A federal appeals court Friday reversed and vacated the conviction and sentence of hacker and Internet troll Andrew “weev” Auernheimer.
The case against Auernheimer, who has often been in solitary confinement for obtaining and disclosing personal data of about 140,000 iPad owners from a publicly available AT&T website, was seen as a test case on how far the authorities could go under the Computer Fraud and Abuse Act (CFAA), the same law that federal prosecutors were invoking against Aaron Swartz.
Auernheimer was accused of passing along the e-mail addresses to Gawker, which thereafter published the information in redacted form in 2010. Auernheimer was convicted in a New Jersey federal court of a felony under the CFAA for conspiracy to access AT&T’s servers against the company’s will.
The government argued that the New Jersey court was a proper venue for the case because 4,500 e-mail addresses were obtained from residents there. The authorities claimed that even if the venue was improper, is should be disregarded because it did “not affect substantial rights.”
The court disagreed and suggested that Auernheimer’s home state of Arkansas, where the alleged illegal activity took place, was the proper location for trial
Auernheimer’s helped co-defendant Daniel Spitler who discovered a security vulnerability in the website used to register iPad users who signed up for AT&T’s 3G service. A script on AT&T’s servers would accept an iPad’s ICC-ID—a unique identifier embedded in the device’s microSIM card—and return that user’s e-mail address. Spitler figured out that ICC-IDs come in a predictable range, allowing him to enumerate the tens of thousands of them and obtain the corresponding e-mail addresses. And Auernheimer was accused of providing Spitler with advice and encouragement over IRC, and later disclosed the information Spitler obtained to the media.
Spitler pleaded guilty and was sentenced in January to three years probation.
While the court would not resolve whether Auernheimer’s conduct was illegal, it commented that “no evidence was advanced at trial” that “any password gate or other code-based barrier” was breached.
A day before his sentencing, Auernheimer commented last year that his only “regret is being nice enough to give AT&T a chance to patch before dropping the dataset to Gawker. I won’t nearly be as nice next time.”
Now Auernheimer is waiting to listen his charges when the right court will be chosen for him against his crime.
The post Hacker/troll “weev” was charged in the wrong federal court – say The Third US Circuit Court of Appeals appeared first on Am I Hacker Proof.
View full post on Am I Hacker Proof