UPDATE: A judge in Newark today handed down a 41-month federal prison sentence to an Internet troll who stole information from 120,000 iPad subscribers on AT&T — including “the most exclusive list on the planet” — and passed on the list for publication online.
Andrew “weev” Auernheimer — who was handcuffed by federal security officers after he abruptly pulled out a cellphone during the sentencing — will be on probation for three years after his release and must pay more than $73,000 in restitution to AT&T.
U.S. District Court Judge Susan D. Wigenton said she wanted to deter others from similar behavior. But her sentence seemed most influenced by Auernheimer’s attitude — including interviews he’s given after being convicted by a federal jury in Newark in November of one count of identity fraud and one count of conspiracy to access a computer without authorization.
Last night, he participated in a Reddit “Ask Me Anything” session in which he said that he’d run for Congress after his release and “drop hacks on the floor of Congress and be completely immunefor doing so.”
In January, Auernheimer told The Verge that he hoped to received the maximum sentence possible, so that “people will rise up and storm the decks.”
Then, before today’s sentencing, he conducted an impromptu news conference outside the U.S. District Courthouse in Newark, where he ranted against the government, calling prosecutors “wicked tyrants, seditious thugs,” and shouted: “[Expletive] the government!”
To top it off, Auernheimer — given the opportunity to speak before being sentenced — told Wigenton:
“I don’t come here today to ask for forgiveness. I’m here to tell this court that it should be thinking about what it could do to make amends to me.”
“The one word that consistently came to mind to me, Mr. Auernheimer, was disappointment, that with your level of intelligence, your ability to garner support, that you would use it in such a negative way,” Wigenton said.
“While I know you consider yourself to be a hero of sorts, without question the evidence that came out during the trial reflected criminal conduct.”
A short time earlier, Auernheimer unleashed a profanity-laced tirade against the government in front of several video cameras:
- YOU READ IT HERE FIRST: Andrew “weev” Auernheimer issused a profanity-laced tirade against the U.S. government outside the federal courthouse in Newark before his sentencing this morning, calling prosecutors “wicked tyrants” and “seditious thugs.” READ MORE….
“In my country, there’s a problem, and that problem is the feds,” said Auernheimer, who was joined by several women who, like him, wore the same-styled black and white scarf — some covering their faces.
“We could have laptop batteries that last a hundred [expletive] years … and we cannot have this because the NRC says no,” said Auernheimer, holding a wireless microphone. “Attorneys in their sub-humanity lethally lord over people that are trying to contribute something to humanity
“And I’m going to prison for arithmetic? I added one to a [expletive]’ number on a public web server and I aggregated data and I gave it to a journalist.”
“[Expletive] this country!” Auernheimer shouted. “The rights that we had in this [expletive] place are being ruined by wicked tyrants, seditious thugs.
“Either they’re malicious, wicked people that want to destroy Western civilization, or they’re God-damned [expletive] morons… I don’t know which it is. Either they’re evil or they’re retarded.”
His attorney, Tor Ekeland, said this morning that Auernhemier did something “that people do in the United States every other day.”
“There’s no password bypass. Nothing was hacked,” he said outside the courthouse, calling it a “conscious business decision by AT&T not to password-protect its information.”
Andrew Auernheimer did “what computer researchers do all the time” — that is, testing AT&T’s customer data system.
He compared it to the Red Scare of the Sixties.
“This is paranoia about hacking,” he said.
Supporters applauded when Auernheimer, given the opportunity by Wigenton to speak, accused the government of a malicious prosecution.
Things got really tense, however, when he pulled out a cellphone and was grabbed by court security officers.
After a brief recess, they brought Auernheimer back in shackles.
For more on the sentencing, SEE: Andrew ‘weev’ Auernheimer sentenced to 41 months for exploiting AT&T iPad security flaw
Early in the investigation, Auernheimer accused Assistant U.S. Attorney Lee Vartan, then the lead federal prosecutor in the case, of conducting a “smear campaign” against him. In an open letter, he predicted that Vartan “may be required to resign” as a result.
