'AT&T hacker' gets 41 months in prison

Mar 18, 2013
A judge Monday ordered a 41-month prison sentence for a self-described "security research" hacker for breaking into the AT&T online network. The case has drawn fire from online rights activists who claim government prosecutors are unfairly targeting "white hat" hackers who reveal online security flaws.

A judge Monday ordered a 41-month prison sentence for a self-described "security research" hacker for breaking into the AT&T online network in a case criticized by digital rights activists.

Andrew Auernheimer, known online as "weev," was accused of breaching the AT&T network and revealing email addresses of more than 120,000 Apple iPad users to the online news site Gawker in 2010.

The sentence was ordered by US District Judge Susan Wigenton in Newark, New Jersey.

The case has drawn fire from online rights activists who claim government prosecutors are unfairly targeting "white hat" hackers who reveal online security flaws.

Lawyers for Internet rights group Electronic Frontier Foundation have joined Auernheimer's defense, saying he is being unduly punished for revealing an AT&T network flaw to the media.

"Weev is facing more than three years in prison because he pointed out that a company failed to protect its users' data, even though his actions didn't harm anyone," said EFF attorney Marcia Hofmann.

"The punishments for computer crimes are seriously off-kilter, and Congress needs to fix them."

But US Attorney Paul Fishman said Auernheimer "knew he was breaking the law" and that "when it became clear that he was in trouble, he concocted the fiction that he was trying to make the Internet more secure... The jury didn't buy it, and neither did the court in imposing sentence upon him today."

Auerheimer's co-defendant Daniel Spitler discovered that AT&T configured its servers so that queries made using ID numbers from SIM cards in iPads got back email address of respective iPad owners.

Spitler wrote a computer program that exploited the security hole to collect approximately 120,000 email addresses, and Auernheimer sent the list to several journalists to spotlight the security problem, according to the EFF.

Spitler and Auernheimer were criminally charged as co-defendants.

Spitler, a San Francisco resident, pleaded guilty in June of 2011 to one count of conspiracy to gain unauthorized access to computers connected to the Internet and one count of identity theft, according to prosecutors. He is awaiting sentencing.

The two men were said to be members of Goatse Security, a loose association of Internet hackers who hunt for security flaws.

Using a script called an "iPad 3G Account Slurper," the Goatse hackers managed to obtain the number used to identify a subscriber on AT&T's network.

AT&T has fixed the flaw.

"Weev's case shows just how problematic the Computer Fraud and Abuse Act is," said EFF attorney Hanni Fakhoury said.

"We look forward to reversing the trial court's decision on appeal."

Explore further: Twitter rules out Turkey office amid tax row

add to favorites email to friend print save as pdf

Related Stories

Jury convicts US man in iPad data breach case

Nov 21, 2012

A federal jury on Tuesday convicted a man of illegally gaining access to AT&T's servers and stealing more than 120,000 email addresses of iPad users including New York Mayor Michael Bloomberg and film mogul Harvey Weinstein.

Suspect in iPad data theft released on bail in NJ

Feb 28, 2011

(AP) -- An Arkansas man accused of stealing more than 100,000 e-mail addresses of Apple iPad users last year was released on bail Monday and will be prohibited from using the Internet except for work - which in his case ...

Suspect in iPad data theft remains jailed in NJ

Feb 23, 2011

(AP) -- One of two men charged with stealing more than 100,000 e-mail addresses of Apple iPad users remained jailed Wednesday after making his first court appearance in New Jersey.

Recommended for you

Twitter rules out Turkey office amid tax row

13 hours ago

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

16 hours ago

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 0

More news stories

Microsoft CEO is driving data-culture mindset

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Floating nuclear plants could ride out tsunamis

When an earthquake and tsunami struck the Fukushima Daiichi nuclear plant complex in 2011, neither the quake nor the inundation caused the ensuing contamination. Rather, it was the aftereffects—specifically, ...

Patent talk: Google sharpens contact lens vision

(Phys.org) —A report from Patent Bolt brings us one step closer to what Google may have in mind in developing smart contact lenses. According to the discussion Google is interested in the concept of contact ...

Quantenna promises 10-gigabit Wi-Fi by next year

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...