Andrew Auernheimer Sentenced Following Role in AT&T iPad Security Exploitation

By Steve Anderson March 19, 2013

Just yesterday, a security researcher by the name of Andrew "weev" Auernheimer got some terrible news; he'd been sentenced to 41 months in prison, to be followed by three years of supervised release and a bill for $73,000 in restitution to AT&T, which he was to pay along with his co-defendant, Daniel Spitler. His crime? One count of identity fraud and one count of conspiracy to access a computer without authorization.

Back in 2010, Auernheimer reportedly had a part in an operation known as Goatse Security, which gathered and disclosed the e-mails of 114,000 AT&T iPad users. Reportedly, he and his co-defendant Spitler were able to take advantage of a hole in the security surrounding AT&T's iPad user database, from which they were able to gain access to e-mail addresses through the use of an ICC-IDD number, which is the number that authenticates a user's SIM card with AT&T. From there, Auernheimer and Spitler were said to have created a script that randomly queried AT&Ts website with ICC-IDD numbers, discovering which were valid and which weren't by sheer brute force. With numbers in hand, Auernheimer and Spitler could then access users' e-mail, though neither could quite agree on just what to do with the acquired information.

He was found guilty, along with Spitler, back in a trial in November that could have left Auernheimer facing five years in prison on each charge and a fine of $500,000. In a pre-sentencing report, prosecutors recommended a sentence of four years in federal prison, which was nearly the case for Auernheimer at 41 months.

Auernheimer held a press conference on the courthouse steps, reading from John Keats' "The Fall of Hyperion" and telling the crowd that he was "going to jail for doing arithmetic." Auernheimer has asserted, previously, that his prosecution on this matter was, according to reports, politically motivated, and Auernheimer has expressed an interest--most notably at an Ask Me Anything (AmA) session on Reddit--in running for Congress following his sentence. This would allow him to "drop hacks on the floor of Congress and be completely immune for doing so" thanks to a principle known as "congressional immunity," as he describes it.

Federal prosecutors subsequently cited the AmA session in question fully three times in their justification for sentencing report, getting further backup from Encyclopedia Dramatica, a publicly-edited Wikipedia-style website featuring large amounts of profanities.

The whole affair has left some distinct issues behind in its wake. Some wonder just how Auernheimer could be sentenced, as he didn't actually access a private server illegally, nor was he able to gain user passwords, both confirmed during testimony. Perhaps worse was, in the words of journalist Tim Pool, watching how "prosecutors admitted they didn't understand computers," yet could prosecute anyway. Pool also referred to the procedure as "a witch trial."

Indeed, there are a few unanswered questions following this affair--Auernheimer has, not surprisingly, promised to appeal, and even his attorney, Tor Ekeland, noted that the courts are currently divided on just what "unauthorized access" under the CFAA laws actually means--and these questions do not bode well for society as a whole. If we can't agree just what constitutes "unauthorized access," that poses a significant set of problems for the rule of law, and is the kind of thing we all need to get on the same page on in rapid fashion.

Edited by Brooke Neuman

Contributing TechZone360 Writer

Related Articles

5 Influential African-Americans In Tech

By: Special Guest    3/19/2018

It's no secret that Silicon Valley has a problem with diversity. Apart from being male-dominated, most of its workforce is white or Asian, with whites…

Read More

FTC's Mobile Security Updates and Recommendations on Mobile Device Security

By: Special Guest    3/19/2018

The lessons learned apply to any wireless-enabled device, including consumer smartphones, corporate-owned devices, Internet of Things (IoT), watches, …

Read More

The World is His Oyster: Connected Solutions Enable Daniel Ward to See Food

By: Paula Bernier    3/16/2018

Fresh seafood can taste great, but if it is not handled properly, people can get sick, and that can lead to business closures and lost revenues. That'…

Read More

How to Get Ready for GDPR if You've Waited Until the Last Minute

By: Special Guest    3/14/2018

With less than two months until the General Data Protection Regulations (GDPR) deadline, many companies have already started making sure that their bu…

Read More

How Fintech is Helping Create Global Businesses

By: Special Guest    3/14/2018

The growth of Fintech probably has not escaped your attention. Whether you're a customer making contactless payments or an investor weighing up CFD tr…

Read More