Andrew “Weev” Auernheimer, one of the hackers responsible for exploiting a security flaw in AT&T’s website to steal over 110,000 email addresses from iPad subscribers, has appealed the 41-month sentence that was handed to him back in March.
Auernheimer still maintains he did not violate any laws when he accessed AT&T’s servers, and notes that all of the information he obtained was already available to the public on the Internet.
The appeal reads:
The appeal contends that Auernheimer did not violate law by accessing AT&T servers. The company had linked the Integrated Circuit Card ID (ICC-ID), a serial number on the SIM card of an iPad with mobile connectivity, with the user’s email address.
When a user visited AT&T’s website, the email field would automatically be populated based on the ICC-ID, which was apparently intended to help users save time when logging in.
But Auernheimer’s friend, Daniel Spitler, discovered that changing the ICC-IDs by a single digit would return a new user’s email address. Then the two men developed an application called the “iPad 3G Account Slurper” to pull the names and email addresses en masse.
Since the data was freely available on the internet, Auernheimer’s actions did not constitute theft, the appeal contends.
Auernheimer was found guilty back in November, and he was handed his conviction earlier this year. His friend, Daniel Spitler, who was responsible for the software behind the hack, pleaded guilty in June 2012 and received a 12-18 month sentence.
Between them, Auernheimer and Spitler obtained over 114,000 email addresses from AT&T, including those of many high-profile subscribers, including Chicago Mayor Rahm Emmanuel. The pair exacerbated the whole affair when they passed on the email addresses so that they could be published on the Internet.