“[U]ltimately, you will be held accountable to the people for your actions,” Auernheimer wrote, adding that he believed the government was prepared to “engage in the manufacture of evidence” to prosecute him.
FBI investigators said all of the evidence was produced by Auerheimer and an accomplice, David Spitler, who called themselves Goatse Security. Together, they used a AT&T security maintenance app to hack into AT&T, showing servers how vulnerable they were.
All told, they swiped email addresses for members of several branches of the military, NASA, the FCC, the Senate, the House of Representatives, the Department of Justice, the Department of Homeland Security and the National Institute of Health, as well as for executives from The New York Times Company, Dow Jones, Condé Nast, Viacom, Time Warner, News Corporation, HBO, Hearst as well as others from Google, Amazon, AOL, Microsoft, Goldman Sachs, JP Morgan, Citigroup and Morgan Stanley.
Also on the list were Diane Sawyer, Harvey Weinstein, Mayor Michael Bloomberg, and former White House Chief of Staff Rahm Emanuel.
The duo even posted a video that shows how they did it:
Because he was “very public concerning his hacking and trolling activities, giving interviews to The New York Times, as well as other publications,” said FBI agent Christian Schorte, Auernheimer clearly “was not working for the public interest.”
An “Account Slurper” created by Spitler attacked AT&T’s servers for several days in early June 2010, with the purpose of harvesting as many email addresses as possible from Apple iPad users who accessed the Internet through the 3G network, Schorte wrote in an application for a warrant to search Auernheimer’s Fayetteville home.
The slurper, he said, “was designed to mimic the behavior of an iPad 3G so that AT&T servers would falsely believe that the servers were communicating with an actual iPad 3G.”
During the “brute force” attack, the slurper cycled through different possible account numbers until it hit on genuine AT&T accounts, then stole the email addresses and other information, the agent added.
Auernheimer and Spitler, of San Francisco, then gave the information to Gawker.com.
Gawker, in turn, published an article “Breach Details: Who Did It and How,” in which it said the breach “exposed the most exclusive email list on the planet.”
FBI agents said Auernheimer even emailed a members of News Corp’s Board of Directors, saying, “Your iPad’s unique network identifier was pulled straight out of AT&T’s database.”
Auernheimer also claimed he trolled Amazon.com and caused a “one billion dollar change in their market capitalization.”
According to the FBI, Auernheimer also told The New York Times he had collected hundreds of Social Security numbers — and, as proof, sent the number of the author of the story.
FBI agents identified Auernheimer as the author of the emails thanks to, of all people, his parents.
Spitler and Auernheimer exchanged instant messages in which they discussed conducting the breach to simultaneously damage AT&T and promote themselves, the evidence showed. They also chatted about destroying evidence linking them to the crime, federal prosecutors said.
Spitler previously pleaded guilty to the same charges and is awaiting sentencing.
U.S. Attorney Paul J. Fishman credited special agents of the FBI’s Newark Cyber Crimes Task Force, as well as the forensic examiners of the New Jersey Regional Computer Forensics Laboratory and the New Jersey Division of Criminal Justice.
He also thanked special agents of the FBI’s Little Rock, Arkansas Divison, Fayetteville Resident Agency; and the San Francsiso Division; as well as the U.S. Attorney’s Office for the Western District of Arkansas.
“It’s important to note that it wasn’t just the hacking itself that was criminal, but what could potentially occur utilizing the pilfered information,” said Michael B. Ward, Special Agent In Charge of the FBI’s Newark Division. “Because of the popularity and widespread use of the new and emerging technology of the iPad and devices like it, it was absolutely critical that emerging threats to it were addressed promptly and aggressively.”
Prosecuting for the government was Executive Assistant U.S. Attorney Michael Martinez and Assistant U.S. Attorney Zach Intrater of the Computer Hacking and Intellectual Property Section of the U.S. Attorney’s Office Economic Crimes Unit.
Click here to sign up for Daily Voice's free daily emails and news alerts.