In the Auernheimer case, federal prosecutors in New Jersey chose to elevate a misdemeanor computer crime into a more serious felony, though their evidence showed that Auernheimer’s co-conspirator wrote and ran the computer program that obtained the e-mail addresses. Then, prosecutors argued for a much stiffer sentence based in large part on AT&T’s estimated financial loss, though the company did not declare any loss in court filings.
Prosecutors said their approach was justified because Auernheimer violated the privacy of thousands of people. They pointed to his extended hacking career, fiery denunciations of the government and lack of remorse.
“You have to ask the question, what would he have done next?” said a Justice Department official who spoke on the condition of anonymity because the case is under appeal. “Where would we be if we let this guy go and the next thing he did was take down a network?”
‘I make people afraid’
The man at the center of the debate is a self-proclaimed Internet “troll” known by his online handle, “Weev,” who has been on the FBI’s radar since he was 15.
In words that prosecutors would use against him, Auernheimer told the New York Times in 2008: “I hack, I ruin, I make piles of money. I make people afraid for their lives.”
In a recent telephone interview and in e-mail exchanges through a prison Web site, Auernheimer told The Washington Post that he is a “political and economic activist” whose motive in the iPad breach was to embarrass AT&T. He called federal agents and prosecutors “despicable parasites.”
Auernheimer had headed an organization called Goatse Security. He described it as a nine-member information security firm; prosecutors called it a hacker group.
It was another Goatse member, Daniel Spitler, who was instrumental in the events that led to the federal probe. Apple’s iPad tablet had recently come out, and AT&T was providing Internet access for iPad users. Spitler wanted AT&T’s data plan but did not have an iPad, so he used his computer skills to trick the AT&T servers into believing he was operating one and got himself an iPad identifying number.
When he logged on to the AT&T site, he discovered that a window would pop up with his e-mail address filled in, Spitler testified at Auernheimer’s trial. AT&T, in an effort to be user-friendly, had linked each iPad number with the user’s e-mail address so that users did not have to type in their address when they logged in. The addresses were automatically displayed.
Spitler altered his identifying number by one digit and typed it in. Someone else’s e-mail address popped up, he testified. Spitler typed in more iPad numbers. More e-mail addresses popped up. Then he wrote a computer program to automate the process. It landed about 120,000 addresses.