Just yesterday, a security researcher by the name of Andrew "weev" Auernheimer got some terrible news; he'd been sentenced to 41 months in prison, to be followed by three years of supervised release and a bill for $73,000 in restitution to AT&T, which he was to pay along with his co-defendant, Daniel Spitler. His crime? One count of identity fraud and one count of conspiracy to access a computer without authorization.
Back in 2010, Auernheimer reportedly had a part in an operation known as Goatse Security, which gathered and disclosed the e-mails of 114,000 AT&T iPad users. Reportedly, he and his co-defendant Spitler were able to take advantage of a hole in the security surrounding AT&T's iPad user database, from which they were able to gain access to e-mail addresses through the use of an ICC-IDD number, which is the number that authenticates a user's SIM card with AT&T. From there, Auernheimer and Spitler were said to have created a script that randomly queried AT&Ts website with ICC-IDD numbers, discovering which were valid and which weren't by sheer brute force. With numbers in hand, Auernheimer and Spitler could then access users' e-mail, though neither could quite agree on just what to do with the acquired information.
He was found guilty, along with Spitler, back in a trial in November that could have left Auernheimer facing five years in prison on each charge and a fine of $500,000. In a pre-sentencing report, prosecutors recommended a sentence of four years in federal prison, which was nearly the case for Auernheimer at 41 months.
Auernheimer held a press conference on the courthouse steps, reading from John Keats' "The Fall of Hyperion" and telling the crowd that he was "going to jail for doing arithmetic." Auernheimer has asserted, previously, that his prosecution on this matter was, according to reports, politically motivated, and Auernheimer has expressed an interest--most notably at an Ask Me Anything (AmA) session on Reddit--in running for Congress following his sentence. This would allow him to "drop hacks on the floor of Congress and be completely immune for doing so" thanks to a principle known as "congressional immunity," as he describes it.
Federal prosecutors subsequently cited the AmA session in question fully three times in their justification for sentencing report, getting further backup from Encyclopedia Dramatica, a publicly-edited Wikipedia-style website featuring large amounts of profanities.
The whole affair has left some distinct issues behind in its wake. Some wonder just how Auernheimer could be sentenced, as he didn't actually access a private server illegally, nor was he able to gain user passwords, both confirmed during testimony. Perhaps worse was, in the words of journalist Tim Pool, watching how "prosecutors admitted they didn't understand computers," yet could prosecute anyway. Pool also referred to the procedure as "a witch trial."
Indeed, there are a few unanswered questions following this affair--Auernheimer has, not surprisingly, promised to appeal, and even his attorney, Tor Ekeland, noted that the courts are currently divided on just what "unauthorized access" under the CFAA laws actually means--and these questions do not bode well for society as a whole. If we can't agree just what constitutes "unauthorized access," that poses a significant set of problems for the rule of law, and is the kind of thing we all need to get on the same page on in rapid fashion.
Contributing TechZone360 Writer
To hear the current FCC talk about it, 5G mobile service is the be-all and end-all of not only mobile communications, but the answer to most of the co…
mCart by Mavatar announces the launch of the world's first blockchain-based decentralized mCart marketplace by the FX Group.
Federal judge Richard Leon gave the $85 billion deal the green light today - and without any requirements to sell off any parts of the company. He als…
There are now thousands of blockchains, and unless you are a cryptophile, you won't recognize most of them.
Ribbon Communications tells its story at Perspectives18.