Andrew Auernheimer, or “Weev” as he’s known in the hacking world, has appealed his recent conviction of unlawfully accessing AT&T servers. This appeal was filed last week and explained how Auernheimer did not violate any laws when accessing AT&T’s servers as the company made the information available freely on the web.
Auernheimer’s appeal:
The appeal contends that Auernheimer did not violate law by accessing AT&T servers. The company had linked the Integrated Circuit Card ID (ICC-ID), a serial number on the SIM card of an iPad with mobile connectivity, with the user’s email address.
When a user visited AT&T’s website, the email field would automatically be populated based on the ICC-ID, which was apparently intended to help users save time when logging in.
But Auernheimer’s friend, Daniel Spitler, discovered that changing the ICC-IDs by a single digit would return a new user’s email address. Then the two men developed an application called the “iPad 3G Account Slurper” to pull the names and email addresses en masse.
Since the data was freely available on the internet, Auernheimer’s actions did not constitute theft, the appeal contends.
Auernheimer was convicted of hacking AT&T servers to obtain 114,000 email addresses of 3G iPad users on the network. These email addresses included some high-profile iPad users including Chicago Mayor Rahm Emmanuel Partially censored copies of these emails were then given to Gawker and were later published. However, in order to obtain this information, Auernheimer didn’t actually have to perform any hacking as all information was available publicly. Weev is currently serving 41 months due to the overreaching Computer Fraud and Abuse Act.