Andrew Auernheimer Sentenced Following Role in AT&T iPad Security Exploitation

By Steve Anderson March 19, 2013

Just yesterday, a security researcher by the name of Andrew "weev" Auernheimer got some terrible news; he'd been sentenced to 41 months in prison, to be followed by three years of supervised release and a bill for $73,000 in restitution to AT&T, which he was to pay along with his co-defendant, Daniel Spitler. His crime? One count of identity fraud and one count of conspiracy to access a computer without authorization.

Back in 2010, Auernheimer reportedly had a part in an operation known as Goatse Security, which gathered and disclosed the e-mails of 114,000 AT&T iPad users. Reportedly, he and his co-defendant Spitler were able to take advantage of a hole in the security surrounding AT&T's iPad user database, from which they were able to gain access to e-mail addresses through the use of an ICC-IDD number, which is the number that authenticates a user's SIM card with AT&T. From there, Auernheimer and Spitler were said to have created a script that randomly queried AT&Ts website with ICC-IDD numbers, discovering which were valid and which weren't by sheer brute force. With numbers in hand, Auernheimer and Spitler could then access users' e-mail, though neither could quite agree on just what to do with the acquired information.

He was found guilty, along with Spitler, back in a trial in November that could have left Auernheimer facing five years in prison on each charge and a fine of $500,000. In a pre-sentencing report, prosecutors recommended a sentence of four years in federal prison, which was nearly the case for Auernheimer at 41 months.

Auernheimer held a press conference on the courthouse steps, reading from John Keats' "The Fall of Hyperion" and telling the crowd that he was "going to jail for doing arithmetic." Auernheimer has asserted, previously, that his prosecution on this matter was, according to reports, politically motivated, and Auernheimer has expressed an interest--most notably at an Ask Me Anything (AmA) session on Reddit--in running for Congress following his sentence. This would allow him to "drop hacks on the floor of Congress and be completely immune for doing so" thanks to a principle known as "congressional immunity," as he describes it.

Federal prosecutors subsequently cited the AmA session in question fully three times in their justification for sentencing report, getting further backup from Encyclopedia Dramatica, a publicly-edited Wikipedia-style website featuring large amounts of profanities.

The whole affair has left some distinct issues behind in its wake. Some wonder just how Auernheimer could be sentenced, as he didn't actually access a private server illegally, nor was he able to gain user passwords, both confirmed during testimony. Perhaps worse was, in the words of journalist Tim Pool, watching how "prosecutors admitted they didn't understand computers," yet could prosecute anyway. Pool also referred to the procedure as "a witch trial."

Indeed, there are a few unanswered questions following this affair--Auernheimer has, not surprisingly, promised to appeal, and even his attorney, Tor Ekeland, noted that the courts are currently divided on just what "unauthorized access" under the CFAA laws actually means--and these questions do not bode well for society as a whole. If we can't agree just what constitutes "unauthorized access," that poses a significant set of problems for the rule of law, and is the kind of thing we all need to get on the same page on in rapid fashion.




Edited by Brooke Neuman

Contributing TechZone360 Writer

SHARE THIS ARTICLE
Related Articles

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More

Putting the Flow into Workflow, Paessler and Briefery Help Businesses Operate Better

By: Cynthia S. Artin    9/14/2018

The digital transformation of business is generating a lot of value, through more automation, more intelligence, and ultimately more efficiency.

Read More

From Mainframe to Open Frameworks, Linux Foundation Fuels Up with Rocket Software

By: Special Guest    9/6/2018

Last week, at the Open Source Summit, hosted by The Linux Foundation, the Open Mainframe Project gave birth to Zowe, introduced a new open source soft…

Read More

Unified Office Takes a Trip to the Dentist Office

By: Cynthia S. Artin    9/6/2018

Not many of us love going to see the dentist, and one company working across unified voice, productivity and even IoT systems is out to make the exper…

Read More

AIOps Outfit Moogsoft Launches Observe

By: Paula Bernier    8/30/2018

Moogsoft Observe advances the capabilities of AIOps to help IT teams better manage their services and applications in the face of a massive proliferat…

Read More