Before: Auernheimer waves a gun while delivering a “sermon” on his iProphet Blip.tv channel

AT&T’s iPad security breach saga turned into an episode of COPS and the X-Files yesterday with the arrest of a key member of the group that exposed the security flaw.

Andrew Auernheimer, 24, a key member of Goatse Security, was arrested Tuesday after Fayetteville (Ark.) police uncovered drugs while executing a search warrant in his home.  Auernheimer was charged with four felony counts of drug possession and one misdemeanor charge for prescription medication inappropriately in his possession.  Police found cocaine, ecstasy, and LSD, along with controlled substance-designated prescription medication. The authorities generally take the drug addicts and dealers to rehab centers like mission viejo rehab, to make sure they’re not under the influence of drugs at the time of investigation.

Auernheimer is a key figure in Goatse Security’s revelation of a security flaw in AT&T’s systems that allowed more than one hundred thousand e-mail addresses of iPad owners to be disclosed.

He remains in the Washington County Detention Center pending a bail hearing this afternoon.

His arrest came days after AT&T officials said they would pursue prosecution of the hacking group to the fullest extent of the law.  The FBI is reportedly involved in an investigation over the security breach.

Auernheimer is a controversial figure.  The self-styled “prophet” records anti-Semitic video sermons for his iProphet channel on Blip.tv.  A quick and mind-numbing review of the contents included “revelations,” perhaps drug-fueled, that the Jews represent vermin, Christians should be armed, everyone needs to use mescaline, and a consideration of the essential need to obtain temporary tattoos of dogs named Rocket.  On one of his more recent videos, Auernheimer announced he was “fleeing” the Los Angeles area due to “attacks by the Jews.”

After: Auernheimer is now a guest at the Washington County (Ark.) Detention Center, charged with drug offenses

Ironically, one year ago this month, Auernheimer was detained by Portland FBI officials and questioned about threatening phone messages left on the voicemail of Congregation Beth Israel in Portland, Oregon on the night of June 16, 2009.

Before uncovering AT&T’s security lapses, Auernheimer’s online aliases —  “Escher” and “Weev,” made appearances in the media, especially in an August 2008 piece in the NY Times, “The Trolls Among Us.”

Meanwhile, speculation about how AT&T allowed an obvious security flaw to remain open is now narrowing in on recent company layoffs.

Gawker reports AT&T slashed up to 200 employees in its Security Office in March, nearly 20 percent of its staff.  The group kept its layoffs quiet, Gawker’s tipster said, to avoid damaging the image of deep security expertise its sells to businesses.

That a company as profitable as AT&T was willing to slash employees willy-nilly was a point of confusion for Gawker:

The layoffs seem puzzling given that AT&T had just posted profits up 25 percent to $3.1 billion. The profits rose on strong performance in the wireless division, whose association with the iPhone helped it surpass Verizon Wireless in new customer additions. The wireless division continued to add customers and revenue the next quarter, even as a health care charge ate into its profits.

Simple greed could be one explanation. Our source was told upper management intentionally cut CSO payroll and accepted “greater risk in operations” to fatten up company profits and even their own bonuses.

But even more problems cropped up at AT&T when an untested ordering system crashed when customers tried to reserve the latest iPhone.  CNET covered that story:

As the iPhone 4 preorder disaster worsens by the minute, the blame looks to fall squarely on AT&T’s shoulders as we learn more about what went wrong. The most damaging of these may be an source close to the carrier which now claims the system which AT&T was not tested before the launch.

The source works at a third party facility that processes the orders for AT&T. Apparently, the reports of users being able to login to others accounts even though they were attempting to log into their own could be related to a botched update on AT&T’s side related to fraud.

An Associated Press report gave credit to Stop the Cap! for getting first official word that AT&T ended its Internet Overcharging experiment in Beaumont, Texas and Reno, Nevada.

Stop the Cap! reader Scott Eslinger managed to get an AT&T customer service representative to read aloud a confidential memo distributed by the company terminating the experiment effective April 1st.  Because AT&T never disclosed the end of the experiment to impacted customers, the coverage by the wire service should help spread the word to residents that the rationing is over:

The phone company confirmed Tuesday that it is no longer holding DSL subscribers in Reno, Nev., and Beaumont, Texas, to data consumption limits and charging them extra if they go over.

With AT&T’s retreat, no major Internet service provider is championing the idea of charging subscribers for their data usage. Time Warner Cable Inc. was a major proponent of the idea and also conducted a trial in Beaumont, but backed away last summer after its plan to expand metered billing to other cities met fierce resistance from consumers and legislators.

AT&T’s trial started in November 2008 in Reno, and was later extended to Beaumont. It ended on April 1 this year, said AT&T spokeswoman Dawn Benton.

“We’re reviewing data from the trial, and this feedback will guide us as we evaluate our next steps,” Benton said.

AT&T should carefully review feedback from customers who despise usage limits and overlimit fees.  Studies show the overwhelming majority of customers do not like their broadband usage artificially limited with arbitrary allowances and overlimit fees, and customers will dump providers who ignore their wishes.

AT&T’s experiment never saved consumers a penny — the company simply slapped allowances as low as 20 GB per month on existing speed-based tiers.  Customers already face practical usage limits from Internet providers.  Those purchasing slower speed tiers are usage limited by those speeds.  Those who pay for higher priced, faster tiers benefit from naturally greater allowances those speeds provide.  Adding a new layer of limits only discourages customers from using the service they already pay good money to receive.  Besides, as profits explode in the broadband sector, the costs (and investment) to provide the service have declined, wiping out the justification for these schemes.

