See 18 U.S.C. 1030(a)(2)(c) & 1028(a)(7). Mr. Auernheimer and his co-defendant Daniel Spitler (who pleaded guilty and testified for the government at trial) were indicted for harvesting roughly 120,000 email addresses in June 2010 from AT&T’s iPad servers. In November of 2012 Mr. Spitler testified at a one week trial that he couldn’t afford an iPad but that he wanted the benefit of AT&T’s unlimited data plan offered to iPad subscribers just after the iPad came out. Using a well known, accepted and common technique known as “spoofing” he registered with AT&T as an iPad subscriber while using his own, cheaper, mobile device. Upon noticing that AT&T’s servers were pre-populating his log-in window with his email address before asking for his password he began to wonder why. He discovered that AT&T’s publicly accessible servers would respond to any SIM card number query that matched that of an actual customer by publishing that customer’s email address while simultaneously asking for a password. Mr. Spitler promptly wrote a script the ended up harvesting roughly 120,000 email addresses. The script never attempted to enter in any passwords, nor was any attempt made to “hack” any passwords. No information besides email addresses was obtained. Upon telling Mr. Auernheimer of his script, Mr. Auernheimer contacted select members of the media he found on the email address list, and sent the list to Gawker, which printed it in redacted form. Upon the publicity, AT&T quickly changed its log in page so it didn’t publish email addresses after simple numerical URL inquiries. There was no evidence at trial of any harm to any of the people whose email addresses were copied. Not a single person whose email addresses were copied testified. Roughly one week later the FBI raided Mr. Auernheimer’s residence and arrested him for computer crime. Mr. Auernheimer is currently appealing his conviction to the Third Circuit Court of Appeals. Tor Ekeland P.C. is pleased to be working with The Electronic Frontier Foundation, Mark H. Jaffe, Orin Kerr, Nace Naumoski, and Jerry Derevyanny on the appeal. U.S. v. Auernheimer, 11-CR-470 (D.N.J.) (SDW)]]]]> ]]>
Computer Fraud and Abuse (CFAA) updates and Analysis – March 23, 2022. Court denies Motion to Dismiss in United States v. Thompson. Why this matters for Computer Law?