Welcome Stranger to OCC!Login | Register

Internet Troll Faces 5 Years in Jail for Exploiting AT&T Security Flaw

Category: General News
Posted: 04:51PM

Andrew Auernheimer, a self-described security researcher and internet troll, was convicted of identity fraud and conspiracy to access AT&T's systems without authorization. Andrew Auernheimer and his partner, Daniel Spitler, are said to have been trying to scrape email addresses from about 120,000 iPad users from a poorly secured section of AT&T's website where iPad users sign up for 3G service. A script was placed on AT&T's server to obtain an iPad's ICC-ID and then return the email address linked to that ID. These identification codes came in a predictable range, which enabled Auernheimer to guess tens of thousands of ICC-IDs and get AT&T's servers to give them the associated email addresses. After investigating, the FBI concluded they had committed a felony and arrested Auernheimer and Spitler in 2011. According to chat logs obtained by the prosecution, the pair discussed multiple schemes for which they could use the harvested information, such as spamming, phishing, or short-selling AT&T's stock. However, they decided that the way to obtain the "max lols" would be to inform the media of this bug in an attempt to shame AT&T. 

A New Jersey jury recently tried Auernheimer and Spitler and handed down a guilty verdict on Tuesday. Spitler decided to cooperate with the government and pled guilty, so the trial was aimed towards Auernheimer. The two face a maximum sentence of 5 years in jail, as well as a $250,000 fine. Tor Ekland, Auernheimer's attorney, told Reuters in a phone interview that he and Auernheimer "disagree with the prosecutors' interpretation of what constitutes unauthorized access to a computer under the Computer Fraud and Abuse Act." 

Register as a member to subscribe comments.
ekiM on November 21, 2012 10:40PM
I somewhat disagree with this. The fine and sentencing seems a bit much when they have evidence they planned to only inform the media of the bug to shame AT&T. Nothing more malicious than that

This news has comment postings disabled because it is now archived.

© 2001-2018 Overclockers Club ® Privacy Policy
Elapsed: 0.4584610462   (xlweb1)