41 Months In Prison For Man Who Leaked AT&T iPad Email Addresses

In 2010, querying a public AT&T database yielded over 114,000 email address for iPad owners who were subscribed to the carrier. One of the people who found these emails, Andrew 'weev' Auernheimer, sent them to a news site to publicize AT&T's security flaw. He later ended up in court for his actions. Auernheimer was found guilty, and today he was sentenced to 41 months in prison. 'Following his release from prison, Auernheimer will be subject to three years of supervised release. Auernheimer and co-defendant Daniel Spitler were also ordered to pay $73,000 in restitution to AT&T. (Spitler pled guilty in 2011.) The pre-sentencing report prepared by prosecutors recommended four years in federal prison for Auernheimer.' A journalist watching the sentencing said, 'I felt like I was watching a witch trial as prosecutors admitted they didn't understand computers.'

Re:Good

[coniferous]

Actually, they are both at fault here.
I don't see a huge effort by Andrew to contact AT&T and say "uh, guys, you have a huge problem here".
It's very easy to percieve his actions in a malicious way.
Not that AT&T didn't goof, but this was the wrong way to address it.

Re:Good

[hazah]

What did AT&T get fined?

Re:Good

[BitZtream]

No, he made explicit requests for information using trial and error and reverse engineering to find a location that would divulge sensitive information to him.

It didn't throw shit at him, he went digging for it.

Re:Good

[PRMan]

How about this analogy:

Your doctor tells you your medical records will be posted in the front window of a white house at 123 Main St. You notice that the street is full of white houses. Just out of curiosity, you go to 125 Main St and see someone else's medical records. 121 Main St., the same thing. In fact every house on the block has a different person's medical records. You see a bunch of other people on the street, going to get their medical records from their respective houses. You joke out loud that you could make a lot of money selling everyone's medical records to some guy in the Ukraine. You tell the hospital that this is a lousy way to communicate medical records.

You get 41 months in prison for viewing everyone's medical records (in plain view) and for your "intent" to sell them to some guy in the Ukraine.

Re:Good

[Anonymous Brave Guy]

...sending GET requests to an unprotected, publicly-accessible web server constitute unauthorized access...

Am I reading this right? Someone was convicted of a criminal offence because he did something that search engines like Google do millions of times every day?

Re:Good

[Luckyo]

"Little punishment"? US justice system is draconian when it comes to punishing crime. These guys are going to have a stigma of "sex offender" for their entire lives on them now.

What the hell happened to rehabilitation? You know, getting both the victim and criminals rehabilitated to be able to live good lives without the spectre of rape hanging over them? Now victim gets "vengeance" which solves absolutely nothing for her, and two guys went from low grade passion criminals to having completely destroyed lives coupled with likely recidivism due to problems with US incarceration system. Hooray for more victims. Get the rope, I hear hanging solves all the problems in frontiersman's land.

Same thing could have been used in the crime of that guy. Instead of throwing him into jail, have him fined and have him have face to face meetings with people who he basically fucked by giving all spammers and scammers in the world their email addresses. Let him hear about actual, real and tangible effects of his "gray hacking" or whatever it is that his lawyers tried to dress it up as. And lastly, have him see the impact on the company he was supposed to be working for, perhaps have him do the work to secure all of their servers for a while under threat of prison for pennies. Perhaps then he would have found a much greater insight as to how difficult it is to manage a huge infrastructure company and next time forward his finds up the ladder instead of pretending to be a wannabe hero.

But hey, prisons must make profits.

Death Penalty

[Tenebrousedge]

Indulge me in a little hyperbole: for a friend of mine, hacking AT&T was a death sentence.

Lance Moore [fbcdn.net] was involved with LulzSec, foolishly no doubt. As an AT&T technician of some sort, he acquired and subsequently distributed [theatlanticwire.com] some internal corporate documents. The Justice department is liable to be a more accurate source of the specific complaints. [justice.gov] He was caught. The FBI seized its opportunity to bring the hammer down. I've seen various figures given for the amount of jail time he was facing; somewhere between five and thirty. He was found dead by his own hand on February 24 of last year. His crime has by now likely been forgotten by all that were involved with it.

Sixteen other people were arrested the same day that he was arrested. I don't know their stories. The reader may judge whether justice was served.