Judge gives second AT&T iPad hacker more time to make plea deal

Follows in footsteps of co-defendant, who pleaded guilty last month in return for recommended 12-to-18-month sentence

A federal judge has put the case against a man charged with hacking AT&T's website on hold to allow plea negotiations to continue, court documents show.

On Wednesday, U.S. District Court Jude Susan Wigenton suspended the case against Andrew Auernheimer, who faces a maximum of 10 years in prison if convicted of two felony charges, conspiracy to access a computer without authorization, and fraud in connection with personal information.

"Plea negotiations are currently in progress and both the United States and the defendant desire additional time to finalize a plea agreement, which would render trial of this matter unnecessary," Wigenton wrote in her order, made public Thursday on the U.S. Department of Justice's case database.

Auernheimer and his court-appointed federal public defender have been negotiating a plea agreement for at least the last month.

Auernheimer, who goes by the online nickname of "weev," was a member of Goatse, a loose collection of hackers, authorities have alleged. Along with co-defendant Daniel Spitler, he is accused of stealing approximately 120,000 names and email addresses of iPad 3G owners from AT&T servers in June 2010 using an automated scripting tool.

Among the email addresses eventually made public -- Auernheimer gave information obtained from AT&T to the Gawker website -- were those belonging to New York Mayor Michael Bloomberg, former White House chief-of-staff Rahm Emanuel, and top executives at Dow Jones, The New York Times Co. and Time Warner.

At the time, Auernheimer argued that the hack was "ethical" and "in the public interest" because it revealed a flaw in AT&T's website.

Later he accused AT&T of dishonesty when it downplayed the damage to affected customers.

Auernheimer argued that other hackers armed with an iPad exploit could have used the email addresses in a targeted attack.

"A complete list of iPad 3G customers, which could have been generated from this vulnerability [Goatse uncovered], would have the ideal bit of data for those...with zero-day Safari exploits," Auernheimer claimed in a June 2010 post to the Goatse blog.

But according to the federal indictment against Auernheimer, he and Spitler had discussed exploiting their hack. "This could be like, a future massive phishing operation serious like this is valuable data," Auernheimer allegedly told Spitler in an IRC chat that authorities included in the indictment.

"Well I will say this it would be against the law ... for ME to short the att stock but if you want to do it go nuts," Auernheimer said to Spitler in another chat fragment. "If you short ATT dont let me know about it."

Spitler pleaded guilty last month to similar charges. His plea agreement recommended a 12-to-18-month sentence.

Auernheimer's attorney did not reply to a request for comment.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com.

See more articles by Gregg Keizer.

Copyright © 2011 IDG Communications, Inc.

Shop Tech Products at Amazon