I recently argued 'Why Goatse was right to disclose iPad data leak' after it came to light that the FBI had started an investigation into the hacker group following the responsible disclosure of an iPad data leak caused by poor AT&T security measures. I said "The security researchers which discovered the vulnerability ensured that AT&T were not only informed, but that it had also closed the hole down, before going public with the news. So why are they, and not the dumbass security folk at AT&T responsible for not securing that data in the first place, the ones under investigation by the FBI?" at the time, and now it seems an arrest has been made.

However, it looks like I might have been right about Goatse doing nothing wrong legally, despite what others argue, as that arrest had absolutely nothing to do with the iPad data leak at all. In fact it appears to have been on drugs charges. According to reports Andrew Auernheimer, aka 'Weev' and 'Escher' from the Goatse group, was arrested on four felony and one misdemeanor charges "involving possession of a controlled substance" on Tuesday. The Register claims that police "allegedly discovered cocaine, ecstasy and LSD during a search of his home".

There's no denying that, if the charges stick, Mr Auernheimer has broken the law by possessing these controlled substances. However, it does seem a little arse about face that the drugs discovery was only made after the FBI got involved and his house was searched in connection with disclosing a potentially serious security lapse in the first place. More so when there is a great deal of speculation that the investigation was instigated at the request of AT&T, the very people responsible for the cack security measures which allowed that iPad data vulnerability to exist in the first place.

As one reporter puts it "AT&T’s security malfeasance exposed the private user details of over a hundred thousand customers, and are now busy hunting down and vilifying the benign group of security activists who alerted them to the problem before less well-meaning hacker groups could exploit the data".

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.