Andrew “weev” Auernheimer, security researcher and member of Goatse Security, has been handed a 41-month-long prison sentence for harvesting and publishing emails and AT&T authentication IDs of 114,000 early-adopters of Apple’s iPad in 2010.
“The facts are simple. In June of 2010, Andrew Auernheimer’s co-defendant Daniel Spitler discovered that AT&T’s servers were publishing email addresses of iPad subscribers on the servers authentication log in page when queried with a SIM card number that matched an existing AT&T subscriber’s SIM card number. Upon discovering this, Spitler wrote an iterative script that queried AT&T’s publicly accessible iPad servers and copied over 120,000 email addresses. No password or any type of security was ever hacked, nor was any attempt ever made to hack any password or bypass any existing security measures. In essence, what Spitler’s script did could be done by anyone with a web browser who entered in the right combination of numbers into a URL,” it is explained on a Computer Fraud and Abuse Defense Fund website.
“Auernheimer immediately went to the press with this information, and emailed some of the people whose email addresses were obtained. Neither Auernheimer nor Spitler did anything else with the information. At trial there was no evidence of any harm to anyone except for the allegation that AT&T was embarrassed by its failure to protect what it claimed was confidential information.”
Despite all this, late last year Auernheimer has been found guilty on one count of identity fraud and one count of conspiracy to access a computer without authorization. After today’s sentencing he was remanded to custody.
Auernheimer and Spitler were the only two members of the group to get charged for their role in the matter. Spitler pleaded guilty in 2011. Both have been ordered to pay AT&T $73,000 in damages.
When his prison stay ends, Auernheimer will still be required to be under supervision for three years.