The thousands of iPad users whose information was exposed by AT&T's now-fixed security hole can thank a well-known hater-hacker for helping bring it to light.
Yesterday Gawker published a post detailing how an underground security group harvested identifying information on 114,000 iPad users from AT&T's website. The information collected -- e-mail addresses and ID numbers that can tie users to their devices -- could be used for "spam marketing and malicious hacking," Gawker reported. Exposing the leak was a service to iPad users whose security was breached, but one of the members of the group is well-known for his inflammatory, racist behavior.
First, to understand how low this group likes to go, it's all in their name: Goatse Security. Goatse is a reference to an old Internet meme and gross-out picture. Wikipedia provides a safe-for-work, albeit graphic, description.
One of the group's members goes by the handle Weev and is a well-known troll, an Internet user who says and does extremely offensive things to provoke emotional responses. He and trolls like him were featured in a 2008 New York Times magazine article, which included a photo of Weev and offered this description:
He is said to have jammed the cellphones of daughters of C.E.O.'s and demanded ransom from their fathers; he is also said to have trashed his enemies' credit ratings. Better documented are his repeated assaults on LiveJournal, an online diary site where he himself maintains a personal blog. Working with a group of fellow hackers and trolls, he once obtained access to thousands of user accounts.
Mattathias Schwartz, the author of The Times piece, also provides some insight into the malevolence that is Weev's driving philosophy:
"I hack, I ruin, I make piles of money," he boasted. "I make people afraid for their lives." On the phone that night, Weev displayed a misanthropy far harsher than Fortuny's [another troll]. "Trolling is basically Internet eugenics," he said, his voice pitching up like a jet engine on the runway. "I want everyone off the Internet. Bloggers are filth. They need to be destroyed. Blogging gives the illusion of participation to a bunch of retards. . . . We need to put these people in the oven!"
Weev rails against Jews in his LiveJournal and he and several other members of Goatse Security claim to be members of the Gay N***** Association of America. In an oddly generous literary reference, Forbes has described him as a modern Shakesperian Puck. Make of that what you will.
But in addition to exposing the iPad breach, Goatse Security has previously exposed
vulnerabilities affecting the Safari and Firefox browsers. For better or worse, Weev and his group have provided a public service of sorts -- however incidentally.