Skip the navigation

Judge ignores leniency plea, hands AT&T hacker a 41-month-sentence

It's the maximum sentence prosecutors had sought for Andrew Auernheimer

March 18, 2013 03:36 PM ET

Computerworld - A federal judge today ignored convicted hacker Andrew Auernheimer's leniency plea in sentencing him to 41 months in prison for illegally accessing email addresses and other data belonging to more than 120,000 iPad subscribers from AT&T's networks.

U.S. District Judge Susan Wigenton of the District Court in New Jersey also sentenced Auernheimer to an additional three years of supervised release and ordered him to pay AT&T more than $73,000 in restitution for damages stemming from his actions.

The sentence is the maximum that federal prosecutors had sought against Auernheimer.

In a pre-sentencing memo filed with the court last week. Auernheimer's attorneys had argued their client only deserved months of non-custodial probation, at most, for his offenses. They had argued for leniency on the grounds that Auernheimer's actions were not motivated by fraud and did not cause any direct harm to AT&T's systems.

Monday's sentence shows that neither the jury nor the court bought that story, the U.S attorney's office said in a statement.

"Andrew Auernheimer knew he was breaking the law when he and his partner hacked into AT&T's servers and stole personal information from unsuspecting iPad users," U.S. Attorney Paul Fishman noted. "When it became clear that he was in trouble, he concocted the fiction that he was trying to make the Internet more secure, and that all he did was walk in through an unlocked door. The jury didn't buy it, and neither did the Court in imposing sentence upon him today."

Auernheimer made headlines in June 2010 when he and his partner, Daniel Spitler, used an automated script they called iPad 3G Account Slurper to extract email addresses and SIM card ID numbers of more than 100,000 iPad owners from AT&T's servers.

The data included email addresses belonging to New York Mayor Michael Bloomberg, New York Times CEO Janet Robinson, ABC's Diane Sawyer, movie producer Harvey Weinstein, former White House chief of staff Rahm Emmanuel and numerous others.

Auernheimer and Spitler handed the data to Gawker, which posted the information public. The duo claimed they carried out the exercise only to demonstrate how AT&T was leaking the data via its Web site.

But prosecutors claimed that the whole caper was a self-serving stunt by Auernheimer to promote himself and Goatse Security, a security group to which he belonged. AT&T said it had to spend more than $73,000 for breach notifications.

In court filings, prosecutors described Aurenheimer as someone who not only took credit for the breach but also openly boasted about it to the media and others. They noted that Goatse Security often portrayed itself as a group of self-described Internet trolls bent on disrupting services and content on the Internet.



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!