Andrew ‘Weev’ Auernheimer was convicted for hacking AT&T’s servers, but he has been released from prison. Auernheimer won an appeal against the conviction for exploiting a vulnerability in AT&T’s website to collect the e-mail addresses from Apple iPad users. Weev hacked AT&T in 2010 and was convicted for 41 months.
The U.S. Court of Appeals for the Third Circuit overturned a verdict on Friday and found that the venue that Auernheimer was charged and prosecuted was not appropriate because the alleged offenses did not happen there.
Auernheimer worked with a man named Daniel Spitler to exploit the AT&T vulnerability to collect the e-mail addresses of 114,000 new Apple iPad owners.
The two men found out that the AT&T website automatically completed a log-in form with e-mail addresses that were associated with SIM card serial numbers (ICC-ID) passed through a URL. So they built a program that took advantage of this feature to grab the e-mail addresses of AT&T iPad users by submitted random ICC-IDs. Then they contacted several media organizations to inform them about the security issue.
Spitler and Auernheimer were charged in Newark, New Jersey for identity theft and conspiracy to violate the Computer Fraud and Abuse Act (CFAA). Spitler pleaded guilty and received probation, but Auernheimer was unsuccessfully able to fight the charges in a jury trial and was sentenced to 41 months in prison. He started serving time in March 2013.
This past Friday, the federal appeals court agreed that the venue for the case was not appropriate and ordered that Auernheimer should be released from prison.