‘Grey hat’ hacker convicted for 2010 AT&T security breach

November 23, 2012

Businesses aware of the importance of cyber security and vulnerability management may be interested to know that a US federal jury has officially convicted noted computer hacker Andrew Auernheimer for his part in an AT&T security breach which occurred in mid-2010.

The high profile incident involved Auernheimer and a loose affiliation of grey hat security experts exploiting a vulnerability in the AT&T security system which enabled them to access the personal email addresses of 114,000 iPad users.

Auernheimer, also known by the hacker alias weev, was convicted of one count of identity theft and one count of conspiracy to access servers without permission, according to a Reuters article published November 20.

The 27-year-old has been tweeting regularly during court proceedings, and confirmed the ruling in a message posted November 20 which read "guilty on both counts. Headed home for the day".

The decision has sparked much controversy on social media and from technology journalists, with some users endorsing Auernheimer's claims that he was merely acting in the best interest of the public.

In a piece of official testimony published to twitter by Gawker staff writer Adrian Chen, Auernheimer is shown to have argued that his intention was to "comment and criticise".

When asked whether his motivation was a "moral obligation" to tell people that their personal information was at risk, Auernheimer replied:

"I didn't say that was motivation, I'm saying that's – there's perhaps a moral obligation. My motivation is to comment and criticise large companies."

"It's sad that AT&T customers had to be, you know, had to be notified that their company put them at risk. But it's better than not knowing," said Auernheimer at a different point in the proceedings.

Auernheimer has been described as a 'grey hat' hacker, which essentially means his motives and actions fall somewhere between the ethical hacking viewpoint of 'white hat' hackers and the malicious intentions of a 'black hat' hacker.

Auernheimer, who plans to appeal the verdict, could now face a maximum penalty of five years in prison and a $250,000 fine for each count.

Leave a Reply

Your email address will not be published. Required fields are marked *