Hacker sentenced to 41 months
Andrew Auernheimer, known online as weev, was accused of breaching the AT&T network and revealing email addresses of more than 120,000 Apple iPad users to the online news site Gawker in 2010.
The sentence was ordered by US District Judge Susan Wigenton in Newark, New Jersey. The case has drawn fire from online rights activists who claim government prosecutors are unfairly targeting white hat hackers who reveal online security flaws.
Lawyers for Internet rights group Electronic Frontier Foundation have joined Auernheimer's defence, saying he is being unduly punished for revealing an AT&T network flaw to the media.
"Weev is facing more than three years in prison because he pointed out that a company failed to protect its users' data, even though his actions didn't harm anyone," said EFF attorney Marcia Hofmann. "The punishments for computer crimes are seriously off-kilter, and Congress needs to fix them."
But US Attorney Paul Fishman said Auernheimer "knew he was breaking the law" and that "when it became clear that he was in trouble, he concocted the fiction that he was trying to make the Internet more secure. The jury didn't buy it, and neither did the court in imposing sentence upon him."
Auerheimer's co-defendant Daniel Spitler discovered that AT&T configured its servers so that queries made using ID numbers from SIM cards in iPads got back email address of respective iPad owners. Spitler wrote a computer program that exploited the security hole to collect about 120,000 email addresses, and Auernheimer sent the list to several journalists to spotlight the security problem, according to the EFF.
Spitler and Auernheimer were criminally charged as co-defendants. Spitler, a San Francisco resident, pleaded guilty in June of 2011 to one count of conspiracy to gain unauthorised access to computers connected to the Internet and one count of identity theft, according to prosecutors. He is awaiting sentencing.
The two men were said to be members of Goatse Security, a loose association of Internet hackers who hunt for security flaws. Using a script called an iPad 3G Account Slurper, the Goatse hackers managed to obtain the number used to identify a subscriber on AT&T's network.
AT&T has fixed the flaw. "Weev's case shows just how problematic the Computer Fraud and Abuse Act is," said EFF attorney Hanni Fakhoury said. "We look forward to reversing the trial court's decision on appeal."
Source: AFP via I-Net Bridge
Source: I-Net Bridge
For more than two decades, I-Net Bridge has been one of South Africa’s preferred electronic providers of innovative solutions, data of the highest calibre, reliable platforms and excellent supporting systems. Our products include workstations, web applications and data feeds packaged with in-depth news and powerful analytical tools empowering clients to make meaningful decisions.
We pride ourselves on our wide variety of in-house skills, encompassing multiple platforms and applications. These skills enable us to not only function as a first class facility, but also design, implement and support all our client needs at a level that confirms I-Net Bridge a leader in its field.
Go to: http://www.inet.co.za