Hacker gets 3.5 years for stealing iPad user data

Andrew Auernheimer is seen in this police booking photograph taken by the Fayetteville, Arkansas Police Department June 15, 2010 and released January 18, 2011. Credit: Reuters/Fayetteville Police/Handout

A computer hacker was sentenced on Monday to three years and five months in prison for stealing the personal data of about 120,000 Apple iPad users, including big-city mayors, a TV network news anchor and a Hollywood movie mogul.

Andrew Auernheimer, 27, had been convicted in November by a Newark, New Jersey, jury of one count of conspiracy to access AT&T servers without permission, and one count of identity theft.

The sentence imposed by US District Judge Susan Wigenton in Newark was at the high end of the 33- to 41-month range that the US Department of Justice had sought.

Prosecutors had said prison time would help deter hackers from invading the privacy of innocent people on the Internet.

Among those affected by Auernheimer's activities were ABC News anchor Diane Sawyer, New York Mayor Michael Bloomberg, Chicago Mayor Rahm Emanuel and Hollywood movie producer Harvey Weinstein, prosecutors said.

"When it became clear that he was in trouble, he concocted the fiction that he was trying to make the internet more secure, and that all he did was walk in through an unlocked door," US Attorney Paul Fishman said in a statement.

"The jury didn't buy it, and neither did the court in imposing sentence."

Auernheimer had sought probation. His lawyer had argued that no passwords were hacked, and that a long prison term was unjustified given that the government recently sought six months for a defendant in a case involving "far more intrusive facts."

The lawyer, Tor Ekeland, did not immediately respond to requests for comment on Monday. He has said his client would appeal.

Prosecutors called Auernheimer a "well-known computer hacker and internet 'troll,'" who with co-defendant Daniel Spitler and the group Goatse Security tried to disrupt online content and services.

The two men were accused of using an "account slurper" designed to match email addresses with identifiers for iPad users, and of conducting a "brute force" attack to extract data about those users, who accessed the internet through the AT&T servers.

This stolen information was then provided to the website Gawker, which published an article naming well-known people whose emails had been compromised, prosecutors said.

Spitler pleaded guilty in June 2011 to the same charges for which Auernheimer was convicted, and is awaiting sentencing.

Gawker was not charged in the case. In its original article, Gawker said Goatse obtained its data through a script on AT&T's website that was accessible to anyone on the internet.

Gawker also said in the article that it established the authenticity of the data through two people listed among the names. A Gawker spokesman on Monday declined to elaborate.

AT&T has partnered with Apple in the United States to provide wireless service on the iPad. After the hacking, it shut off the feature that allowed email addresses to be obtained.