then wait for them to respond.