LDVZI

U;VITED STATESDISTRICTCOURT
DISTRICTOFIVE"VJERSEY
CNITEDSTATES OF AMERICA
CRIMINAL COMPLAINT
v,
DANIELSPITLERand
ANDREW AUERNHEIMER rvlag.1'\o, 11-4022(CCC)
LChrisli,\f1 St.:hork. beingdul; S\\Orll. slate tile rllilo\\ing is true and ((meetto the best of
my knowledge ilnd belier.
SEE ATfACHMENTA
Ifurther stale that Iam aSpecial .\gelltwith the Federal Bureau of1l1\'estigation,and that this
Complaintis bclsed on the I'ohmi r,\\:h:
SEE ATTACHI'vlENT13
continuedon the attached pages and malleapart hereof.
Christiall Schork.Special Agenl.
Fedcr:ll Bureau01' Imcsligatiol1
SWOI11 to beforeme and subscribed in my presence.
January 13. 20I1. at Nemlrk. NewJersey
c.

WESlERNDIST
FJLBD
Ilo:\ORABLECl.AIREC. CECCIfI
JAN' 8 20tf
L:\IIT,DST:\'Ires :v1.ViISTR:\Tl,JU)GI
R.I0HNSON. CIDJk

Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 1 of 14
ATTACHMENTA
Countl
(ConspiracytoAccessaComputerwithoutAuthorization)
FromonoraboutJune2,2010throughonoraboutJune 11,2010,intheDistrictofNew
Jersey,andelsewheredefendants
DANIELSPITLERand
ANDREWAUERNHEIMER
knowinglyandintentionallyconspiredwitheachotherandotherstoaccessacomputerwithout
authorizationandto exceedauthorizedaccess,andtherebyobtaininformationfrom aprotected
computer,namelytheserversofAT&T, infurtherance ofacriminal violationofthelawsofthe
StateofNewJersey,specifically,N.J.S.A.2C:20-31,contrarytoTitle 18, United StatesCode,
Sections 1030(a)(2)(C)and 1030(c)(2)(B)(ii),inviolationofTitle 18, UnitedStatesCode,
Section371.
~ o u n t
(Fraudin ConnectionwithPersonalInformation)
FromonoraboutJune2, 2010 throughonoraboutJune 11,2010,intheDistrictof New
Jersey,andelsewheredefendants
DANIELSPITLERand
ANDREW AUERNHEIMER
knowinglytransferred,possessed,andused,withoutlawfulauthority,meansofidentificationof
otherpersons,includingmeansofidentificationof thousandsofNewJerseyresidents, in
connectionwithunlawful activity,specifically,theunlawfulaccessingofAT&T'sservers
contraryto Title 18,United StatesCode,Section 1030(a)(2)(C),in violationofTitle 18,United
StatesCode, Section 1028(a)(7).
-2-
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 2 of 14
AITACHMENT B
I, Christian Schorle. am a Special Agent with the Federal Bureau of Investigation. I have
knowledge of the facts set forth below from my involvement in the investigation, a review of
reports. and discussions with other law enforcement personnel. Any statements attributed to
individuals are described in substance and in part.
1. Since in or about June 2010, the Federal Bureau of Investigation has been
investigating a data breach at AT&T that resulted in the theft of personal information of
approximately 120,000 AT&T customers, thousands of whom are New Jersey residents. That
data breach and associated theft were perpetrated by Daniel Spitler ("defendant Spitler") and
Andrew Auemheimer ("defendant Auemheimer") for the express purpose of causing monetary
and reputational damage to AT&T and monetary and reputational benefits to the defendants.
