US 'hacktivist' jailed over AT&T network attack
- 19 March 2013
- From the section Technology
A US 'hacktivist' who broke into telecommunication giant AT&T's network and stole contact details for 120,000 iPad owners has been sentenced to 41 months in jail.
Andrew Auernheimer, aka Weev, stole the email addresses by exploiting a bug in the way AT&T set up its network.
Auernheimer passed the addresses to a journalist claiming the hack was done to highlight security failings.
But officials said Auernheimer knew he was breaking the law with the attack.
In a statement, US attorney Paul Fishman said Auernheimer "concocted" the story that the attack was done to make the internet more secure only after he got into trouble for the 2010 hack.
"The jury didn't buy it, and neither did the court in imposing sentence upon him today," said Mr Fishman.
In the hack attack Auernheimer worked with co-defendant Daniel Spitler to explore a bug in AT&T's network settings. They discovered that AT&T servers responded with email addresses for iPad owners when passed identifying numbers from Sim cards in the tablets.
Spitler, who pleaded guilty in June 2011, wrote software to crank through lots of different ID numbers which netted the pair more than 120,000 email addresses. AT&T has closed this loophole.
The list of addresses was passed to several journalists to publicise what the pair had found.
Lawyers for the Electronic Frontier Foundation (EFF), which campaigns on digital rights, said the sentence was unjust.
"Weev is facing more than three years in prison because he pointed out that a company failed to protect its users' data, even though his actions didn't harm anyone," said Marcia Hofmann, an attorney at the EFF.
"The punishments for computer crimes are seriously off-kilter, and congress needs to fix them," she added. The EFF would help Mr Auernheimer prepare an appeal against the sentence, she said.
Spitler is currently awaiting sentencing.