A New York man was convicted of hacking into AT&T Inc.’s servers, stealing the e-mail addresses and personal information of about 120,000 Apple Inc. iPad users, and giving the information to a reporter at Gawker.
Andrew Auernheimer, 27, was found guilty today by a federal jury in Newark, New Jersey, U.S. Attorney Paul Fishman said in a statement. Auernheimer was convicted of conspiracy and possession and transfer of the iPad users’ account information. He faces as long as five years in prison for each of the two counts, according to the statement.
Auernheimer and a co-defendant who pleaded guilty belonged to Goatse Security, a “security research” group, prosecutors said. They created an “iPad 3G Account Slurper” script and deployed it against Dallas-based AT&T’s servers for several days in June 2010, according to prosecutors.
The Account Slurper mimicked the behavior of an iPad to deceive the servers into granting access, prosecutors said. After stealing the user data, the hackers provided it to Gawker, which published the information in redacted form along with an article on the breach, the U.S. said.
Tor Ekeland, Auernheimer’s lawyer, said he will appeal the verdict.
“This is a dangerously vague and broad interpretation of what constitutes unauthorized access under the computer fraud and abuse act,” Ekeland said in a telephone interview. “It criminalizes normal behavior.”
The case is U.S. v. Auernheimer, 11-470, U.S. District Court, District of New Jersey (Newark).