A. The iPad and AT&T
2. At all times relevant to this Complaint:
a. The iPad. introduced to the market on or about January 27, 2010, was a
device developed and marketed by AppJe Computer, Inc. It was a touch-screen tablet computer,
roughly the size of a magazine. The iPad allowed users to, among other things, access the
Internet, send and receive electronic mail, view photographs and videos, read electronic books,
word-process, and create spreadsheets and charts.
b. AT&T Communications, Inc. ("AT&T") was an interexchange carrier and
long distance telephone company headquartered in Bedminster, New Jersey. Among other
things, AT&T provided certain iPad users with Internet connectivity via AT&T's 30 wireless
network,'
c. AT&T offered two data plans for iPad 30 users: 250 MB of data per
month for $14.99 and 2 OB of data per month for $25,2 iPad 30 users who wished to subscribe
to the AT&T 30 network had to register with AT&T. During the registration process, the user
was required to provide, among other things, an e-mail address, billing address, and password.
d. At the time of registration, AT&T automatically linked the iPad 30 user's
e-mail address to the Integrated Circuit Card Identifier ("ICC-Ion) of the user's iPad, which was
I Both Wi-Fi and the 30 wireless network were mechanisms by which users could access
the Internet. For some iPad models, Internet connectivity was provided strictly over Wi-Fi, while
others offered a combination of Wi-Fi and AT&T's 30 wireless network.
2 Until on or about June 7, 2010, AT&T also offered a third data plan, which allowed
users Wllimited access to data for $29.99 per month.
-3-
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 3 of 14
a19to 20digitnumberuniqueto everyiPad(specifically,uniqueto the SubscriberIdentity
Module("SIM")cardinthe iPad). Accordingly,eachtimeauseraccessedtheAT&Twebsite,
hisICC-IDwasrecognizedand, intum,hise-mailaddresswasautomaticallypopulated,
providingthe userwithspeedierandmoreuser-friendlyaccesstothewebsite.
e. TheICC-IDsandassociatediPad30usere-mail addresseswerenot
availabletothepublicandwerekeptconfidential by AT&T.
B. TheDataBreach
3. Priorto mid-June2010,whenaniPad30communicatedwithAT&T'swebsite,
itsICC-IDwasautomaticallydisplayedintheUniversal ResourceLocator,or"URL,"ofthe
AT&Twebsitein plaintext. Seeingthis,anddiscoveringthateachICC-IDwasconnectedtoan
iPad30usere-mailaddress,hackerswroteascripttermedthe"iPad30AccountSiurper"(the
"AccountSiurper")anddeployeditagainstAT&T'sservers. AT&T'sserversareprotected
computersasdefinedinTitle 18,UnitedStatesCode,Section 1030(e){2).
4. TheAccount SiurperattackedAT&T'sserversforseveraldays inearlyJune
2010,andwasdesignedto harvestasmanyICC-IDle-mailaddresspairingsaspossible. It
workedasfollows:
a. TheAccountSiurperwasdesignedtomimicthebehaviorof aniPad30so
thatAT&T'sserverswere fooled intobelievingthattheywere
communicatingwithanactual iPad30and wronglygrantedtheAccount
SlurperaccesstoAT&T'sservers.
b. Oncedeployed,theAccountSiurperutilizedaprocessknownasa"brute
force"attack- aniterativeprocessusedtoobtaininformationfrom a
computersystem- againstAT&T'sservers. Specifically,theAccount
SlurperrandomlyguessedatrangesofICC-IDs. Anincorrectguesswas
metwithnoadditional information,whileacorrectguesswasrewarded
withanICC-IDle-mailpairingforaspecific, identifiableiPad30user.
5. FromonoraboutJune5,20]0throughonoraboutJune9,2010,theAccount
SlurperattackedAT&T'sservers,gainedunauthorizedaccessto thoseservers,andultimately
stolefor its hacker-authorsapproximately 120,000ICC-IDle-mailaddresspairingsfor iPad30
customers. ThiswasdonewithouttheauthorizationofAT&T,Apple,oranyofthe individual
iPad 30users.
C. AndrewAuernheimerandGoatseSecurityTakeCreditfortheBreach
6. OnoraboutJune9,2010, immediatelyfollowing the theft, thehacker-authorsof
the AccountSlurperprovidedthestolene-mail addressesandICC-IDsto thewebsiteOawker
-4-
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 4 of 14
(http://gawker.comV Oawker proceeded to publish on its website the stolen information, albeit
in redacted form, as well as an article concerning the breach (the "Oawker Article").
