Hacker involved in AT&T iPad 3G e-mail breach sentenced to 41 months in jail

Posted:
in iPad edited January 2014
The hacker who helped to obtain and disclose more than 100,000 iPad 3G users' e-mails from AT&T in 2010 was sentenced on Monday to 41 months in prison.

Andrew Auernheimer, known by his handle "weev," is also required to share in a $73,000 restitution payment to AT&T, according to The Verge. Following his prison term, Auernheimer will also be subject to three years of supervised release.

Auernheimer
Andrew Auernheimer's booking photo, via the Washington County Detention Center.


Prior to the sentencing on Monday, he held a press conference on the steps of the courthouse where Auernheimer told the media that he was "going to jail for doing arithmetic." He was also cuffed by authorities in a struggle over his tablet.

Before the sentencing, prosecutors cited an "Ask Me Anything" he took part in on the popular user-driven news curation website Reddit. In the question-and-answer session held yesterday, Auernheimer said he would like to return to the state of Arkansas, but he doesn't believe the U.S. government would allow him because of what he described as his "extensive Militia connections."

In another post, he said his only "regret" was being "nice enough" to AT&T to allow them to patch the issue before he alerted the media site Gawker of his actions. He then warned: "I won't nearly be as nice next time."

"Weev" was originally arrested on drug charges in June of 2010. The FBI began searching for him after it was revealed that a security hole on AT&T's website led to iPad 3G users' e-mails being leaked.
«134

Comments

  • Reply 1 of 72
    apple ][apple ][ Posts: 9,233member


    What a jackass.


     


    Have fun in jail.


     


    Maybe he can continue doing "arithmetic" in jail, where he can mark off the days by making scratches on the wall.


     


    Just prior to the judge's reading of the sentence, Auernheimer was cuffed by agents in a struggle over his tablet. Under the terms of his pre-sentence parole, Auernheimer was unable to use a computer with a keyboard. 


     


    I wonder which "tablet" he was using? I would guess an Android tablet.

  • Reply 2 of 72
    philboogiephilboogie Posts: 7,671member
    That's similar to Kevin Mitnick:

    He was sentenced to 46 months in prison plus 22 months for violating the terms of his 1989 supervised release sentence for computer fraud.
  • Reply 3 of 72
    philboogiephilboogie Posts: 7,671member
    apple ][ wrote: »
    I wonder which "tablet" he was using? I would guess an Android tablet.

    Why do you think it was an Android tablet?
  • Reply 4 of 72
    solipsismxsolipsismx Posts: 19,566member
    Prior to the sentencing on Monday, he held a press conference on the steps of the courthouse where Auernheimer told the media that he was "going to jail for doing arithmetic

    I suppose Bernie Madoff could use the same excuse for cooking his accounting documents.
    "I won't nearly be as nice next time."

    :no::no::no::no::no::no::no::no::no:
  • Reply 5 of 72


    In the relativity of crime and punishment, 48 months is a long time, especially when considering:


     


    1.  Bishops who shield and rotate pedophile priests from one parish to the next to rape and sodomize children:  Jail time for even one bishop:    ZERO


     


    2. Wall street bankers who contrived, financed and profited from the economic financial collapse.  Jail time for even one executive:   ZERO


     


    3. President, Vice President, Sec. of Defense, CIA Head, National Security Adviser, all who lied the country in war on false premises and added $6 Billion to the National Debt.  Jail time for even one of these:  ZERO

  • Reply 6 of 72
    apple ][apple ][ Posts: 9,233member

    Quote:

    Originally Posted by PhilBoogie View Post





    Why do you think it was an Android tablet?


    I don't know for sure, but if it was an iPad, then why wouldn't it say that in the text which I quoted?


     


    The usage of the word tablet leads me to believe that there is a greater possibility that it was something like an Android tablet instead. And also, I believe that criminal, hacker types of people, the kind who are losers and likes to tinker with things instead of doing anything actually useful are more attracted to an anything goes platform, such as Android.

  • Reply 7 of 72


    Correction to No.  $6 TRILLION instead of $6 billion.

  • Reply 8 of 72
    solipsismxsolipsismx Posts: 19,566member
    zwyziec wrote: »
    In the relativity of crime and punishment, 48 months is a long time, especially when considering:

    1.  Bishops who shield and rotate pedophile priests from one parish to the next to rape and sodomize children:  Jail time for even one bishop:    ZERO

    2. Wall street bankers who contrived, financed and profited from the economic financial collapse.  Jail time for even one executive:   ZERO

    3. President, Vice President, Sec. of Defense, CIA Head, National Security Adviser, all who lied the country in war on false premises and added $6 Billion to the National Debt.  Jail time for even one of these:  ZERO

    I agree that those crimes should be punished but I think Kevin's punishment seems just for his crimes.

    zwyziec wrote: »
    Correction to No.  $6 TRILLION instead of $6 billion.

    There is an edit button.
  • Reply 9 of 72
    popnfreshpopnfresh Posts: 139member
    This is a serious injustice. He queried a publicly accessible database at AT&T and it freely gave him the email addresses. Anyone could have done it. He's paying the penalty for AT&T's own lack of security.
  • Reply 10 of 72
    joelsaltjoelsalt Posts: 827member

    Quote:

    Originally Posted by popnfresh View Post



    This is a serious injustice. He queried a publicly accessible database at AT&T and it freely gave him the email addresses. Anyone could have done it. He's paying the penalty for AT&T's own lack of security.


