Hacker awarded 41 month prison sentence over AT&T exploit

A security researcher in the US has been handed down a 41 month prison sentence for exploiting a flaw in AT&T's security around iPad users to reveal details of 114,000 emails in 2010. 

Along with a co-defendant he has also been ordered to pay $73,000 by way of compensation to the phone company.

Andrew "Weev" Auernheimer, who ran Goatse Security with co-defendant Daniel Spitler, was in November found guilty on counts of identity fraud and conspiracy to access a computer without authorisation and had faced a maximum of five years in prison for each charge.

The hack, executed in June 2010 revealed details of the then White House chief of staff, Rahm Emanuel, as also chief executives and military officials. AT&T had allocated SIM cards for 3G-enabled iPads with successive numbers and no security checks to prevent anyone accessing the details, which was used in the exploit. A printout of the details was then sent to the Gawker website, a blog based in New York City focused on celebrities and the media.

The night before he was sentenced, Auernheimer taking part in a Reddit "Ask Me Anything" explained how he had carried out the hack: "In June of 2010 there was a public AT&T webserver that had a URL for a public API with a number at the end of it. If you added one to this number you might see the next iPad 3G user email address. I aggregated a sample of this data and sent it to a journalist. I contend that, I as an American, have the right to profit from accessing a public webserver, adding one to a number and embarrassing a large corporation.''

The US justice department had pressed for a  sentence of between three and four years but US district judge Susan Wigenton handed down the sentence of 41 months -- behind bars.

Spitler, 27, who was involved in the process, had pleaded guilty to the same charges and awaits sentencing.

"Andrew Auernheimer knew he was breaking the law when he and his partner hacked into AT&T's servers and stole personal information from unsuspecting iPad users," US Attorney Fishman said in a statement.

"When it became clear that he was in trouble, he concocted the fiction that he was trying to make the Internet more secure, and that all he did was walk in through an unlocked door. The jury didn't buy it, and neither did the Court in imposing sentence upon him today."