Feeds

Weev gets 41 months in prison for exposing iPad strokers' privates

'Internet will topple governments,' defendant proclaims

The essential guide to IT transformation

Andrew Auernheimer, a member of the grey-hat hacking collective Goatse Security, has been sent down for three years and five months in the slammer after he helped leak users' private email addresses via a flaw in AT&T's servers.

Auernheimer, known online as Weev, received his sentence wearing shackles after he tried to bring a mobile phone into the courtroom. After completing his term he will have to pay over $72,000 in restitution to AT&T and undergo three years of supervised release.

"I didn't come here today to ask for forgiveness," Auernheimer told US District Judge Susan Wigenton, Bloomberg reports. "The Internet is bigger than any law can contain. Many, many governments that have attempted to restrict the freedoms of the Internet have ended up toppled."

In 2010, Auernheimer found a flaw in a public-facing AT&T server that could be used, via the iPad's integrated circuit card identifier (ICC-ID), to uncover the names and email addresses of 114,067 early adopters of Apple's 3G-equipped fondleslab. His colleague Daniel Spitler wrote a PHP script called "iPad 3G Account Slurper" to harvest the data, and then handed it over to online magazine Gawker.

The data caused huge embarrassment to AT&T and Apple, since it included the personal emails of then-White House Chief of Staff Rahm Emanuel, New York Mayor Michael Bloomberg, film mogul Harvey Weinstein, and several high-ranking US Army officials. AT&T fixed the flaw, and there's no evidence Auernheimer did anything more than highlight the sloppy coding.

His defense lawyers argued that he was accessing information on a public web server and that if this was a crime then most internet users are guilty too. This cut little ice with the presiding judge.

"While you consider yourself to be a hero of sorts, without question the evidence that came out at trial reflected criminal conduct," Judge Wigenton said in imposing the sentence. "You've shown absolutely no remorse. You've taken no responsibility for these criminal acts whatsoever. You've shown no contrition whatsoever."

Auernheimer's colleague Spitler now looks likely to face a similar sentence after pleading guilty, andsome in the security field are warning that the verdict will have a deadening effect of flaw exposure. Former National Security Agency (NSA) programmer and now Apple-cracker and security consultant Charlie Miller said the decision was highly troublesome.

In this hack's opinion, Auernheimer's sentence is far too severe. You could argue that he should have submitted the flaw to AT&T, waited for the problem to be fixed, and then reaped the publicity. He could also have profited from selling the flaw on the grey or black markets, but chose not to go for the money, but to get embarrassment value instead.

"My regret is being nice enough to give AT&T a chance to patch before dropping the dataset to Gawker. I won't nearly be as nice next time," he said in a Reddit forum.

With no evidence of harm done, sending someone down for over three years, near-bankrupting them with fines, and setting such a long probation victim looks less like justice and more like judicial spite. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?