Gun Owners are not the only one understanding freedom loss

[psijac]

Some Language.

Before entering the New Jersey courthouse to face his sentencing on March 18, 2013, Andrew Auernheimer (Weev) gave a short speech to the press and to his friends. Auernheimer was sentenced to 41 months in prison followed by three years supervised release.

Auernheimer revealed a security flaw in AT&T's iPad user database, allowing him to scrape the data from 114,000 iPad users. The information was later on given to a journalist. In January 2011, the FBI did an investigation and filed a criminal complaint.

Auernheimer was convicted on conspiracy to access a computer without authorization (18 U.S.C. § 1030(a)(2)(C), part of the Computer Fraud and Abuse Act of 1986) and fraud in connection with personal information (18 U.S.C. § 1028(a)(7)).

[youtube][/youtube]

[bagman45]

So instead of thanking him, and hiring him to help them prevent this in the future; they put him in jail and swept it under the rug... While he did breach personal sercurity of those he scraped, he didn't use it for personal game, he did it to make a point and help expose a major risk of actual loss. And they put him in jail. Welcome Amerika....

[poppo]

If someone breaks into your house and rifles thorough your personal belongings just to show they can do it, are you saying you would be happy about it and would not press charges just because they didn't actually take anything? Yeah right.

[C-dub]

If someone breaks into your house and rifles thorough your personal belongings just to show they can do it, are you saying you would be happy about it and would not press charges just because they didn't actually take anything? Yeah right.

Excellent point Poppo. If he were hired to check their security that would have been one thing, but no. He did this on his own. He's a hacker and thought he would expose a hole. Why didn't he go to Apple instead of a newspaper?

[2farnorth]

If someone breaks into your house and rifles thorough your personal belongings just to show they can do it, are you saying you would be happy about it and would not press charges just because they didn't actually take anything? Yeah right.

Excellent point Poppo. If he were hired to check their security that would have been one thing, but no. He did this on his own. He's a hacker and thought he would expose a hole. Why didn't he go to Apple instead of a newspaper?

Apple wouldn't have given him his 15 min of fame.

[C-dub]

If someone breaks into your house and rifles thorough your personal belongings just to show they can do it, are you saying you would be happy about it and would not press charges just because they didn't actually take anything? Yeah right.

Excellent point Poppo. If he were hired to check their security that would have been one thing, but no. He did this on his own. He's a hacker and thought he would expose a hole. Why didn't he go to Apple instead of a newspaper?

Apple wouldn't have given him his 15 min of fame.

Exactly and now he's got 41 months of fame.

[n5wd]

If someone breaks into your house and rifles thorough your personal belongings just to show they can do it, are you saying you would be happy about it and would not press charges just because they didn't actually take anything? Yeah right.

The problem is that he did NOT break into anyone's computer - he used an ATT server set up to provide EXACTLY the information that he collected. He merely wrote a PHP script that harvested the information and saved it, instead of using it only for the Ipad's own use, as ATT intended. When you start your Ipad (if it's an ATT 3G-enabled Ipad) you're accessing the exact same server he did. The only difference is that you're only doing it once, and you're not saving someone else's information.

[RottenApple]

The problem is that he did NOT break into anyone's computer - he used an ATT server set up to provide EXACTLY the information that he collected. He merely wrote a PHP script that harvested the information and saved it, instead of using it only for the Ipad's own use, as ATT intended. When you start your Ipad (if it's an ATT 3G-enabled Ipad) you're accessing the exact same server he did. The only difference is that you're only doing it once, and you're not saving someone else's information.

And that's where you are mistaken. He DID break into someone's computer.... AT&T's. If he had discovered the flaw and informed Apple/AT&T about it without gathering any data, THEN he wouldn't have broken any laws. But, as someone else already stated, he wouldn't have gotten any "fame" over it. Now he's reaping what he sowed.

BTW, a long, long time ago, when I was working as a programmer, my partners and I discovered a minor security flaw in RedHat 4.x (I forget exactly what version it was). We informed the RedHat community (since its open source) and then worked on a patch for it. Several other programmers confirmed it and also wrote patches. Ours was the most elegant fix and was incorporated into the next official build. We didn't call the media or anyone else about it and almost know one knew (outside the RH community) new about it at the time. And today I doubt anyone but us even remembers it!

[handog]

Oh but thanks to the so called Patriot (shred the Constitution Act.) The Feds can hack into my email. listen in on my phone calls. The IRS has hacked Ito my bank account. Looted it. No problem there! He's right this country is toast.


Tyranny is defined as that which is legal for the government but illegal for the citizenry.

[RottenApple]

Oh but thanks to the so called Patriot (shred the Constitution Act.) The Feds can hack into my email. listen in on my phone calls. The IRS has hacked Ito my bank account. Looted it. No problem there! He's right this country is toast.


Tyranny is defined as that which is legal for the government but illegal for the citizenry.

2 wrongs don't make a right (though 3 lefts do)....

[psijac]

The problem is that he did NOT break into anyone's computer - he used an ATT server set up to provide EXACTLY the information that he collected. He merely wrote a PHP script that harvested the information and saved it, instead of using it only for the Ipad's own use, as ATT intended. When you start your Ipad (if it's an ATT 3G-enabled Ipad) you're accessing the exact same server he did. The only difference is that you're only doing it once, and you're not saving someone else's information.

And that's where you are mistaken. He DID break into someone's computer.... AT&T's. If he had discovered the flaw and informed Apple/AT&T about it without gathering any data, THEN he wouldn't have broken any laws. But, as someone else already stated, he wouldn't have gotten any "fame" over it. Now he's reaping what he sowed.

BTW, a long, long time ago, when I was working as a programmer, my partners and I discovered a minor security flaw in RedHat 4.x (I forget exactly what version it was). We informed the RedHat community (since its open source) and then worked on a patch for it. Several other programmers confirmed it and also wrote patches. Ours was the most elegant fix and was incorporated into the next official build. We didn't call the media or anyone else about it and almost know one knew (outside the RH community) new about it at the time. And today I doubt anyone but us even remembers it!

I think there is a difference between Exploiting a security flaw and exploiting the fact that there is no security, Not even a password or encryption.

[RottenApple]

I think there is a difference between Exploiting a security flaw and exploiting the fact that there is no security, Not even a password or encryption.

Lets put it this way, is there a difference between someone who breaks a window to get not your home and one who walks through a door you left open/unlocked? Technically, perhaps. But legally? No way. The system he exploited/broke into (or whatever euphamism you prefer) did not belong to him. Neither was the information he took. Therefore what he did was illegal.

[dicion]

I think there is a difference between Exploiting a security flaw and exploiting the fact that there is no security, Not even a password or encryption.

Lets put it this way, is there a difference between someone who breaks a window to get not your home and one who walks through a door you left open/unlocked? Technically, perhaps. But legally? No way. The system he exploited/broke into (or whatever euphamism you prefer) did not belong to him. Neither was the information he took. Therefore what he did was illegal.

Actually, there is, legally.

If the window/door is open, it's criminal trespass.

If they open it, it's B&E.

[RottenApple]

Actually, there is, legally.

If the window/door is open, it's criminal trespass.

If they open it, it's B&E.

Right. And both are illegal.

[TexasGal]

Two words: Ankle Monitor

Why support this guy in prison for 41 months? He did a stupid thing. It was against the law. He deserves to be punished, but I'd rather his bunk at the prison had a rapist or murderer in it.