Auernheimer sentenced to 41 months for breaching AT&T servers

Shawn Knight

Shawn Knight

Posts: 15,296   +192
Staff member

Andrew Auernheimer will spend the next three years and five months of his life in prison. The 27-year-old was sentenced today in federal court in Newark, New Jersey, after being convicted on November 20 of breaching AT&T’s servers, stealing personal information from more than 114,000 iPad users and sharing it with a reporter. He faced up to 10 years behind bars.

Auernheimer will also have to serve an additional three years of probation and pay more than $73,000 in restitution to AT&T for his actions. During the hearing, Auernheimer told U.S. District Judge Susan Wigenton that he didn’t come asking for forgiveness. Instead, he said the Internet is bigger than any law can contain. What’s more, he said many governments that have tried to restrict the freedoms of the Internet have ended up toppled.

att hacking andrew auernheimer

Three years ago, Auernheimer discovered a security flaw in an AT&T server that allowed his security group, Goatse Security, to infiltrate the system and steal more than 114,000 e-mail addresses belonging to iPad 3G users. The information was eventually turned over to Gawker which posted redacted versions of some of the addresses, prompting an investigation by the FBI.

Attorneys for Auernheimer argued that he should only receive probation because the wireless provider’s security was so poor that no special skill was needed to collect the addresses in question. The legal team included comments from an AT&T investigator that said Auernheimer circumvented no security.

Permalink to story.

https://www.techspot.com/news/51982-auernheimer-sentenced-to-41-months-for-breaching-att-servers.html

 
The guy should be hired as a security consultant not put in prison. What was the damage as a result of the security breach other than releasing a list of names to prove what he did?
 
I would be more concerned with what he did with the information he stole. Besides the fact that he willingly exploited a security flaw, one must wonder WHY he did it. Did he do it to show AT&T how weak their security was? Did he do it because like most hacktivist he was looking for a opportunity? Way too many questions that we dont have the answers for.
I really got a great laugh at the comment "That the internet is bigger then any one country or Laws". Be that as it may, he didnt hack the internet. He hacked a cellular providers website and servers. A company that resides in the US. I think the time that he got was somewhat fair, provided he didnt make any extra cash selling other ppls information that he stole in the first place.
 
Stealing is stealing, whether it is over the Internet or physically in person. If someone enters a house and steals something, he is not entitled to get away with it because the owner of the house had left the door unlocked.

Neither was this a victimless crime. AT&T had to spend time and money notifying its customers and those customers had to spend time changing passwords and possibly notifying banks, etc. And those expenses get passed along to someone, whether to employees who are paid less as a result, to shareholders who get less dividends as a result, or to customers whose charges for ATT service are higher than they would otherwise have been.
 
  • Like
Reactions: Skidmarksdeluxe
TheBigFatClown said:
The guy should be hired as a security consultant not put in prison. What was the damage as a result of the security breach other than releasing a list of names to prove what he did?
Click to expand...

Apparently the information was wide-open and required little to no skill to access. His sentence is ridiculously harsh for releasing a list of email addresses.
 
"breaching"? "stealing"?
You guys aren't helping the internet one bit.
 
Arris said:
3 years and that fine, that's some serious penalty for not having breached any security.
Click to expand...
The article reads:- "Three years ago, Auernheimer discovered a security flaw in an AT&T server that allowed his security group, Goatse Security, to infiltrate the system and steal more than 114,000 e-mail addresses belonging to iPad 3G users" - that sounds a bit "breachy" to me! ;)
 
  • Like
Reactions: Arris
Zoltan Head said:
Arris said:
3 years and that fine, that's some serious penalty for not having breached any security.
Click to expand...
The article reads:- "Three years ago, Auernheimer discovered a security flaw in an AT&T server that allowed his security group, Goatse Security, to infiltrate the system and steal more than 114,000 e-mail addresses belonging to iPad 3G users" - that sounds a bit "breachy" to me! ;)
Click to expand...

Sorry, wrote that wrong. Was meaning to refer to "The legal team included comments from an AT&T investigator that said Auernheimer circumvented no security."
 
johnehoffman said:
Stealing is stealing, whether it is over the Internet or physically in person. If someone enters a house and steals something, he is not entitled to get away with it because the owner of the house had left the door unlocked.

Neither was this a victimless crime. AT&T had to spend time and money notifying its customers and those customers had to spend time changing passwords and possibly notifying banks, etc. And those expenses get passed along to someone, whether to employees who are paid less as a result, to shareholders who get less dividends as a result, or to customers whose charges for ATT service are higher than they would otherwise have been.
Click to expand...


johnehoffman said:
Stealing is stealing, whether it is over the Internet or physically in person. If someone enters a house and steals something, he is not entitled to get away with it because the owner of the house had left the door unlocked.

Neither was this a victimless crime. AT&T had to spend time and money notifying its customers and those customers had to spend time changing passwords and possibly notifying banks, etc. And those expenses get passed along to someone, whether to employees who are paid less as a result, to shareholders who get less dividends as a result, or to customers whose charges for ATT service are higher than they would otherwise have been.
Click to expand...

Right, stealing is stealing. But he did'nt stole anything, He copied the information ...
 
  • Like
Reactions: Burty117
I'm not saying he wasn't guilty and shouldn't be punished. I just would have expected fine or sentence, not both. Comparing data theft to theft of material possessions/money is a difficult thing to do, especially with the "it's not stealing it's copying" claim, that's wandering into piracy discussion and those always end in about a million opinions and no real conclusion.
 
  • Like
Reactions: cliffordcooley
You must log in or register to reply here.

Similar threads

midian182
LockBit ransomware group member sentenced to four years for infecting over 1,000 systems
Replies
5
Views
160
Uncle Al
Uncle Al
A
AT&T wireless service outage is impacting many US customers
Replies
8
Views
236
Mark Fuller
M
midian182
18-year-old hacker behind GTA VI leak sentenced to life in secure hospital facility
Replies
21
Views
530
holydiver
H

Latest posts

Back