dslreports logo
site
spacer

spacer
 
   
spc
story category
AT&T 'Hacker' Weev Released From Prison
by Karl Bode 09:16AM Tuesday Apr 15 2014
Back in June of 2010, you might recall that a security hole in AT&T's website allowed two individuals to gain access to the e-mail addresses of 114,000 owners of 3G Apple iPads, including "dozens of CEOs, military officials, and top politicians." A group calling itself Goatse Security at the time claimed responsibility for the "hack," which in addition to e-mail addresses resulted the group obtaining user ICC-IDs -- used to identify their specific iPad on the AT&T network.

Click for full size
One of those two individuals responsible for obtaining the data was Andrew Auernheimer (aka "Weev") an Internet-famous troll who was recently convicted of accessing a computer without authorization and identity fraud, and sentenced to serve 41 months in prison.

The problem? What Weev did technically wasn't hacking since AT&T's door was left wide open, something even prosecutors recently made very clear they didn't actually understand.

Last Friday Weev was released from prison. Not because the law realized and acknowledged what he did wasn't hacking, but because the court declared he should have been tried in his home state of Arkansas, not New Jersey. Law enforcement have yet to state whether or not they'll be seeking a retrial, though it's highly unlikely this particular story is over.

view:
topics flat nest 

thender
Screen tycoon
Premium
join:2009-01-01
Brooklyn, NY
kudos:1

Imagine what the internet would be like if more trolls were thrown in prison


n2jtx

join:2001-01-13
Glen Head, NY

Re: Imagine what the internet would be like if more trolls were thrown in prison

XYZZY - Pay Troll
Mahalo

join:2000-12-20
united state
kudos:1
"There's an unequal amount of good and bad in most things. The trick is to figure out the ratio and act accordingly." - Th3j35t3r
--
My other computer is your computer

PlusOne

@comcast.net
said by thender:


This guy belongs in prison.
Mahalo

join:2000-12-20
united state
kudos:1

Re: Imagine what the internet would be like if more trolls were thrown in prison

Where should AT&T and Apple be? They are ones that implemented poor security around the service.
--
My other computer is your computer

Riusaki

join:2000-09-14
Space

Re: Imagine what the internet would be like if more trolls were thrown in prison

By poor security you mean no security.
moes

join:2009-11-15
Cedar City, UT
Yeah sure buddy, when att has this habit of leaving their global logins for past and former employee's active for years. good one!
dfxmatt

join:2007-08-21
Evanston, IL
It wouldn't be a good thing, it would be foolhardy.

A lack of freedom for trolls means a lack of freedom for you.

OmegaWolf747
Vive la revolucion

join:2009-02-08
Royal Oak, MI
Good that weev's out. Now we need to get Barrett Brown out too.

imanogre

join:2005-11-29
Smyrna, GA

2 recommendations

ugh

Worst argument yet.... :
"The problem? What Weev did technically wasn't hacking since AT&T's door was left wide open, something even prosecutors recently made very clear they didn't actually understand. "

Definition of hacking (google defintions)
"use a computer to gain unauthorized access to data in a system."

Was this clown authorized to have this data? No. Did he use a computer to access it? Yes.

Pretty much the definition of hacking.

And using the "door was open" is the worst argument ever.... it's like saying someone didn't commit grand theft auto because it was unlocked with the keys in it.

noc007

join:2002-06-18
Cumming, GA
Reviews:
·Comcast

7 recommendations

Re: ugh

So I can sue everyone that accesses my website for hacking? Sure I didn't put any authentication or take any steps so only I could access the site. I didn't authorize anyone else to access my site and they're using a computer to access it so it must be hacking.
Rekrul

join:2007-04-21
Milford, CT

1 recommendation

said by imanogre:

Was this clown authorized to have this data? No. Did he use a computer to access it? Yes.

Pretty much the definition of hacking.

Are you sure you want to criminalize the act of changing an URL? Because that's what it amounts to. Suppose you have an URL ending in /test123 and you accidentally type /test124. A page comes up that you weren't supposed to see. Should you now be arrested for hacking?

You'll probably argue that intentionally accessing a page is different than stumbling across it by accident. That argument isn't going to fly with the feds.
LucasLee

join:2010-11-26
kudos:1

Re: ugh

well, if you clearly know you are unauthorized to access the data, as he was quoted several times. and you then copy said data, and then publish it, i think that's significantly different than accidentally changing a URL and stumbling upon something you shouldn't have.

remember, intent is an important aspect of most law. it's why there are varying degrees of murder and manslaughter, and joy-riding is a different charge than grand theft auto.
axus

join:2001-06-18
Washington, DC

1 recommendation

I think if it's not password protected or whitelisted, and posted on the internet, all access is implicitly authorized.
LucasLee

join:2010-11-26
kudos:1

Re: ugh

www.youtube.com/watch?v=SQtlPPZ6FFE

so, what you're saying is, since these kids didn't explicitly secure access to their lunches, then the fat kid had implied authorization?

bpe199

@129.253.54.x

not most

No, most of those effected were not from New Jersey. It's that New Jersey law has bigger penalties and they wanted the longest sentence to set an example. In most other states, it barely adds up to a misdemeanor. Here's an excerpt from the article at:

»www.theregister.co.uk/2014/04/11···eprieve/

"Charging Weev in New Jersey meant that the government's prosecutors could apply that state's laws to increase the severity of the sentence.

"To enhance the potential punishment from a misdemeanor to a felony, the Government alleged that Auernheimer's CFAA violation occurred in furtherance of a violation of New Jersey's computer crime statute," the court wrote.

This was improper, the Court said, and argued that New Jersey had little to do with the case, seeing as how the defendants resided outside of the state, as did the AT&T servers. The prosecution had claimed that because around 4,500 of the leaked emails were of New Jersey residents, that constituted sufficient grounds to hold the trial there and expose Weev to the Garden State's laws.
"
Regardless of what people think of this guy, he still deserves fair treatment under the law. Just because he isn't a particularly admirable individual, doesn't mean that we can look the other way when he's being railroaded.

I expect that if they do retry him in a more appropriate state, whatever sentence he may get, will amount to less than the 3.5 years he's already been behind bars. Personally, I don't have so much of a problem with WHAT he did, but more so with that he was planning on profiting from it. Still, the law says nothing about motive here.
firedrakes

join:2009-01-29
Arcadia, FL

Re: not most

so you get put in jail for proving you crap is unsafe