    That's like saying you are allowed to take money out of a companies cash register because it popped open once you paid for something, or steal a car because you found the keys on the street.

  • Reply 11 of 72
    apple ][apple ][ Posts: 9,233member

    Quote:

    Originally Posted by popnfresh View Post



    This is a serious injustice. He queried a publicly accessible database at AT&T and it freely gave him the email addresses. Anyone could have done it. He's paying the penalty for AT&T's own lack of security.


    Auernheimer and 27-year-old Daniel Spitler (who accepted a plea bargain last year) wrote a script that randomly pinged AT&T's website with ICC-IDs


     


    So if you drop your ATM card on the street, and I pick it up and figure out your pin code, it's ok for me to access your account?


     


    This dipshit intentionally went and stole the info of 114,000 iOS users. Yes, AT&T was lax in their security, but that is no excuse for thievery.


  • Reply 12 of 72
    solipsismxsolipsismx Posts: 19,566member
    popnfresh wrote: »
    This is a serious injustice. He queried a publicly accessible database at AT&T and it freely gave him the email addresses. Anyone could have done it. He's paying the penalty for AT&T's own lack of security.

    Interesting argument. What do you mean by "publicly accessible"? My bank offers a "publicly accessible" user access online but you have to have the proper credentials to access that info. If someone breaks into my account and posts my personal, private info can they really use the excuse that it was accessible by the public?
  • Reply 13 of 72


    I once read the internet speed is slowed down by ~30% because there is so much anti-virus, anti-spyware, etc., needed to protect us from goofballs like this.


     


    See you in 4 years....dude....

  • Reply 14 of 72
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by Apple ][ View Post



    Auernheimer and 27-year-old Daniel Spitler (who accepted a plea bargain last year) wrote a script that randomly pinged AT&T's website with ICC-IDs


     


    So if you drop your ATM card on the street, and I pick it up and figure out your pin code, it's ok for me to access your account?


     


    This dipshit intentionally went and stole the info of 114,000 iOS users. Yes, AT&T was lax in their security, but that is no excuse for thievery.



    If he only accessed the database without actually publishing the contents then there would be no jail time, maybe even a small reward for helping AT&T plug the hole. He wanted to prove how smart he was to the world and that is what got him in trouble.

  • Reply 15 of 72
    This guy did what you are doing right now on this forum. For example, if you request http://forums.appleinsider.com/t/156530/ you are brought to this forum. All he did was change the number so instead he requested http://forums.appleinsider.com/t/156531/ and was returned someone else's email address. The problem is AT&T did not have any authorization protection. You did not need any username or password combination to access this. It was open to the entire internet to request at any time. 41 months in jail for requesting a link with a changed number makes no sense not did he actually hack anything. AT&T just failed to protect this list by placing some authorization check before returning the data.
  • Reply 16 of 72
    dasanman69dasanman69 Posts: 13,001member
    He might end up wearing a 'weev' along with some lipstick.
  • Reply 17 of 72
    auxioauxio Posts: 2,333member

    Quote:

    Originally Posted by mstone View Post


    If he only accessed the database without actually publishing the contents then there would be no jail time, maybe even a small reward for helping AT&T plug the hole. He wanted to prove how smart he was to the world and that is what got him in trouble.



     


    Finally, someone with a rational reply to the situation.  It's amazing the knee-jerk responses I've seen in regard to this case, largely due to the fact that this guy seems to really wind people up with the things he says, and most people don't understand what he actually did.


     


    The fundamental question is: does posting people's email information on the Internet warrant a sentence longer than most rapists get?  Given the effects of both actions on peoples lives when it comes down to it (a lifetime of mental anguish vs possibly more spam in people's email accounts).


     


    No question the guy deserves to be punished.  But 41 months seems relatively excessive IMO.

  • Reply 18 of 72
    He basically found the security hole and told AT&T what he did. I think naively he thought AT&T woud thank him and he will become a hero of some sorts, or becoming a security "expert" by handing over the e-mail list to Gawker.

    I wonder if he did not hand the e-mail list to anybody, or just demonstrates the security holes, would he still be put in jail for "unauthorized access"?

    I mean if he didn't tell AT&T or Gawker, he might sell the e-mail list to the highest bidder and nobody would even know.
  • Reply 19 of 72
    apple ][apple ][ Posts: 9,233member

    Quote:

    Originally Posted by auxio View Post


    The fundamental question is: does posting people's email information on the Internet warrant a sentence longer than most rapists get?  Given the effects of both actions on peoples lives when it comes down to it (a lifetime of mental anguish vs possibly more spam in people's email accounts).



     


    A rape is just one person getting violated. This guy electronically violated the info of 114,000 people. 


     


    And just because some rapists might get off light, that doesn't mean that this guy's sentence was too harsh. I support the death penalty for rape, and I don't believe that this guy's sentence was too harsh.

  • Reply 20 of 72
    tallest skiltallest skil Posts: 43,399member


    Originally Posted by Apple ][ View Post

    A rape is just one person getting violated. This guy electronically violated the info of 114,000 people. 


     


    The two aren't comparable in the slightest. Not your way, not his. 

Sign In or Register to comment.