7. The Oawker Article provided in relevant part:
A security breach has exposed iPad owners including dozens of CEOs, military
officials, and top politicians. They and every other buyer of the ceHular-enabled
tablet - could be vulnerable to spam marketing and malicious hacking. The
breach ... exposed the most exclusive email list on the planet, a collection of
early-adopter iPad 30 subscribers that includes thousands of A-listers in finance,
politics and media, from New York Times Co. CEO Janet Robinson to Diane
Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael
Bloomberg. It even appears that White House Chief ofStaffRahm Emanuel's
information was compromised. It doesn't stop there. According to the data we
were given by the web security group that exploited vulnerabilities on the AT&T
network, we believe 114,000 user accounts have been compromised, although it's
possible that confidential information about every iPad 30 owner in the U.S. has
been exposed.
8. Under the heading, "Breach details: Who did it, and how," the Gawker Article
reported: "The [AT&T] subscriber data was obtained by a group calling itselfOoatse Security."
The Article continued:
The group wrote a PHP script to automate the harvesting of data. Since a member
of the group tells us the script was shared with third-parties prior to AT&T closing
the security hole, it's not known exactly whose hands the exploit fell into and
what those people did with the names they obtained. A member tells us it's likely
many accounts beyond the 1 ]4,000 have been compromised.
4
9. On the same day the Oawker Article appeared, June 9, 2010, a post was made
to the LiveJournal weblog, http://weev.livejournal.com. which read: "Oh hey, my security
consulting group just found a privacy breach at AT&T[.]"s The post further linked to the Oawker
Article and stated: "[T]his story has been broken for 15 minutes, twitter is blowing the fuck up,
) Gawker is a website that advertises itself as providing "Gossip from Manhattan and the
Beltway to Hollywood and the Valley."
4 In fact, as noted above, information was stolen from approximately 120,000 accounts.
S LiveJoumal is a social networking website on which users can set up personal weblogs
and post messages. Once a weblog has been created, only the user of that weblog can post
messages and content on that weblog.
-5-
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 5 of 14
weareontheforntpage ofgooglenewsandweareondrudgereport(thebigheadline)[.J"6 The
"UserProfile"fortheLiveJournalweblog,http://weev.livejoumal.com.listedtheuseras"weev"
withthename"EscherAuernheimer."
1O. OnoraboutJune 10,20I0,thewebsiteCNETpublishedanarticletitled,"Hacker
defendsgoingpublicwithAT&T'siPaddatabreach(Q&A)." Thearticlereported:"On
Thursday,CNETtalkedtoakeymemberofGoatse- EscherAuernheimer,alsoknownas
'Weev'- aboutthegroupandwhatmotivatesthem." In thearticle,aquestionandanswerdialog
waspresented,includingthefollowing:
Q: So,oneof yourmembershadaniPadandnoticedthisstrangeinteraction
withtheAT&TWebsite?
A: HeusedthisAT&Tsecuritymaintenanceapp. It waspartof thenormal
userexperiencethattippedhimoff tosomethingthatwouldallowhimto
scrapethisdata.
Q: Thenascriptwaswrittento doanautomatedbruteforce, right?
A: Correct.
11. Morerecently,onoraboutNovember17,2010,inane-mailsenttoanAssistant
UnitedStatesin the DistrictofNewJersey,defendantAuernheimeragaintookcreditforthedata
breachandassociatedtheftofICC-ID/e-mailaddresspairings,writing:"AT&Tneedstobeheld
accountablefortheirinsecureinfrastructureasapublicutilityand wemustdefendtherightsof
consumers,overtherightsofshareholders.... Iadviseyoutodiscussthismatterwithyour
family, yourfriends, victimsofcrimesyouhaveprosecuted,andyourteachersfortheyarethe
peoplewhowouldhavebeenharmedhadAT&Tbeenallowedto silentlyburytheirnegligent
endangermentofUnited Statesinfrastructure."
