A New York man has been convicted of stealing more than 120,000 iPad users’ email addresses, despite reports that he found the information posted publicly online by AT&T.
Andrew “weev” Auernheimer was convicted of identity theft and conspiracy to gain unauthorized access to computers Tuesday, the Associated Press reported. He faces a maximum of 10 years in prison for both counts. Sentencing is in 90 days, Auernheimer wrote on Twitter.
Auernheimer was a member of the group Goatse Security when he gained access to a treasure trove of iPad email addresses in the summer of 2010. The email addresses belonged to ordinary users and high-profile celebrities, including New York City Mayor Michael Bloomberg and entertainment mogul Harvey Weinstein.
Auernheimer and Goatse Security communicated with Gawker Media to break the news, and Auernheimer was quoted in a 2008 New York Times piece as saying “I hack, I ruin, I make piles of money. I make people afraid for their lives.”
The Associated Press claims that Goatse Security “used a computer script they called the iPad3G Account Slurper to fool AT&T's servers into thinking they were communicating with an iPad.”
TechNewsDaily, on the other hand, contends that because of how AT&T set up its service, it mistakenly published users’ email addresses publicly, even though the exact URL was difficult to find. Using a script, Auernheimer was able to gather the email addresses “without ever breaking into anything or cracking a single password,” TechNewsDaily added.
The confusing aspects of the case were the topic of a popular post on Reddit’s r/technology forum, where user crasymike tried to clarify the charges against Auernheimer.
“[H]e's not in trouble for hacking. He's breaching identity theft laws. Possession of identity information, seemingly for the intent of being used maliciously, is against the law. As well, the second count seems to be for dissemination of this information (they are separate laws, to allow for the law to carry a larger charge for spreading identity information and a smaller charge for simply having it),” crasymike added.
“He's not in trouble for finding the breach. He isn't in trouble for hacking. He's not in trouble for discovering these URL's and he's not in trouble for accessing these URL's. He's in trouble for identity theft, which he seems to be very guilty of.”
Photo via Andrew Auernheimer/Twitter