A hacker has been found guilty of a massive security breach that exposed the emails of more than 114,000 iPad owners back in 2010. Andrew Auernheimer was one of two Goatse Security members who were arrested for exposing the major flaw in AT&T’s database, and he now faces two five-year charges.Auernheimer worked alongside Daniel Spitler to gain access to AT&T’s iPad subscriber database and expose the email addresses of more than 114,000 iPad owners, including politicians, celebrities, and business people. Both hackers were charged with one count of fraud, and one count of conspiracy to access a computer without authorization.
Auernheimer was found guilty this week, and he now faces two five-year felony sentences for his efforts. But what’s interesting is that, according to Gizmodo, Auernheimer didn’t actually hack anything. He didn’t steal any passwords or infiltrate any databases, and AT&T admitted that during the hearing.
So why was he charged? Well, Auernheimer wrote the script that harvested emails from AT&T’s database. But technically, that’s still not hacking. The case rests on the 1986 Computer Fraud and Abuse Act, which says it’s illegal to “access a computer without authorization or exceed authorized use.”
The problem with that Act is that it’s now very outdated, and it doesn’t make a whole lot of sense in this day and age — as Auernheimer himself pointed out:
[T]he ‘protected computer’ is any network computer. You access a protected computer every day… have you ever received permission from Google to go to Google?
As a result of this, Auernheimer is planning to appeal the charges.