A United States attorney has confirmed that two men have been arrested in relation to the Apple iPad hack from last summer.

United States attorney Paul J. Fishman announced that Andrew Auernheimer, 25, of Fayetteville, Arkansas and Daniel Spitler, 26, of San Francisco, California were taken into custody by FBI special agents on a charge of alleged conspiracy to hack AT&T's servers and for possession of personal subscriber information obtained from the servers.

Each was charged with one count of conspiracy to access a computer without authorisation and one count of fraud in connection with personal information. Each count with which the defendants are charged carries a maximum potential penalty of five years in prison and a fine of $250,000.

The incident occurred when members of an internet website named 'Goatse Security' obtained data via a script on AT&T's website that was accessible to anyone on the internet. Users of the iPad in the US use AT&T for internet connectivity. During the registration process for subscribing to the network, a user is required to provide an email address, billing address and password.

After discovering that an iPad user's email address links to the Integrated Circuit Card Identifier (“ICC-ID”), a number unique to the user's iPad, it is alleged that hackers wrote a script termed the 'iPad 3G Account Slurper' and deployed it against AT&T's servers.

This attacked AT&T's servers for several days in early June 2010 and was designed to harvest as many ICC-ID/email address pairings as possible. Using a brute force attack against the servers that randomly guessed the ranges of ICC-IDs, a correct guess was rewarded with an ICC-ID/email pairing for a specific, identifiable iPad 3G user. Using this, approximately 120,000 ICC-ID/email address pairings for iPad 3G customers were collected.

Fishman said that during the data breach, Spitler and Auernheimer communicated with one another using Internet Relay Chat, which not only demonstrates that Spitler and Auernheimer were responsible for the data breach, but also that they conducted the breach to simultaneously damage AT&T and promote themselves and Goatse Security.

Fishman said: “Hacking is not a competitive sport, and security breaches are not a game. Companies that are hacked can suffer significant losses, and their customers made vulnerable to other crimes, privacy violations and unwanted contact. Computer intrusions and the spread of malicious code are a threat to national security, corporate security and personal security.”

Michael B. Ward, special agent in charge of the FBI's Newark field office, said: “Unauthorised intrusions into personal privacy adversely affect individual citizens, businesses and even national security. Such intrusion cases, regardless if the motive is criminal gain or prestige among peers in the cyber-hacking world, must and will be aggressively pursued to ensure these rights are protected to the highest degree.”