updated 03:27 pm EDT, Mon March 18, 2013
Length of prison term generates criticism
One of the hackers behind a 2010 leak of 114,000 email addresses tied to AT&T iPad owners has been sentenced to 41 months in prison, reports say. Andrew Auernheimer was found guilty of conspiracy and identity fraud in November, and like co-defendant Daniel Spitler, has been ordered to pay AT&T $73,000 in damages. Spitler, though, received a 12- to 18-month prison sentence after pleading guilty in 2011.
Prosecutors originally recommended a four-year sentence for Auernheimer. Today's ruling has already generated some media controversy, since Auernheimer technically didn't hack AT&T. Instead he and Spitler wrote a script that generated numbers for iPad SIM cards, and used that information to get AT&T's website to return email addresses connected to real iPad owners. Those addresses also don't appear to have been used for malicious purposes.
Several factors contributed to the sentencing. Prosecutors for instance pointed to a Reddit Ask Me Anything thread, where Auernheimer appears to show relatively little remorse, saying that his only regret is being too nice to AT&T and giving them time to fix its security; he promises that he "won't nearly be as nice next time." They also cited accusations on Auernheimer's page on Encyclopedia Dramatica, despite the site being a publicly-edited spoof of Wikipedia.
The sentencing may also have been influenced by the email addresses that were exposed. While most of them belonged to regular iPad buyers, celebrities on the list included people like then-White House Chief of Staff Rahm Emanuel and New York City mayor Michael Bloomberg.
After Auernheimer's prison term is complete, he will still be subject to another three years of supervised release.