Stop the Cap! opposes all of these Internet Overcharging schemes.  While many providers seek to demagogue some broadband users as “data hogs” or “pirates,” the fact is today’s “heavy user” is tomorrow’s average consumer.  High speed broadband has the potential to revolutionize education, health care, private business, and entertainment, but not if a handful of major providers decide to end innovation by rationing the service to its customers.

AT&T has made it a whole lot easier to learn who has bought Apple’s transformative iPad.  An AT&T security lapse permitted a third party to access and obtain the e-mail addresses and individual iPad ID’s of all 114,000 current owners of the device.  That third party, Goatse Security, then promptly handed over the entire list — some 2,000 pages long, to Gawker — who exposed some big name iPad owners last week.

More importantly, several high officials in government and the military were also identified as iPad owners, even as the security lapse could have given access to the exact location of any of them.

In the media and entertainment industries, affected accounts belonged to top executives at the New York Times Company, Dow Jones, Condé Nast, Viacom, Time Warner, News Corporation, HBO and Hearst.

Within the tech industry, accounts were compromised at Google, Amazon, Microsoft and AOL, among others. In finance, accounts belonged to companies from Goldman Sachs to JP Morgan to Citigroup to Morgan Stanley, along with dozens of venture capital and private equity firms.

Some of the movers and shakers exposed (Image: Gawker)

In government, affected accounts included a GMail user who appears to be Rahm Emanuel and staffers in the Senate, House of Representatives, Department of Justice, NASA, Department of Homeland Security, FAA, FCC, and National Institute of Health, among others. Dozens of employees of the federal court system also appeared on the list.

While Gawker considers the implications of a widespread security breach and whether Apple or AT&T is to blame, others are focusing more intently on AT&T’s role in the misadventure.

AT&T e-mailed every iPad owner notification of the security breach only after it became public news:

“On June 7 we learned that unauthorized computer ‘hackers’ maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service. The self-described hackers wrote software code to randomly generate numbers that mimicked serial numbers of the AT&T SIM card for iPad – called the integrated circuit card identification (ICC-ID) – and repeatedly queried an AT&T web address. When a number generated by the hackers matched an actual ICC-ID, the authentication page log-in screen was returned to the hackers with the email address associated with the ICC-ID already populated on the log-in screen.

The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity.

As soon as we became aware of this situation, we took swift action to prevent any further unauthorized exposure of customer email addresses. Within hours, AT&T disabled the mechanism that automatically populated the email address. Now, the authentication page log-in screen requires the user to enter both their email address and their password.”

AT&T’s damage control has been one-part victim, two-parts minimize the impact, sprinkled with “attack the messenger” all over the top.

AT&T’s characterization of the security team that exposed the security flaw as malicious hackers brought a swift response from Goatse:

AT&T had plenty of time to inform the public before our disclosure. It was not done. Post-patch, disclosure should be immediate– within the hour. Days afterward is not acceptable.

[…] The potential for this sort of attack and the number of iPad users on the list we saw who were stewards of major public and commercial infrastructure necessitated our public disclosure. People in critical positions have a right to completely understand the scope of vulnerability immediately. Not days or weeks or months after potential intrusion.

In addition AT&T says the person responsible for this went “to great efforts”. I’ll tell you this, the finder of the AT&T email leak spent just over a single hour of labor total (not counting the time the script ran with no human intervention) to scrape the 114,000 emails. If you see this as “great efforts”, so be it.

AT&T’s mistakes just keep on coming, ranging from ongoing billing errors amounting to hundreds of dollars to threatening customers with cease and desist orders just for e-mailing concerns to the company.

[flv width=”640″ height=”500″]http://www.phillipdampier.com/video/Bloomberg Goatse Owens Calls ATT Security Flaw Egregious 6-10-10.flv[/flv]

Bloomberg News ran this interview with a representative from Goatse Security that got a bit over-technical for the average Bloomberg viewer.  (4 minutes)

AT&T is a paid sponsor of the eightWest program, which may have had something to do with those eight minutes of positive coverage.

Last month, a Rochester, N.Y., morning television news show handed over five minutes of airtime in a thinly-disguised advertisement for local phone company Frontier Communications.

WOOD-TV in Grand Rapids took shilling to a whole new level this morning on its hour-long morning lifestyle program eightWest when it handed over nearly eight minutes to promote AT&T’s U-verse service, infomercial-style.

Essentially handing the microphone over to AT&T area marketing manager Dan Wells, the show’s hosts fell all over themselves talking about how wonderful the service was.  Channel 8’s Terry DeBoer had her original AT&T installation personally supervised by Wells, a service ordinary Grand Rapids consumers probably won’t receive.

As the “Cutting Edge” segment progressed, the station ran a chyron including AT&T’s logo and slogan, “Rethink Possible” as Wells talked about all of the service’s claimed benefits.  DeBoer just thought it was all awesome, gushing this sampler of reactions as a technobeat soundtrack pounded away in the background:

• “An exciting new adventure in television!”
• “It really is quite remarkable!”
• “The super-sized DVR is awesome!”
• “What are the other services and features that take U-verse to the next level?”
• “It’s exclusively offered to you by our friends at AT&T.”
• “Thanks to the power of AT&T and all of their services, you can save money.”

After eight minutes of enthusiasm, there was no time left to inform viewers of a slightly relevant fact only visitors to their website might have noticed: AT&T is a sponsor of the eightWest program.

[flv width=”480″ height=”380″]http://www.phillipdampier.com/video/WOOD Grand Rapids ATT U-Verse 6-10-10.flv[/flv]

Spend eight minutes in AT&T’s marketing Universe on WOOD-TV’s morning lifestyle program, eightWest.  (8 minutes)