Join Our Members List For Exclusive Reports
Before entering the New Jersey courthouse to face his sentencing on March 18, 2013, Andrew Auernheimer, a.k.a. “Weev” gave a short speech to the press and to his friends.
Auernheimer was then sentenced to 41 months in prison and ordered to pay $73,000 in restitution to AT&T, followed by three years’ probation.
Auernheimer’s “crime” was that he revealed a security flaw in AT&T’s iPad user database, allowing him to scrape the data from 114,000 iPad users.
No password or any type of security was ever hacked, nor was any attempt ever made to hack any password or bypass any existing security measures. Moreover, there was no notice posted anywhere on the site suggested that he was there illegally.
Auernheimer immediately went to the press with this information, and emailed some of the people whose email addresses were obtained. Neither Auernheimer nor his co-defendant, Daniel Spitler did anything else with the information. At trial, there was no evidence of any harm to anyone – except for the allegation that AT&T was embarrassed by its failure to protect what it claimed was confidential information.
In a January 2013 article that Auernheimer wrote in the technology news publication, Tech Crunch, he likened his prosecution to that of Aaron Swartz, saying:
“…Aaron dealt with his indictment so badly because he thought he was part of a special class of people that this didn’t happen to. I am from a rundown shack in Arkansas. I spent many years thinking people from families like his got better treatment than me. Now I realize the truth: The beast is so monstrous it will devour us all.”
Auernheimer was convicted on conspiracy to access a computer without authorization (18 U.S.C. §1030(a)(2)(C), part of the Computer Fraud and Abuse Act of 1986) and fraud in connection with personal information (18 U.S.C. §1028(a)(7)).
He will be appealing his conviction, with the help of the Electronic Freedom Foundation and from anyone reading this who wishes to contribute directly to his defense fund, here: //freeweev.info
This is not the first legal conviction against the hacktivist known as “Weev” and after his sentencing yesterday, his lawyer did refer to him as the “prototypical unpopular client,” however, “the prosecution’s interpretation of the law, in Andrew’s case criminalizes normal computer use, that millions of people engage in.”
Do not watch this video if you can’t handle listening to a few f-bombs from the man who is about to serve three and a half years in jail for his alleged offenses.
===
//freeweev.info
You have just violated the Computer Fraud and Abuse Act because we did not authorize you to look at our website.
Absurd? You bet, but courts have held that unauthorized access to a computer occurs whenever the computer owner says so, and the Department of Justice has enforced this point of view. Someone can violate the law even where there is no notice and where no password was hacked. All that is required is that a person, corporate or natural, subsequently says you don’t belong. This is precisely what happened in United States v. Auernheimer, 11-CR-470 (D.N.J.) (SDW), an important Computer Fraud and Abuse Act (CFAA) case about to be appealed to the United States Court of Appeals for the Third Circuit. This is a dangerously broad view of the Computer Fraud and Abuse Act that potentially criminalizes Google searches.
Computer Fraud and Abuse Defense Fund – What Happened (Weev Case)
On November 20, 2012, controversial computer security researcher Andrew Auernheimer was convicted by a jury sitting in the Federal District Court for the District of New Jersey of one count of conspiracy to violate the Computer Fraud and Abuse Act (18 U.S.C. 1030(a)(2)(C)) and one count of identity theft (18 U.S. C. 1028(a)(7). The verdict has startled and alarmed many legitimate computer security researchers and it should be of concern to anyone who uses the Internet on a regular basis.
The facts are simple. In June of 2010, Andrew Auernheimer’s co-defendant Daniel Spitler discovered that AT&T’s servers were publishing email addresses of iPad subscribers on the servers authentication log in page when queried with a SIM card number that matched an existing AT&T subscriber’s SIM card number.
Upon discovering this, Spitler wrote an iterative script that queried AT&T’s publicly accessible iPad servers and copied over 120,000 email addresses. No password or any type of security was ever hacked, nor was any attempt ever made to hack any password or bypass any existing security measures.
In essence, what Spitler’s script did could be done by anyone with a web browser who entered in the right combination of numbers into a URL. Auernheimer immediately went to the press with this information, and emailed some of the people whose email addresses were obtained. Neither Auernheimer nor Spitler did anything else with the information. At trial, there was no evidence of any harm to anyone except for the allegation that AT&T was embarrassed by its failure to protect what it claimed was confidential information. For his actions, Auernheimer was convicted and was facing a maximum of ten years in federal prison and up to $500,000.00 in fines.
Add comment