D. GoatseSecurity
12. Throughtheirinvestigation,federal lawenforcementofficershavelearnedthat
GoatseSecurityisa looseassociationofInternethackersand self.professedInternet"trolls."7
Indeed,defendantAuernheimerhaspreviouslybeen publicandoutspokenabouthistrolling
activities. Forexample:
6 Allspellingand grammaticalerrorsin thisparagrapharepertheoriginal.
7 A"troll"isapersonwhointentionally,and withoutauthorization,disruptsservicesand
contentontheInternet.
-6-
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 6 of 14
a. In an August3,2008interviewwith The New York Times, defendant
Auernheimeradmitted:"Ihack,Iruin,Imakepilesofmoney. Imake
peopleafraidfortheirlives. TrollingisbasicallyInterneteugenics. Iwant
everyoneofftheInternet. Bloggersarefilth. Theyneedto bedestroyed.
Blogginggivestheillusionofparticipationtoabunchofretards....We
needto putthesepeopleintheoven!"
b. Likewise,inan interviewwiththewebsiteCorruptinAugust2008,
defendantAuernheimerstated:"Thesecurityindustrydoesnotwork
againsthackers. Securityisamyth,thereisnosystemthatcannotbe
broken.... ForthecompaniesI'vetargeted,I'veshowedup attheir
partiesandgivensomefriendlygreetingstobaskinthe looksofdisgust
anddisdain. Itakecreditand responsibilityformyactions."
c. DefendantAuernheimeralsomaintainsawebpageatwww.blip.tv.which
isawebsitethat, likeYouTube,allowsuserstocreateandpostvideos. On
hisblip.tvpage,Auernheimerpostedseveral"sermons"intheguiseofthe
"iProphet." Onesuchvideowasentitled"SermononFearandTheMenIn
BlacklDirectDemocracy." Duringthisvideo,Auernheimerstated:
"Trollingcanfrequentlyhave largeeconomicrepercussionsas,asI
learned,1learnedwhenItrolledAmazon. Isawaonebilliondollar
changeintheirmarketcapitalization. That'sthemostmonetaryaffection
[sic]of apubliclytradedstockthatI'veeverpersonallydone. Imean,I've
causedamoredramaticshiftin price,butnevermarketcapitaJization."
Auernheimercontinued:"Soabilliondollarschangedhandsasaresultof
my trolling,andI'mvery,verygladtoknowthatsuchinsignificantthings
onthe Internetcanhavedrastic,farreachingeffects."
13. AccordingtotheGoatseSecuritywebsite, the GoatseSecurity"Team"includes
eightmembers,amongwhomaredefendantAuemheimerand"JacksonBrown." Through
variousinvestigativetechniques, lawenforcementofficershaveidentified"JacksonBrown"as
defendantSpitler.
14. TheGoatseSecuritywebsitedescribesdefendantAuemheimerashaving
"[e]xtensiveoffensivewebappvulnandbusinesslogicexploitationexperience. Bashwhile
drunk,perlwhiletripping,Rubywhilelivingin SF SoMa. Representingantisec,Bantownand
EncyclopediaDrarnatica. PresidentoftheGNAA." DefendantSpitleris describedasan
"embeddedand mobiledevicesengineer. PPCassembly. GNAA,obviously." TheGoatse
SecuritywebsiteprovidesahyperlinktotheGNAAwebsite.
15. TheGNAAwebsitestatesthat"[t]hiswebsiteismaintainedbytheGNAA,
world-famoustrollingorganization." TheGNAAwebsiteprovideshyperlinkstotheGoatse
Securitywebsite,as well as defendantAuernheimer'sLiveJournalweblog.
-7-
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 7 of 14
E. The Internet Relay Chats
16. On or about June 15, 2010, pursuant to a search warrant signed by the Honorable
Erin L. Setser, U.S.M.J. in the Western District of Arkansas, law enforcement officers conducted
a search of defendant Auernheimer's home, located in Fayetteville, Arkansas. During the
execution of the search warrant, defendant Auernheimer agreed to speak with federal law
enforcement officers and stated, among other things, that he and the other members of Goatse
Security often communicated with one another using an online medium known as Internet Relay
Chat, or "IRC."
