Andrew Auernheimer, commonly known as AT&T Hacker Weev, has just received sentencing on one charge of conspiracy to access a computer without authorization (18 U.S.C. § 1030(a)(2)(C) part of the Computer Fraud and Abuse Act of 1986) and fraud in connection with personal information (18 U.S.C. § 1028(a)(7)).
He will serve 41 months in a federal prison, with concurrent probation for three years. He also owes restitution to the U.S. Treasury to be dispersed to AT&T in the amount of $73,000.
Both charges have a maximum sentence of five years, meaning that Auernheimer will only serve about a third of the possible maximum sentence.
Auernheimer, a Crunchies award winner, was also apprehended in the courtroom today by 10 officers after trying to use his phone. He returned to the courtroom in shackles. He’ll have ten days to appeal the decision.
In 2010, Auernheimer revealed a security flaw in AT&T’s iPad user data base, letting him reveal data from 114,000 iPad 3G users. Rather than hand over this information to AT&T immediately, Auernheimer first revealed this information to a journalist at Gawker Media.
This sentencing highlights a huge obstacle in the judicial system with reference to hacking. Many say that Aaron Swartz, internet activist and J-stor hacker, committed suicide because of the aggressive prosecution against him. Auernheimer’s case isn’t all that different. He exposed a security flaw for AT&T, quite easily in fact, but is still going to jail for more than three years.
Hopefully, after everything he’s been through, AT&T will be able to spare a “thank you” to Auernheimer not only for the $73,000 in restitution but for discovering the gaping AT&T security hole to begin with.