BGR writes today about the case of two hackers from Goatse Security , one of who could face jail, despite trying to do good. The hackers found a way to harvest emails and data from iPads via a security hole in AT&T’s website. They then made their discovery public, in order to warn other iPad users about AT&T’s site. In no way did the hackers expose the emails they obtained, or try and make money from what they had found. Even so, LiveScience.com reports, via BGR, that one of the hackers, Andrew Auernheimer, could still be jailed as a result of what he did. The reason for this is because Auernheimer is accused of breaking the Computer Fraud and Abuse Act of 1986. Apparently being so old, the law doesn’t take into account hackers that are actually trying to do good. The case will either be ruled on this week, or failing that it could go to the Supreme Court, and could possibly become a precedent-setting hacking case that could help to define future laws.

Source: AT&T iPad email hacker: Jail time a possibility | BGR

He was convicted:

Hacker Found Guilty of Breaching AT&T Site to Obtain iPad Customer Data | Threat Level | Wired.com

This case has two very interesting aspects to it.

1) White Hat hacking.

2) Black Hat hacking.

The young man claims publicly that he was White Hat hacking. The issue however is the documents that show they were doing it for notoriety. Regardless of how old the law is that is being applied, the issue is actually straight forward because the law actually covers the hackers original intent not his public plea.

Personally, he crossed a line that almost every White Hat hacker for the last decade has accepted as the ethical line. You make the victim aware of the issue and you give them 6 weeks to fix it or until the exploit hits Zero Day status. At the end of 6 weeks or when Zero Day occurs, you then release the relevant information and a possible avenue of protection.

Originally Posted by Kaykaykay

He was convicted:

Hacker Found Guilty of Breaching AT&T Site to Obtain iPad Customer Data | Threat Level | Wired.com

Thanks for the update

A good deed never goes unpunished as the old saying goes.

Originally Posted by iJamesH

A good deed never goes unpunished as the old saying goes.

That's the issue. He claims publicly that he was doing a good deed. The court documents submitted in evidence show a very different story. He wasn't doing it as a "good deed" if you follow the paper trail.

Originally Posted by Skull One

That's the issue. He claims publicly that he was doing a good deed. The court documents submitted in evidence show a very different story. He wasn't doing it as a "good deed" if you follow the paper trail.

They sound like jerks who were going to get off on the attention, rather than trying to help identify a security problem and give proper notice so it could be fixed.

If they would have been serious about doing the right thing, they would have reported the security loophole immediately, not after downloading personal data for well over 100,000 people.

well the blackhat hacking usually are the ones that make a lot of money through affiliate marketing and stuff..but this looks like white hat and its a shame that he could be jailed for this

Originally Posted by AppsAsia

well the blackhat hacking usually are the ones that make a lot of money through affiliate marketing and stuff..but this looks like white hat and its a shame that he could be jailed for this

You didn't read closely enough. They were as interested in profiting from their deeds as the blackest of black hats.