17. Approximately one month after the search of defendant Auernheimer's home, a
confidential source (the "CS") contacted federal law enforcement officers and stated, among
other things, that the CS routinely monitored "#dominion," one of the IRC channels used by
Goatse Security members to communicate with one another. The CS also provided law
enforcement officers with chat logs from the "#dominion" channel from on or about June 2, 2010
through on or about June 11, 201 O. Extending over 150 pages, those chat logs conclusively
demonstrate that defendants Spitler and Auernheimer were responsible for the data breach and
conducted the breach to simultaneously damage AT&T and promote themselves and Goatse
Security. Excerpts from the chat logs are provided below.
8
June 5, 2010
18. On or about June 5, 20 I 0, defendant Spitler was chatting with "Nstyr" and
"Pynchon," and the three considered the possible benefits of harvesting ICC-IDle-mail pairings:
Spitler: if you enter valid ICCIDs in this website you can get iPad
subscriber email addresses I dont see the point unless we
phish
9
for passes even then that's boring
Nstyr: data minig *mining you could put them in a database for
spamming for example sell them to spammers ...
Spitler: tru ipad focused spam
Pynchon: harvest all the emails then expose it publicly
8 All spelling and grammatical errors throughout the IRC chats are per the original
authors.
9 "Phishing" involves sending e-mails to users falsely claiming to be an established,
legitimate enterprise in an attempt to scam the users into surrendering private infonnation that
will be used for identity theft.
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 8 of 14
Spitler: hahaha
Pynchon: tarnishat&t
Spitler: true
Nstyr: orsell ifforthousandstothebiggestspammers
19. Laterthatday,defendantSpitlerreportedthefollowingtodefendant
Auernheimer:
Spitler: Ijustharvested 197emailaddressesof iPad30subscribers
thereshouldbemanymore...weev:didyouseemynew
project?
Auernheimer: no
Spitler: I'msteppingthroughiPadSIMICCIDsto harvestemail
addressesifyouusesomeonesICCIDontheipadservice
siteitgivesyoutheiraddress
Auernheimer: 100001thatshilariousHILARlOU8ohmannowthisisbig
medianews...isitscriptable? arentthere81Mthat
spooficcid?I
0
Spitler: Iwroteascripttogeneratevalidiccidsanditloadsthesite
andpullsanemail
Auernheimer: thiscouldbelike,afuture massivephishingoperation
seriouslikethisisvaluabledatawehavealistapotential
completelistof AT&Tiphonesubscriberemails
Spitler: ipadbutyeah
20. WhendefendantSpitlerannouncedthathewas"inarut"andhavingdifficulty
determiningadditional ICC-IDle-mailpairings,defendantAuernheimerassisted,offering:"81M
cardsmaybeallocatedbygeographicregion,eitherfornumberadministrationornetwork
10 "LOL"anditsvariantsstandfor laughingoutloud.
-9-
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 9 of 14
planningreasons. Themethodof payment(pre-paid,post-paid)maybeallocatedontheSIM
cards....sosimsaredefinitelypreallocatedeitherby geographicregionsaleschannes,service
providersorMYNOsquestionis whoallocatesthem...probablyAT&Tsuballocatesfree IDsto
applehopefullynotatrandom ...otherwisewehavearealbigspacetosearch[.]"
21. OnoraboutJune5,2010,andagainthefollowingday,defendantAuernheimer
encourageddefendantSpitlertoamassasmanyICC-IDle-mailpairingsaspossible,writing:"if
wecangetabigdatasetwecoulddirectmarketipadaccessories[.]"Likewise,afterlearningthat
defendantSpitlerhadcollected"625emails,"defendantAuernheimerwrote: "takeslike,millions
tobe profitablere: spambutthatsastart[.]"
