Andrew Auernheimer (“Weev”) Sentenced to 41 Months Under the Computer Fraud and Abuse Act (“CFAA”)

See 18 U.S.C. 1030(a)(2)(c) & 1028(a)(7).  Mr. Auernheimer and his co-defendant Daniel Spitler (who pleaded guilty and testified for the government at trial) were indicted for harvesting roughly 120,000 email addresses in June 2010 from AT&T’s iPad servers. In November of 2012 Mr. Spitler testified at a one week trial  that he couldn’t afford an iPad but that he wanted the benefit of AT&T’s unlimited data plan offered to iPad subscribers just after the iPad came out.  Using a well known, accepted and common technique known as “spoofing” he registered with AT&T as an iPad subscriber while using his own, cheaper, mobile device.  Upon noticing that AT&T’s servers were pre-populating his log-in window with his email address before asking for his password he began to wonder why.  He discovered that AT&T’s publicly accessible servers would respond to any SIM card number query that matched that of an actual customer by publishing that customer’s email address while simultaneously asking for a password.  Mr. Spitler promptly wrote a script the ended up harvesting roughly 120,000 email addresses.  The script never attempted to enter in any passwords, nor was any attempt made to “hack” any passwords.  No information besides email addresses was obtained. Upon telling Mr. Auernheimer of his script, Mr. Auernheimer contacted select members of the media he found on the email address list, and sent the list to Gawker, which printed it in redacted form.  Upon the publicity, AT&T quickly changed its log in page so it didn’t publish email addresses after simple numerical URL inquiries.  There was no evidence at trial of any harm to any of the people whose email addresses were copied. Not a single person whose email addresses were copied testified. Roughly one week later the FBI raided Mr. Auernheimer’s residence and arrested him for computer crime. Mr. Auernheimer is currently appealing his conviction to the Third Circuit Court of Appeals.  Tor Ekeland P.C. is pleased to be working with The Electronic Frontier Foundation, Mark H. Jaffe, Orin Kerr, Nace Naumoski, and Jerry Derevyanny on the appeal. U.S. v. Auernheimer, 11-CR-470 (D.N.J.) (SDW)]]]]> ]]>

CFAA 2021 Year in review

2021 CFAA Year in Review

In 2021 the United States Supreme Court finally considered what constitutes unauthorized access under the Computer Fraud and Abuse Act. It put a bullet in

Read More »

For media inquiries, please email info@torekeland.com

30 WALL STREET, 8TH FLOOR • NEW YORK, NY 10005

©2022 Tor Ekeland Law, PLLC   •  (718) 737-7264

Attorney Advertising   •   Past results do not guarantee future results   •   Licensed in New York and California