Back in 2010, hackers from Goatse Security found a major iPad security flaw in AT&T’s website that exposed thousands of iPad owners’ email addresses. Instead of using the iPad hack to publish the emails, though, or using them for financial gain, the hackers went public to warn iPad users about the security flaws on AT&T’s website. Now, two years later, one of the hackers arrested for the breach, Andrew Auernheimer, has been found guilty.
Both hackers were charged for the same thing, but 27-year-old Auernheimer has been found guilty on one count of identity fraud and one count of conspiracy to access a computer without authorization. This means he is facing two consecutive five-year felony charges for exploiting the flaw. The other hacker, Daniel Spitler, accepted a plea bargain last year.
The weird thing about him being found guilty, though, is that he didn’t actually hack anything. He didn’t steal any passwords or break into AT&T’s customer database, which AT&T confirmed during the hearing. Basically, Auernheimer is guilty of breaking the Computer Fraud and Abuse Act of 1986, which makes it illegal to “access a computer without authorization or exceed authorized access” on any “protected computer.” Auernheimer argued this act doesn’t really make sense anymore and said this to the press, “the ‘protected computer’ is any network computer. You access a protected computer every day. Have you ever received permission from Google to go to Google?”
Image Credit: BGR