June6.2010
22. RcspondingtodefendantAuernheimer'sencouragement,onoraboutJune6,
2010,defendantSpitlerreported:
Spitler: Ihitfuckingoil
Auernheimer: 1000001 nice
Spitler: IfIcangetacouplethousandoutofthissetwherecanwe
dropthisformax lois?
Auernheimer: dunnoiwouldcollectasmuchdataaspossibletheminute
itsdropped,itllbefixedBUTvalleywagi haveallthe
gawkermediapeopleonmyfacecrookfriends aftergointo
agawkerparty
23. AsdefendantSpitleruncoveredadditionalICC-IDle-mailpairings,hecontinued
speakingwithdefendantAuernheimeraboutreleasingtheinformationtothepressand,related,
the legalityof thedatabreach:
Spitler: doIgottogetinvolved
Auernbeimer: no
Spitler: I'dlikemyanonaminity
Auernheimer: alright
Spitler:
srydunnohowlegal thisisoriftheycouldsuefordamages
Auernheimer:
absolutelymaybelegalriskyeah,mostlycivilyou
-10-
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 10 of 14
absolutelycouldgetsuedtofuck
Spitler:
Auernheimer: alrighti canwranglethepressjustgetmethecodesand
whatnotshowmehowtorunthisthing
24. DefendantSpitlerthenproceededtoprovidethescripttodefendantAuernheimer,
writing:"heresthescriptyourunitphp[scriptredacted] likefirstnumberis iccidminusthe
checkdigitsecondnumberiscountorhowmanyyouwanttocheckyouhavetopipetheoutputit
juststartscheckingsequentiallyaddingthe propercheckdigitautomatically101[.]"
25. AsdefendantsSpitlerandAuernheimerwereconversing,anotherGoatseSecurity
member,"Rucas,"offeredhisadviceonhowbesttousetheICC-IDle-mailaddresspairings,
stating:"dontgotothepresssellthelisttocompetitors...ijusthadanideasendoutat&t
phishinge-mailstoall these idiotswithanipadtrojan[.]"
26. Asthedatabreachcontinued,defendantAuernheimerwrotetodefendantSpitler:
"if weget1 reportersaddresswiththissomehowweinstantlyhavea story...thebestwayto
havea leadinonit...HIISTOLEYOUREMAILFROMAT&&TWANTTOKNOWHOW?"
DefendantSpitlerthenproceededtoprovidedefendantAuernheimerwithanICC-IDande-mail
addressforamemberof theBoardofDirectorsatNewsCorporation. DefendantAuernheimer
sentane-mail to thatBoardmember,whichread inrelevantpart:
AninformationleakonAT&T'snetworkallowssevereprivacyviolationstoiPad
3Gusers. YouriPad'suniquenetworkidentifierwaspulledstraightoutof
AT&T'sdatabase.... Wehavecollectedmanysuchidentifiersformembersof
themediaand majortechcompanies.... If ajournalistinyourorganization
would liketodiscussthisparticularissuewithus[,] I wouldbeabsolutelyhappy
todescribethemethodof theftinmoredetail.
27. Asthedatabreachcontinued,sotoodidthediscussionsbetweendefendants
SpitlerandAuernheimerandotherGoatseSecuritymembersaboutthebestwaytotake
advantageof thebreachandassociatedtheft:
Pynchon: hey,justanideadelaythisoutingforacoupledays
tommorrowshortsomeat&tstockthenoutthemontuesday
thenfilJ yourshortandprofit
Rucas: LOL
II Thephrase"08"meansto bedeeplyinvolvedinanactivityortoperformanactivityto
thefullestextentpossible.
-11-
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 11 of 14
Auernheimer: well iwill saythis itwouldbeagainstthelaw...forMEto
shorttheattstockbutif youwanttodoitgonuts
Spitler: Idonthaveanymoneyto investinAIT
Auernheimer: ifyoushortA IT dontletmeknowaboutit
Spitler: 1MTAKINYOUALLDOWNWITHMESNITCHHIGH
EVERYDAY
June7,2010
28. AfterdefendantSpitlerannounced thathehadstolenover100,000ICC-IDle-mail
addresspairings,defendantAuernheimerstated:"themoreemailaddressesweget...themore
of afreakoutwecancauseifnothingelsewecanpacktheseintoa[database] ...anddoamail
mergeandmailEVERYONEwithan ipad3gI 0 1[.]" Tothat,defendantSpitlerresponded
simply: "Iawlwla[.]"
