Hacker found guilty of stealing personal details of 120,000 iPad users
A jury has convicted a New York man of hacking into a phone company’s servers and stealing the email addresses and other personal data of about 120,000 iPad users.
Andrew Auernheimer, 27, was convicted by a Newark, New Jersey, jury of one count of conspiracy to access the servers without permission, as well as one count of identity theft, said US Attorney Paul Fishman.
The defendant faces a maximum five years in prison and $250,000 fine on each count. A co-defendant, Daniel Spitler, pleaded guilty to the same charges in June 2011 and is awaiting sentencing.
Prosecutors said Auernheimer and Spitler were affiliated with Goatse Security, a group of Internet "trolls" that tries to disrupt online content and services.
According to the government, the men used an "account slurper" that was designed to match email addresses with "integrated circuit card identifiers" for iPad users, and which conducted a "brute force" attack to extract data about those users, who accessed the Internet through AT&T's network.
The authors of the slurper then provided stolen information to the website Gawker, which published an article naming well-known people whose emails had been compromised, including ABC News anchor Diane Sawyer, New York Mayor Michael Bloomberg and current Chicago Mayor Rahm Emanuel.
Tor Ekeland, a lawyer for Auernheimer, said his client was free on bail, and planned to appeal the verdict to the 3rd US Circuit Court of Appeals in Philadelphia.
"We disagree with the prosecutors' interpretation of what constitutes unauthorised access to a computer under the Computer Fraud and Abuse Act," Ekeland said. He called the prosecutors' interpretation of that federal law "extremely expansive."
The trial lasted about one week, excluding a disruption related to Hurricane Sandy, and jurors deliberated for a couple of hours, Ekeland added.
AT&T has partnered with Apple in the United States to provide wireless service on the iPad. After the hacking, it shut off the feature that allowed email addresses to be obtained.