Andrew Auernheimer, or better known as his internet pseudonym “weev”, has been sentence to 41 months in federal prison for obtaining the personal data of over 100,000 AT&T iPad owners on AT&T’s website. Auernheimer exploited a security flaw in AT&T’s iPad registration system that allowed him to download contact information of these iPad owners. The court case goes back a couple years ago.
Auernheimer was found guilty back in November in a federal court in New Jersey. He was found guilty on one count of identity fraud and one count of conspiracy to access a computer without authorization. Auernheimer and a colleague worked together to exploit the security flaw, both of whom will be punished and will be ordered to pay AT&T a collective $73,000 for damages.
The case has been a controversial one, and this is just one out of many highly-criticized cases of security researchers who have been charged with computer crimes thanks to the Computer Fraud and Abuse Act. Meanwhile, activists are calling for reform of the law to distinct between criminal hacking and simple unauthorized access, which would protect security researchers whose activities are not meant to be criminal.
Obviously, Auernheimer will appeal the court’s decision, but apparently he doesn’t regret his actions regarding the AT&T security flaw, and says (in a Reddit AmA) that he was just “being nice enough to give AT&T a chance to patch” the vulnerability before the data set got leaked, but that he “won’t be as nice next time.”
[via Ars Technica]