In this case, that kind of international effort wasn't even needed. FBI agents conducted raids on the suspects' homes and made their arrests. And remember: For someone with something to hide, a raid can spell serious trouble.
"When they arrest them, they've got warrants," Neuman says. "Even though the path back to them may have been somewhat obscured, they usually have information on their own machines that shows they had the source code or program related to the attack. A lot of individuals don't think it will ever get to that point and don't even try to prepare."
Each suspect is charged with conspiring to cause damage and intentionally causing damage to a protected computer -- charges that, combined, carry penalties of up to 15 years in prison and $750,000 in fines. Some payback indeed.
Stupid hacker trick No. 5: Chat up your iPad account hack, end up in the clink
The suspects: Andrew Auernheimer and Daniel Spitler
The crime: Hacking into an AT&T database and exposing the email addresses of thousands of iPad owners
Dossier: Aurenheimer and Spitler discovered a public script on AT&T's website in which you could plug an ICCID number -- a unique identifier associated with each iPad's SIM card -- and get back the email address of the user who owns the device.
Armed with that knowledge, the two men, allegedly operating as "Goatse Security," are accused of creating their own script called the "iPad 3G Account Slurper." That script is said to have input random ID numbers in rapid-fire succession. Every time it came across a legitimate one, investigators say, it retrieved and logged the corresponding email address.
Harmless, right? Not quite: The script harvested more than 100,000 email addresses in all, including those of folks like New York Mayor Michael Bloomberg, former White House Chief of Staff Rahm Emanuel, and numerous other national leaders. And the guys from Goatse didn't keep the info quiet: The company is accused of offering the data to both News Corp. and Thomson Reuters. It was Gawker, however, that eventually bit and published a glimpse of the stolen tidbits, causing an embarrassing debacle for AT&T and Apple alike.
The bust: Once the data dump went public, the pressure was on to find the responsible parties. In this instance, once again, the old adage "loose lips sink ships" may describe what brought Goatse Security down.
In their complaint against Aurenheimer and Spitler, prosecutors cite numerous emails and chat logs in which the men appear to discuss the hack and their involvement. One note even mentions the possibility of "iPad focused spam" -- something that certainly doesn't look good for anyone mulling over the men's intentions.
"In the cases of less-professional cyber criminals, they may find it irresistible to brag online about their activities, or leave nicknames in their attacks, which ultimately help authorities unmask them," Cluley points out.
Unmasked, perhaps -- but hey, at least their email addresses weren't exposed.
- Stupid user tricks 5: IT's weakest link
- Jackass IT: Stunts, idiocy, and hero hacks
- Dirty IT jobs: Partners in slime
- IT admins gone rogue
- IT inferno: The nine circles of IT hell
- IT personality types: 8 profiles in geekdom
- 7 IT superheroes -- and their fatal flaws
- Stupid hacker tricks, part two: The folly of youth
- The 7 dirtiest jobs in IT
- True IT confessions
- The 2010 InfoWorld Geek IQ test
- IT personality type quiz
- Programming IQ test: Round 2
- Linux admin IQ test