Weev Sentenced to 41 Months for Exposing iPad Owners' Email Addresses
Andrew 'weev' Auernheimer, a security researcher, was sentenced to 41 months in jail today for exposing iPad owners' email addresses via a publicly accessible flaw in AT&T's servers.
These hackers discovered a security hole in the AT&T website which allowed users to retrieve email addresses by inputting SIM card identifiers known as an ICC-ID. The breach exposed a number of high profile political and business figures, but no actual damage occurred beyond the simple exposure of the email addresses. In total, approximately 114,000 email addresses were obtained.
In November, Auernheimer was found guilty of identity fraud and conspiracy to access a computer without authorization. After his 41 months in prison he will be subject to three years of supervised release. He and his co-defendant Daniel Spitler have been ordered to pay $73,000 to AT&T in damages.
The Verge notes that there was a struggle for his tablet just as he was sentenced.
Before his sentencing, Auernheimer held a press conference on the courthouse steps, where he read John Keats' The Fall of Hyperion and told the assembled crowd, "I'm going to jail for doing arithmetic." Just prior to the judge's reading of the sentence, Auernheimer was cuffed by agents in a struggle over his tablet. Under the terms of his pre-sentence parole, Auernheimer was unable to use a computer with a keyboard. Asked for the device, Auernheimer tried to hand it to attorney Tor Ekeland, and was returned to the courtroom five minutes later in shackles.
Auernheimer says he regrets being nice to AT&T and giving them time to patch the flaw, but he "won't nearly be as nice next time."
There has been much controversy over the case because no security mechanisms were bypassed to access the information. It was accessible via a public api.