Judge ignores leniency plea, hands AT&T hacker a 41-month-sentence
It's the maximum sentence prosecutors had sought for Andrew Auernheimer
Computerworld - A federal judge today ignored convicted hacker Andrew Auernheimer's leniency plea in sentencing him to 41 months in prison for illegally accessing email addresses and other data belonging to more than 120,000 iPad subscribers from AT&T's networks.
U.S. District Judge Susan Wigenton of the District Court in New Jersey also sentenced Auernheimer to an additional three years of supervised release and ordered him to pay AT&T more than $73,000 in restitution for damages stemming from his actions.
The sentence is the maximum that federal prosecutors had sought against Auernheimer.
In a pre-sentencing memo filed with the court last week. Auernheimer's attorneys had argued their client only deserved months of non-custodial probation, at most, for his offenses. They had argued for leniency on the grounds that Auernheimer's actions were not motivated by fraud and did not cause any direct harm to AT&T's systems.
Monday's sentence shows that neither the jury nor the court bought that story, the U.S attorney's office said in a statement.
"Andrew Auernheimer knew he was breaking the law when he and his partner hacked into AT&T's servers and stole personal information from unsuspecting iPad users," U.S. Attorney Paul Fishman noted. "When it became clear that he was in trouble, he concocted the fiction that he was trying to make the Internet more secure, and that all he did was walk in through an unlocked door. The jury didn't buy it, and neither did the Court in imposing sentence upon him today."
Auernheimer made headlines in June 2010 when he and his partner, Daniel Spitler, used an automated script they called iPad 3G Account Slurper to extract email addresses and SIM card ID numbers of more than 100,000 iPad owners from AT&T's servers.
The data included email addresses belonging to New York Mayor Michael Bloomberg, New York Times CEO Janet Robinson, ABC's Diane Sawyer, movie producer Harvey Weinstein, former White House chief of staff Rahm Emmanuel and numerous others.
Auernheimer and Spitler handed the data to Gawker, which posted the information public. The duo claimed they carried out the exercise only to demonstrate how AT&T was leaking the data via its Web site.
But prosecutors claimed that the whole caper was a self-serving stunt by Auernheimer to promote himself and Goatse Security, a security group to which he belonged. AT&T said it had to spend more than $73,000 for breach notifications.
In court filings, prosecutors described Aurenheimer as someone who not only took credit for the breach but also openly boasted about it to the media and others. They noted that Goatse Security often portrayed itself as a group of self-described Internet trolls bent on disrupting services and content on the Internet.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts