Apple & AT&T able to identify alleged Twitter attacker despite use of prepaid SIM bought with cash

Apple and AT&T have been able to identify the man believed responsible for sending seizure-inducing tweets to Newsweek journalist Kurt Eichenwald. Tracing the perpetrator initially looked impossible, reports The Verge.

In theory, it was the perfect setup: an anonymous Twitter account on a prepaid SIM card, bought with cash. With no credit card or other identifiable info tied to the account, there should have been no way to trace tweets back to a human …

Twitter responded to a court order by revealing the limited information it had on the account, but this amounted only to a fake email address, mobile IP address and phone numbers linked to a prepaid account. The next stop in the trail was AT&T, which had no subscriber information, but was able to supply what at first seemed a rather small clue.

The carrier was able to tell investigators that the prepaid SIM had been used in an iPhone 6. They had no identifying information on the phone itself – but that was enough to serve Apple with a court order asking whether the phone number had ever been tied to an Apple ID. Apple confirmed that it had, and provided police with the details for that account.

The number was linked to a five-year-old iCloud account owned by John Rivello of Salisbury, Maryland. A search of iMessages and photos in the account provided further evidence of Rivello’s interest in Eichenwald.

That iCloud account is particularly damning given how tightly Apple ties specific phone numbers to accounts. Users can’t manually alter the number on an account, so the only way to associate a number is to physically insert a SIM card into a device.

It’s a fascinating tale of hi-tech detective work using incredibly limited information.


You can follow on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Apple and the Web.