Hacker Found Guilty Of 2010’s Massive AT&T iPad Breach

Hacker Found Guilty Of 2010’s Massive AT&T iPad Breach

Way back in 2010, a security breach exposed the emails of 114,000 iPad owners. Eventually, the hackers behind it were arrested — and now one of them, Andrew Auernheimer, has been found guilty.

First, though, we need to refresh some memories. Auernheimer and a co-conspirator — both from Goatse Security — found a serious security flaw in US carrier AT&T’s iPad subscriber database. But instead of being patted on the back, they exploited the flaw — and wound up being arrested, each charged with one count of fraud and one count of conspiracy to access a computer without authorisation.

For Auernheimer, the charges have stuck: he now faces two five-year felonies for his efforts, The Verge reports. But there’s a little more to the story than you might expect. What’s weird about this particular case is that Auernheimer didn’t really hack anything. He didn’t steal passwords, or infiltrate a database — and AT&T admitted as much during the hearing.

That of course makes him sound almost virtuous. In truth he wrote a script that harvested email addresses from AT&T’s website. Still, it’s not clear how that counts as hacking.

In fact, as The Verge points out, the case rests on the 1986 Computer Fraud and Abuse Act, which makes it illegal to “access a computer without authorisation or exceed authorised access” on any “protected computer”. But that doesn’t really make much sense these days, as Auernheimer himself has highlighted:

“[T]he ‘protected computer’ is any network computer. You access a protected computer every day… have you ever received permission from Google to go to Google?”

As you’d expect, Auernheimer is planning to appeal. [WIRED, The Verge]