Hacker jailed for 41 months over AT&T network attack


Andrew Auernheimer sentenced to more than three years in prison for network hack and stealing contact details of tens of thousands iPad users

A hacker who broke into AT&T’s network and stole contact details for 120,000 Apple iPad owners has been jailed for 41 months.

Andrew Auernheimer (Weev) stole the email addresses by exploiting a bug in the way the AT&T network had been set up and then passed the addresses to a journalist, claiming the hack was done to highlight lapse security. However, official said he knew he was breaking the law with the attack.

US attorney Paul Fishman said in a statement that Aurenheimer “concocted” the story on;y after he got into trouble for the hack in 2010. He added: “The jury didn’t buy it, and neither did the court in imposing sentence upon him today.”

Aurenheimer worked with co-defendant Daniel Spitler to explore a flaw in the network’s settings. They discovered the servers responded with email addresses for iPad owners when passed identifying numbers from SIM cards in the tablets. Spitler, who pleased guilty in June 2011, is currently awaiting sentence.

He wrote software to crank through a number of different ID numbers to hand the pair more than 120,000 email addresses. These addresses were passed to journalists to publicise what the pair had found. AT&T has since fixed the problem.

However, Aurenheimer’s sentence has been criticised by lawyers for the Electronic Frontier Foundation (EFF), which campaigns on digital rights, and offered its help in appealing against the sentence.

“Weev is facing more than three years in prison because he pointed out that the company failed to protect its users’ data, even though his actions didn’t harm anyone.

“The punishments for computer crimes are seriously off-kilter, and congress needs to fix them. The EFF would help Mr Auernheimer prepare an appeal against the sentence.”