Wednesday, 3 July 2013

Apple iPad hacker "Weev" files an appeal to overturn his 41 month jail sentence

Surely you remember Andrew Auernheimer, aka "Weev". He was the gentleman who was accused of obtaining the email addresses of 114,000 Apple iPad users with 3G connectivity, using an automated tool to pull the names out of AT&T's servers. Last November Auernheimer was found guilty on one count of conspiracy to access AT&T's servers without permission, and on one count of identity theft. He was sentenced to 41 months in jail.  His partner in crime, Daniel Spitler, pleaded guilty and cooperated with the authorities. He still awaits sentencing. The pair, after stealing the email addresses, sent them to Gawker Media.

Aurenheimer claimed that he was working on a project for AT&T and was testing the company's security. AT&T said that it never heard a word from Goatse Security, the name of Auernheimer's  hacking group.

On Monday, Auernheimer filed for appeal in the 3rd U.S. Circuit Court of Appeals. The appeal was written by Auernheimer's trial lawyers, Tor Ekeland and Mark Jaffe. Helping out the two attorneys is Electronic Frontier Foundation fellow Marcia Hofmann, and George Washington University Law School Professor Orin Kerr. The appeal says that accessing the AT&T servers was not illegal. Spitler changed an electronic ID number by one digit which allowed him and Auernheimer to develop an application they called the "iPad 3G Account Slurper," which allowed them to grab email addresses and names of 3G Apple iPad users. The filing for the appeal says that because the data was freely available on the internet, Auernheimer's actions did not constitute a theft.  

"AT&T chose not to employ passwords or any other protective measures to control access to the e-mail addresses of its customers. The company configured its servers to make the information available to everyone and thereby authorized the general public to view the information."-Filing for Appeal

source: Techhive via TUAW

No comments:

Post a Comment