The hacker group that recently exposed information about iPad 3G owners has fired back at AT&T’s response to their endeavors. Objecting to the characterization of their intent as malicious, the Goatse Security group published a blog post today. While AT&T painted them as some sort of evil coven bent on doing harm to iPad owners, they instead contend that they were doing them a public service. The last paragraph in their blog post sums up their feelings on the subject:
When we disclosed this, we did it as a service to our nation. We love America and the idea of the Russians or Chinese being able to subvert American infrastructure is a nightmare. We understand that good deeds many times go punished, and AT&T is trying to crucify us over this. The fact remains that there was not a hint of maliciousness in our disclosure. We disclosed only to a single journalist and destroyed the data afterward. We did the right thing, and I will stand by the actions of my team and protect the finder of this bug no matter what the cost.
They say earlier in the post that there is an exploit in the iPad version of Safari that allowed them to crack the AT&T web application and retrieve the data in question. They say this exploit allows anyone with malicious intent to perform actions that no current detection systems can account for.
Regardless of your opinion on the White Hat vs. Black Hat hacker argument, the members of the group have a point. If they were able to break a secured system with the relative ease they describe, it deserves a response from both AT&T and Apple other than assigning blame away from themselves. If a serious exploit exists in iPad Safari then Apple needs to address it. If AT&T was compromised, they owe it to the community at large to explain how they were compromised and how they fixed it. Cover ups don’t work any more, the Internet has made the world too open for that. There are times for openness and transparency and now is one of those times.
What do you think of the hacker response? Do you believe they are White Hat hackers or just trying to deflect away legal proceedings? Does Apple deserve some blame for not sealing a known security flaw? Let us know in the comments section.[Goatse Security Blog]