However, prosecutors argued that Auernheimer was a “well-known computer hacker and internet troll” who had tried to disrupt online content and services by working with co-defendant Daniel Spitler and the group Goatse Security.
The group used “brute force” attack to extract user data accessing AT&T servers and then provided stolen information to the website Gawker. The group had also told Gawker that they did not use any special methods to obtain the data but just used a script on AT&T’s website, which was accessible to anyone on the internet. AT&T has removed that feature following the disclosure of weakness.
US Attorney Paul Fishman said in a statement, “When it became clear that he was in trouble, he concocted the fiction that he was trying to make the internet more secure, and that all he did was walk in through an unlocked door.” Fishman added, “The jury didn’t buy it, and neither did the court in imposing sentence.”
On Monday, Auernheimer was convicted on one count of conspiracy to access AT&T Inc servers without permission, and on one count of identity theft. U.S. District Judge Susan Wigenton sentenced Auernheimer to three years and five months in prison.
Auernheimer’s lawyer had argued that Auernheimer did not hack any passwords, and such a long prison term was inappropriate given that in a recent case the government had sought only six months for a hacker in a case with “far more intrusive facts.”
The lawyer of Auernheimer said his client would appeal and, “If this is criminal, then tens of thousands of Americans are committing computer crimes every other day … There really was no harm.”