TECH

Andrew 'Weev' Auernheimer Sentenced To Over 3 Years In Prison For Hacking AT&T Servers

03/18/2013 12:12 pm ET | Updated Mar 18, 2013

Convicted hacker Andrew "Weev" Auernheimer was sentenced Monday to 41 months in prison for collecting thousands of email addresses from AT&T's servers and disclosing them to a reporter.

Auernheimer was also ordered to serve an additional three years of probation and pay more than $73,000 in restitution to AT&T, according to Rebecca Carmichael, a spokeswoman for the U.S. Attorney's office in Newark.

Auernheimer, 27, known online by the nickname "Weev," found a security flaw in an AT&T server three years ago that allowed his security group, Goatse Security, to collect 114,000 email addresses belonging to iPad 3G users. Auernheimer turned over that information to the gossip site Gawker, which posted some partially redacted addresses, prompting an FBI investigation.

During a trial last year, federal prosecutors painted Auernheimer as a publicity-hungry hacker who violated the privacy of thousands of iPad owners by disclosing their email addresses to a journalist.

A jury found him guilty of identity theft and conspiracy to gain unauthorized access to computers. He had faced up to 10 years in prison.

In a pre-sentencing memo, Auernheimer's attorneys argued he should only receive six months probation because AT&T's security was so lax that it required no "special skill" to collect customers' email addresses. They also included comments from one AT&T investigator who said Auernheimer "circumvented no security."

Auernheimer's sentence comes as the government has taken a hard line on hackers. Last week, federal prosecutors charged Reuters social media editor Matthew Keys with helping the hacker group Anonymous attack the website of his former employer. If convicted, Keys faces up to 25 years in prison.

In January, Internet activist Aaron Swartz committed suicide while facing trial for allegedly stealing millions of scholarly journal articles from the digital archive JSTOR using MIT's network. Swartz faced a potential sentence of more than 30 years in prison.

Auernheimer, Keys and Swartz were charged under the Computer Fraud and Abuse Act. Many have criticized the law for being overly broad and imposing harsh sentences on what some consider relatively minor computer-related crimes.

A website created to raise money for Auernheimer's legal defense described him as "the world's most notorious Internet troll" who "never takes anything seriously and generally treats life as a piece of performance art."

In a December interview with The Huffington Post, Auernheimer said he wasn't afraid of prison and planned to keep a blog during his incarceration.

He added that his conviction brought more attention to his message -- that corporations are evil and deserve criticism -- than any prank he could have pulled online.

"They’ve done my message a huge favor," he said. "What I'm trying to say has been greatly been helped by the fact that the federal government is shoving me in a prison cell."

Update (5:45):After the hearing, Auernheimer was taken into custody at his own request, according to his attorney, Tor Ekeland.

"He figured if he was going to be sentenced he might as well start it right away," Ekeland told The Huffington Post.

Ekeland said he plans to file an appeal Tuesday with the Third Circuit Court of Appeals. The Electronic Frontier Foundation said Monday it would join Auernheimer's legal team to litigate his appeal, "arguing that fundamental
problems with computer crime law result in unfair prison sentences like the one in this case."

Earlier on HuffPost:

9 Gadgets To Help You Avoid Surveillance


Suggest a correction
659 Comments

CONVERSATIONS