AT&T hacker 'Weev' sentenced to 41 months for iPad leak

Emarrassing 2010 attack still divides opinion

Alleged hacker Andrew 'weev' Auernheimer has been given an unforgiving prison sentence of 41 months for his part in the hugely embarrassing 2010 compromise of 114,000 iPad-using AT&T customers.

Found guilty last November, 26 year-old Auernheimer's prison sentence is likely to become only the latest contentious chapter in complex story that has sharply divided opinion.

As part of the 'Goatse Security' group, Auernheimer has styled himself as a security researcher who did nothing more untoward than reveal a weakness on AT&T's website that was of its own making.

Using a PHP script, he and others were able to uncover the email addresses of AT&T iPad users by submitting a number that corresponded to the user's 3G ICC-ID SIM identifier.

This allowed the collection of up to 120,000 email addresses which the group sent to journalists as proof of the compromise.

To AT&T, intention was everything, branding Auernheimer and his associates as hackers before closing the security 'flaw', which had been enabled to smooth the login process for customers.

"They then put together a list of these emails and distributed it for their own publicity," stated AT&T chief privacy officer, Dorothy Attwood, in June 2010 aftermath of the attack.

In a Reddit post, Auernheimer was clearly aware of the jail time that was coming his way.

"Tomorrow morning is my sentencing. The pre-sentencing report recommends around 4 years of prison time. I have been told by the government to "prepare to be processed" that very morning. I may go to prison tomorrow," he wrote.

Meanwhile, campaign organisation the Electronic Frontier Foundation (EFF), said it planned to aid him in an appeal against the sentence.

"Weev is facing more than three years in prison because he pointed out that a company failed to protect its users' data, even though his actions didn't harm anyone," said EFF senior staff attorney, Marcia Hofmann said.

"The punishments for computer crimes are seriously off-kilter, and Congress needs to fix them," she said.

Not everyone is as enthused by Auernheimer, seeing him as an example of a self-regarding hacking elite out to cause trouble for personal ends; opinions of the man and his mission are clearly divided even among those critical of AT&T's legal pursuit under the Computer Fraud and Abuse Act.

"Andrew Auernheimer knew he was breaking the law when he and his partner hacked into AT&T's servers and stole personal information from unsuspecting iPad users," said US Attorney Paul Fishman.

"When it became clear that he was in trouble, he concocted the fiction that he was trying to make the Internet more secure, and that all he did was walk in through an unlocked door. The jury didn't buy it, and neither did the Court in imposing sentence upon him today."

Co-defendant Daniel Spitler also pleaded guilty to the same charges and awaits sentencing.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal Techat&tsecurity

More about Andrew Corporation (Australia)EFFElectronic Frontier FoundationICC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place