[WillP]

While I agree that "fake democracy" is a bit over the top, I also can't see how he "hacked into AT&T". There might be enough room to dicker over whether searching for a vulnerability equates to "hacking," but does anyone really believe Auernheimer did anything illegal by manually typing in an address?

[smsm42]

Hacked is a very loaded word. In some circles, it means "did a brilliant work cleverly and ingeniously using some stuff not always as it was intended to be used", in others it means "did some computer voodoo and stole my data".

Searching for vulnerabilities on a public sites containing live private data is not a business that one should approach lightly. I personally wouldn't do it without being specifically asked for it. But even if one does, taking then massive amount of data is definitely not what a whitehat researcher does.

>>> but does anyone really believe Auernheimer did anything illegal by manually typing in an address?

As far as I know, he didn't manually type an address. He wrote a script that bruteforced ID protection and downloaded a massive list of private emails. Do I have a wrong information? How is it different from bruteforcing a weak password on an email account and copying all the emails - do you think this is legitimate too and that information was public?

[jack-r-abbit]

> How is it different from bruteforcing a weak password on an email account

It is different in these ways:

* Brute-forcing the email password is an attempt to circumvent a system designed specifically to keep unauthorized people out. One can not claim this info is public or that authorization was implied.

* Repeatedly making a call to an open, yet hidden, API is simply using it as it was designed. IMO, at most this dude violated some AT&T TOS by scripting the requests.