June9,2010
29. AftertheGawkerArticlewaspublished,defendantSpitlerwasafflictedby"post-
trollparanoia"andsolicitedadvicefromotherGoatseSecuritymembers. "Rucas"offeredthe
following: "whati'ddo RlGHTNOWisopenyourrouterresetdefaultpasswordstumoffwep
etcthatgivesyousomesortofplausibledeniabilitythatitwasactuallyYOU usingyourinternet
if youcanseeotherwirelessnetworksinyourareausetheirSSIDthatwayidiotsonxpwill
automaticallyconnecttoyourssometimeandyoucanshowthattherearepeoplewhoareNOT
YOUonyournetwork[.]"
30. Thereafter,the followingconversationensued:
Rueas: rememberthiskeyphrase
Spitler: again
Rueas: "I DON'TKNOWANYTHING. I AMINVOKINGMY
MIRANDA RIGHTTOREMAIN SILENT."
Spitler: thisIancriminalisn't
Rueas: itis
-12-
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 12 of 14
Spitler: no
Rueas:
whyisn'titwhydon'tyouthinkitis
Spitler: causeIddnthackanything
Rueas: sureyoudidyoudidtheexactsamethingaschanginga
usemameinauri to gainaccessto aprotectedsite
Ruess:
youcrossedstatelineswithurpacketssoit'safederal
crime
Spitler: tri tro
31. Laterthatday,defendantsSpitlerandAuernheimerandotherGoatseSecurity
membersdiscussedwhointhepresshaddisclosedthedatabreachtoAT&T,since,contraryto
theGawkerArticle,neitherdefendantnoranyonefromGoatseSecurityhad.
12
Indeed,defendant
Auernheimeradmittedas muchto"Nstyr:"
Nstyr: youDIDcall techsupportright?
Auernheimer: totallybutnotreally
Nstyr: 101
Auernheimer: i dontfuckincareihopetheysueme
32. Related,thefollowingconversationensued:
Spitler: Ibet[thepublisherof theSan Francisco Chronicle] leaked
ustoAT&Tfaggot isprobregrettingnotbreakingthestory
actinglikesf chronisareal paperstillwithintegretyll
Jenk: 101
12 TheGawkerArticlereported: "GoatseSecuritynotified AT&T ofthebreachandthe
securityholewasclosed."
13 Inadditionto thee-mailsentto theBoardmemberatNewsCorporation,defendant
Auernheimersentsimilare-mailstotheSan Francisco Chronicle andThomson-Reuters.
-13-
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 13 of 14
Spitler:
Nstyr:
Auernheimer:
Nstyr:
Auernheimer:
Nstyr:
Auernheimer:
June 10,2010
or it wa all those reuters employees
you should've uploaded the list to full disclosure maybe
you still can
no no that is potentially criminal at this point we won
ah
we dropepd the stock price
I guess
lets not like do anything else we fucking win and i get to
like spin us as a legitimate security organization
33. Fearful of the criminal repercussions of the data breach, defendants Spitler and
Auemheimer had the following conversation during which they discussed destroying evidence of
their crime:
Auernheimer:
Spitler:
Auernheimer:
Spitler:
Auernheimer:
Spitler:
F. Losses
i would like get rid of your shit like are we gonna do
anything else with this data?
no should I toss it?
i dont think so either might be best to toss
yeah, I dont really give a fuck about it the troll is done
yes we emerged victorious
script is going byebye too
34. To date, AT&T has spent approximately $73,000 in remedying the data breach.
Those costs include, among other things, the cost of contacting all iPad 3G customers to infonn
them of the breach and AT&T's response to it.
-14-
Case 5:11-mj-05003-ELS Document 1 Filed 01/18/11 Page 14 of 14