A hacker known as Weev was sentenced to 41 months in jail for revealing the personal details of 114,000 iPad users.

Andrew Weev Auernheimer
(Andrew 'Weev' Auernheimer was convicted of stealing 114,000 email addresses associated with iPad user on At&T's network. (Credit: Wikimedia Commons)

Last November 27-year-old Auernheimer was convicted of identify fraud and conspiracy to access a computer with authorisation after accessing a server belonging to US mobile phone network AT&T, and collect the email addresses of 114,000 customers.

Among the list of email address leaked were those belonging to film mogul Harvey Weinstein, New York mayor Michael Bloomberg, White House Chief of Staff Rahm Emanuel and TV presenter Diane Sawyer.

Auernheimer was able to access the information because AT&T had left the addresses unencrypted on the internet and available for anyone with a web browser to access them.

Each charge carried with it a potential prison terms of five years. At the sentencing in New Jersey on Monday, the Judge sentenced Aurenheimer to 41 months in jail followed by three years of supervised release.

In court federal prosecutors listed among the reasons for a harsher sentence a Reddit AMA (ask me anything) which Aurenheimer took part in on Sunday night, ahead of sentencing. In it, Aurenheimer said:

"My regret is being nice enough to give AT&T a chance to patch before dropping the dataset to Gawker. I won't nearly be as nice next time."


Auernheimer is a self-described troll and "grey-hat hacker" and having obtained the information, he decided to share the information with the Gawker website rather than the authorities. Auernheimer explaining his reasoning behind this decision in a recent article for TechCrunch:

"I did this because I despised people I think are unjustly wealthy and wanted to embarass them. I thought this is the United States of America where we have the right to do basic arithmetic and query public webservers."

In the same article Auernheimer went on to compare his situation to that facing Reddit co-founder Aaron Swartz before his suicide earlier this year.

"Ivy league educated and wealthy, Aaron dealt with his indictment so badly because he thought he was part of a special class of people that this didn't happen to. I am from a rundown shack in Arkansas. I spent many years thinking people from families like his got better treatment than me. Now I realize the truth: The beast is so monstrous it will devour us all. None will be spared."

Some believe the conviction of Auernheimer lays down a potentially worrying precedent for cyber-security professionals. In an opinion piece for Wired last year security Researcher Matt Blaze sums up his feels on the situation:

"Because computer science has yet to discover a systematic way to find and fix all the vulnerabilities in real-world systems before they get deployed, independent security researchers who discover and report weaknesses have become an essential part of the security ecosystem. "

Blaze continues: "Continually poking at systems to seek out hidden flaws is the only hope we have of staying ahead of the bad guys, and the software industry has largely come to recognize that the motley assortment of academics, consultants, and hackers who look for security holes are a community to be cultivated and encouraged - even if the proof of vulnerability they bring may sometimes be painful and embarrassing."