Andrew Auernheimer (aka weev) guilty of identity fraud and conspiracy to access a computer

Auernheimer did not break into the AT&T servers – hence the charge of ‘conspiracy to access a computer without authorization’. Instead, he and his partner in crime (Daniel Spitler, who pleaded guilty to the same charges in June 2011 and is now awaiting sentencing) used the existing AT&T set-up to obtain iPad ICC-ID (the unique SIM identifier on the iPad) numbers, and their owners’ email addresses.

Auernheimer and Spitler, members of Goatse Security, discovered that if a recognized ICC-ID was presented to AT&T, the system would return the user’s email address. Spitler produced a script, which he called the ‘iPad 3G Account Slurper,’ to generate ICC-ID codes and ‘slurp’ up the associated emails. “I wrote a script to generate valid iccids and it loads the site and pulls an email,” he said at the time in an IRC conversation quoted by Wired. Later he asked Auernheimer, “where can we drop this for max lols?” Auernheimer replied, “Dunno... i have all the gawker media people on my facecrook friends after goin to a gawker party.”

That is exactly what happened – the ICC-ID and associated e-mail address for 114,067 iPad users were passed to Gawker, who published them in redacted form together with a news article. Auernheimer says he then informed AT&T of the breach, while AT&T denies this. Early in 2011 Auernheimer and Spitler were arrested.

What makes this case interesting is that the pair did not break into the servers nor does it appear that they made any attempt to gain financial profit from the details. In fact, in a blog post that defied a gagging order while awaiting trial, Auernheimer claimed, “My actions and those of Goatse were not criminal; they were done using industry standard practices as a public service... Hell, if scraping data from a public webserver becomes criminal, virtually all of the content that appears on Google News or Google Blogsearch is going to send someone to jail.”

He suggests that if the targets, AT&T and Apple, were not such huge establishment corporations, he would not have been prosecuted. If that is true, some of the early adopters of the iPad disclosed in the slurp would not have helped: “New York Mayor Michael Bloomberg, then-White House Chief of Staff Rahm Emanuel, anchorwoman Diane Sawyer of ABC News, New York Times CEO Janet Robinson and Col. William Eldredge, commander of the 28th Operations Group at Ellsworth Air Force Base in South Dakota, as well as dozens of people at NASA, the Justice Department, the Defense Department, the Department of Homeland Security and other government offices,” according to Wired.

Auernheimer intends to appeal. "We disagree with the prosecutors' interpretation of what constitutes unauthorized access to a computer under the Computer Fraud and Abuse Act," Tor Ekeland, a lawyer for Auernheimer told Reuters. He called the prosecutors' interpretation of that federal law "extremely expansive."

What’s Hot on Infosecurity Magazine?