A federal jury convicted a New York man on Tuesday of hacking into AT&T servers and stealing the e-mail addresses and other personal data of about 120 000 Apple iPad users, said a US attorney in New Jersey.
Andrew Auernheimer, 27, was convicted by a Newark, New Jersey, jury of one count of conspiracy to access the servers without permission, as well as one count of identity theft, said US attorney Paul Fishman.
The defendant faces a maximum five years in prison and $250 000 fine on each count. A co-defendant, Daniel Spitler, pleaded guilty to the same charges in June 2011 and is awaiting sentencing.
Prosecutors said Auernheimer and Spitler were affiliated with Goatse Security, a group of Internet "trolls" that tries to disrupt online content and services.
According to the government, the men used an "account slurper" that was designed to match e-mail addresses with "integrated circuit card identifiers" for iPad users, and which conducted a "brute force" attack to extract data about those users, who accessed the Internet through AT&T's network.
The authors of the slurper then provided stolen information to the Web site Gawker, which published an article naming well-known people whose e-mails had been compromised, including ABC News anchor Diane Sawyer, New York mayor Michael Bloomberg, and Chicago mayor Rahm Emanuel, prosecutors said.
Tor Ekeland, a lawyer for Auernheimer, said his client was free on bail, and planned to appeal the verdict to the 3rd US Circuit Court of Appeals in Philadelphia.
"We disagree with the prosecutors' interpretation of what constitutes unauthorised access to a computer under the Computer Fraud and Abuse Act," Ekeland said in a phone interview. He called the prosecutors' interpretation of that federal law "extremely expansive".
The trial lasted about one week, excluding a disruption related to Hurricane Sandy, and jurors deliberated for a couple of hours, Ekeland added.
AT&T has partnered with Apple in the United States to provide wireless service on the iPad. After the hacking, it shut off the feature that allowed e-mail addresses to be obtained.
Share