Andrew Auernheimer Sentenced Following Role in AT&T iPad Security Exploitation

By Steve Anderson March 19, 2013

Just yesterday, a security researcher by the name of Andrew "weev" Auernheimer got some terrible news; he'd been sentenced to 41 months in prison, to be followed by three years of supervised release and a bill for $73,000 in restitution to AT&T, which he was to pay along with his co-defendant, Daniel Spitler. His crime? One count of identity fraud and one count of conspiracy to access a computer without authorization.

Back in 2010, Auernheimer reportedly had a part in an operation known as Goatse Security, which gathered and disclosed the e-mails of 114,000 AT&T iPad users. Reportedly, he and his co-defendant Spitler were able to take advantage of a hole in the security surrounding AT&T's iPad user database, from which they were able to gain access to e-mail addresses through the use of an ICC-IDD number, which is the number that authenticates a user's SIM card with AT&T. From there, Auernheimer and Spitler were said to have created a script that randomly queried AT&Ts website with ICC-IDD numbers, discovering which were valid and which weren't by sheer brute force. With numbers in hand, Auernheimer and Spitler could then access users' e-mail, though neither could quite agree on just what to do with the acquired information.

He was found guilty, along with Spitler, back in a trial in November that could have left Auernheimer facing five years in prison on each charge and a fine of $500,000. In a pre-sentencing report, prosecutors recommended a sentence of four years in federal prison, which was nearly the case for Auernheimer at 41 months.

Auernheimer held a press conference on the courthouse steps, reading from John Keats' "The Fall of Hyperion" and telling the crowd that he was "going to jail for doing arithmetic." Auernheimer has asserted, previously, that his prosecution on this matter was, according to reports, politically motivated, and Auernheimer has expressed an interest--most notably at an Ask Me Anything (AmA) session on Reddit--in running for Congress following his sentence. This would allow him to "drop hacks on the floor of Congress and be completely immune for doing so" thanks to a principle known as "congressional immunity," as he describes it.

Federal prosecutors subsequently cited the AmA session in question fully three times in their justification for sentencing report, getting further backup from Encyclopedia Dramatica, a publicly-edited Wikipedia-style website featuring large amounts of profanities.

The whole affair has left some distinct issues behind in its wake. Some wonder just how Auernheimer could be sentenced, as he didn't actually access a private server illegally, nor was he able to gain user passwords, both confirmed during testimony. Perhaps worse was, in the words of journalist Tim Pool, watching how "prosecutors admitted they didn't understand computers," yet could prosecute anyway. Pool also referred to the procedure as "a witch trial."

Indeed, there are a few unanswered questions following this affair--Auernheimer has, not surprisingly, promised to appeal, and even his attorney, Tor Ekeland, noted that the courts are currently divided on just what "unauthorized access" under the CFAA laws actually means--and these questions do not bode well for society as a whole. If we can't agree just what constitutes "unauthorized access," that poses a significant set of problems for the rule of law, and is the kind of thing we all need to get on the same page on in rapid fashion.

Edited by Brooke Neuman

Contributing TechZone360 Writer

Related Articles

Consumer Privacy in the Digital Era: Three Trends to Watch

By: Special Guest    1/18/2018

Digital advertising has exploded in recent years, with the latest eMarketer data forecasting $83 billion in revenue this year and continued growth on …

Read More

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More

Making Connections - The Value of Data Correlation

By: Special Guest    1/5/2018

The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…

Read More