Jury Convicts U.S. Man in iPad Data Breach Case
A federal jury on Tuesday convicted a man of illegally gaining access to AT&T's servers and stealing more than 120,000 email addresses of iPad users including New York Mayor Michael Bloomberg and film mogul Harvey Weinstein.
Andrew Auernheimer, of New York, was convicted of identity theft and conspiracy to gain unauthorized access to computers. Each count carries a maximum prison sentence of five years.
Prosecutors said the former Fayetteville, Arkansas, resident was part of an online group that tricked AT&T's website into divulging email addresses, including those of Bloomberg, Weinstein, then-White House chief of staff Rahm Emanuel, who is now mayor of Chicago, and other celebrities.
The group then shared the addresses with the website Gawker, which published them in redacted form accompanying a news article about the breach, prosecutors said.
A second man arrested with Auernheimer early last year, Daniel Spitler, of San Francisco, pleaded guilty that June.
At the time of the arrests, U.S. Attorney Paul Fishman said there was no evidence the men used the swiped information for criminal purposes. But authorities cautioned that it could have wound up in the hands of spammers and scam artists.
According to court papers, the men used a computer script they called the iPad3G Account Slurper to fool AT&T's servers into thinking they were communicating with an iPad. The theft of the email addresses occurred in June 2010.
Prosecutors said at the time of Auernheimer's arrest that he had bragged about the operation in a blog posting and in an interview with CNET published online after the Gawker article. Court papers also quoted him declaring in a New York Times article: "I hack, I ruin, I make piles of money. I make people afraid for their lives."
Auernheimer, after he was charged and released on bail, had declined to comment.
iPad maker Apple Inc., based in Cupertino, California, referred questions to AT&T, which acknowledged a security weak spot on a website that exposed the email addresses. AT&T said the vulnerability affected only iPad users who signed up for its 3G wireless Internet service and said it had fixed the problem.