March 18 (Bloomberg) -- The head of a computer hacking group was sentenced to three years and five months in prison for breaching AT&T Inc. servers and stealing personal information of more than 114,000 users of Apple Inc. iPads.
Andrew Auernheimer, 27, was sentenced today in federal court in Newark, New Jersey, where he was convicted Nov. 20 of conspiring to gain unauthorized access to AT&T servers and disclosing private data to a reporter for the website Gawker. Auernheimer, who helped run a group called Goatse Security, was handcuffed during the hearing, provoking gasps from supporters.
“I didn’t come here today to ask for forgiveness,” Auernheimer told U.S. District Judge Susan Wigenton. “The Internet is bigger than any law can contain. Many, many governments that have attempted to restrict the freedoms of the Internet have ended up toppled.”
After Auernheimer spoke, prosecutor Michael Martinez addressed the judge.
“He blames others,” Martinez said. “Instead of accepting personal responsibility for his own conduct, he blames AT&T.”
The law draws “a bright line” in the case, Martinez said.
“When someone has gained access without a user’s permission, that’s a clear trespass,” he said. “He says that the reason we’re here is because we don’t like his ideas. The reason that we’re here is that he wrote a code and engaged in a clear trespass.”
As Martinez spoke, a U.S. marshal approached Auernheimer from behind and told him to put away his phone. Other marshals pushed his head against the defense table and handcuffed him.
Wigenton declared a recess, and the marshals escorted Auernheimer to a side room. When he returned a few minutes later, he was shackled, with a chain around his waist and handcuffs attached to the chain.
He grinned at supporters. Several raised fists in support.
“While you consider yourself to be a hero of sorts, without question the evidence that came out at trial reflected criminal conduct,” the judge said in imposing the sentence. “You’ve shown absolutely no remorse. You’ve taken no responsibility for these criminal acts whatsoever. You’ve shown no contrition whatsoever.”
Aside from the conspiracy charge, Auernheimer also was convicted of possession and transfer of means of identification, which each carried five-year terms. Under advisory sentencing guidelines, he faced 41 months, which the judge imposed. She also ordered him to pay restitution of $73,167 to AT&T.
The judge ordered that his prison term begin immediately, a request that his attorney made during the hearing.
Auernheimer had requested probation. He will appeal, said his lawyer, Tor Ekeland. Outside the courtroom, Ekeland said the Computer Fraud and Abuse Act doesn’t clearly define what constitutes unauthorized access to computers.
“This law is not at all clear,” Ekeland said.
Ekeland said he was “not quite sure” what Auernheimer was doing before he was handcuffed in the courtroom.
“I think he may have been tweeting,” Ekeland said. Marshals, he said, shoved “him face down on the table, and they cuffed him.”
Auernheimer was part of a loose association of hackers and so-called Internet trolls who make computer intrusions and attacks, prosecutors said.
In June 2010, Auernheimer created computer code that lied to computer servers and allowed him to steal personal identifying information of iPad users. After the breach, Auernheimer gave interviews touting his actions.
“The evidence at trial -- including e-mails, Internet chats, and websites that captured the defendant’s words while he was committing this crime -- proved” that Auernheimer knew he was stealing, prosecutors said in court papers. He disclosed private data to generate publicity for himself and his firm, the U.S. said.
Auernheimer claimed he sought to protect the public from corporate security vulnerabilities. He gave interviews denouncing his prosecution and posted an “iPad Hack Statement of Responsibility” on Jan. 21, according to court records.
“I did this because I despised people I think are unjustly wealthy and wanted to embarrass them,” Auernheimer wrote.
At the trial, Daniel Spitler, a co-defendant who pleaded guilty, testified against Auernheimer. Spitler is awaiting sentencing.
The Electronic Frontier Foundation, which seeks to protect civil liberties in the digital world, said will join the appeal of Auernheimer, known to his supporters as “Weev.”
“Weev is facing more than three years in prison because he pointed out that a company failed to protect its users’ data, even though his actions didn’t harm anyone,” EFF senior staff attorney Marcia Hofmann said in a statement. “The punishments for computer crimes are seriously off-kilter, and Congress needs to fix them.”
The case is U.S. v. Auernheimer, 2:11-cr-00470, U.S. District Court, District of New Jersey (Newark).
To contact the reporter on this story: David Voreacos in Newark, New Jersey, at email@example.com.
To contact the editor responsible for this story: Michael Hytha at firstname.lastname@example.org.