Man gets over 3 years in iPad data breach case
NEWARK, N.J. (AP) - A man convicted of illegally gaining access to AT&T's servers and stealing more than 100,000 email addresses of iPad users has been sentenced to more than three years in prison.
Former Arkansas resident Andrew Auernheimer was convicted in November of identity theft and conspiracy to gain unauthorized access to computers. Auernheimer's attorney had sought probation.
Auernheimer castigated the government for an unfair prosecution before a federal judge in Newark, N.J., pronounced his 41-month sentence Monday.
Prosecutors say Auernheimer was part of a group that tricked AT&T's website into divulging the email addresses, including those of New York Mayor Michael Bloomberg, film mogul Harvey Weinstein and other celebrities.
The group shared the addresses with the website Gawker, which published them in redacted form.
A second defendant has pleaded guilty.
Former Arkansas resident Andrew Auernheimer was convicted in November of identity theft and conspiracy to gain unauthorized access to computers. Auernheimer's attorney had sought probation.
Auernheimer castigated the government for an unfair prosecution before a federal judge in Newark, N.J., pronounced his 41-month sentence Monday.
Prosecutors say Auernheimer was part of a group that tricked AT&T's website into divulging the email addresses, including those of New York Mayor Michael Bloomberg, film mogul Harvey Weinstein and other celebrities.
The group shared the addresses with the website Gawker, which published them in redacted form.
A second defendant has pleaded guilty.
Moot: open to discussion or debate; debatable; doubtful: a moot point. 2. of little or no practical value or meaning; purely academic
So he's an IT guy, eh? Â Another sterotype shattered.
Same thing happened a couple years ago when Sarah Palin's email was "hacked". If you remember she was using free email (Yahoo I believe) to conduct government business. The "hacker" simply guessed at her password and was correct. Not really hacking if you ask me.
This is tragic that a person gets 3 years for accessing a web form with no security. They did not trick the web site from providing information, they just sent requests to it and since AT&T/Apple could not care about security for their customers, the web service provided the data to anyone who asked.
The corporations involved with this breech was behind the 3 year prison sentence. Big money is trying to send a message that just because they have no security they should not be held accountable when their clients private data becomes public.
I am not condoning hacking but this was far from hacking through security designed to keep people out. This was just walking though an open door that should never have been left open. It is a shame that AP has left this portion of the story out and it is a shame that a 3 year sentence was handed down in the first place when criminals that use violence against people get less time sentenced.
@Beam_Me_Up So if you don't lock your house at night it is ok for someone to walk right in?
@cyclops @Beam_Me_Up Actually in this scenario there was no door to open, the site was wide open with nothing to stop entering (no password or other type of security). There was no breaking and entering since the door was wide open. There were no signs warning of criminal trespass. These 2 tests are used to determine the level of a crime happening (misdemeanor or felony). You can get charged for breaking and entering even by opening a closed but unlocked door. But as I said, there was no door in this example. If entering a commercial location versus a residential also determines the level of the crime. In this case it was a commercial location which is considered less severe than residential. So in most this could be seen as a misdemeanor crime that does not warrant a 3 year prison sentence when you have violent felony crimes happening all the time with less or no prison sentence.
So using your example if a bank leaves their door open and the vault open and you have your life savings stolen (more than what is FDIC insured but in this case FDIC would refuse to insure this bank due to stupidity) would you hold the bank at fault for not securing their facility? This is exactly what AT&T and Apple did here. They left every door open and then they hired the most expensive legal team to ensure someone else then them was found at fault. The punishment does not even come close to the level of the crime. It is completely over the top but people like you who do not understand what is happening gladly side with big business. Â
@Beam_Me_Up No, I think 3 years is fair for his crime and attempted murder is not nearly enough.  Stupid parents who let an uncle who has just downed a bottle of tequila take their kids home should be sterilized and jailed.  I still can't understand why you think stealing should be legal.  Would you take 100,000 emails you know you had no right to?....because its there?  Thank goodness we have companies with the money willing to pay for justice because apparently some people think that if something isn't locked up it should be free for the taking even though they know it doesn't belong to them and they have no right to it.
@cyclops I have plenty of boundaries and I have never said what this guy did was right. My beef here is that he got sentenced to 3 years in prison for getting information from an unsecured web site.
We have Tony Barrett on KOMO's front page today because he killed his wife. His first attempt to kill her by putting a pillow over her head he got a whopping 1 day in prison! Does this seem fair in comparison to someone who happened along information that AT&T and Apple felt was not important enough to at least password protect it? Not in my book.Â
If I left my web site open as AT&T and Apple did and he got into my site he would never have been charged. And yet he got 41 months of prison solely because AT&T and Apple spent big money to first track this guy down and then to ensure through a very expensive legal team that Auernheimer got as much time as their money could buy. And all Auernheimer got out of this was email addresses for a few rich and famous people like Mayor King Bloomberg.Â
You are the one without boundaries when you can't see the stupidity in the term this guy got. It is people like you that AT&T and Apple fought to get in the jury box so that they could use perverted logic to defend their own stupid actions by using a system without any type of passwords. We are 20 years into the internet now. You would think that AT&T and Apple would hire the best security engineers based upon 20 years of hacking.
And again by your example if my house had no door and no trespass warnings many courts would say that unless I specifically was present to explain what areas of my house was off limits since it has no physical boundaries anyone was legal to enter my house. There may be a consideration as to if it was night or day with night time being a little more sensitive to consideration of if a crime was committed or not.
@Beam_Me_Up So if your house has no front door to lock it is free for anyone to walk in?  Do you have no boundaries?  The article says they had to trick the website to get the information.  Sounds like some effort was put into it.
@cyclops @Beam_Me_Up Good point but he didn't enter physically, so you point is mute.  In  using your idea of a house.  If you put secrets papers or images you didn't want people to see on your window and others took pictures of them or copied them who should be at fault?  My outside interpretation of this case was he made a request and they responded.  It would be similar to calling the companies phone number then getting mad that people were able to access the information on the recording.  Or sending them an email and getting an automated response they are out of the office.
Steal email addresses, get 3 years. Kill someone in a DUI accident, get 1 year. Problem?