Infamous hacker/troll Weev jailed ‘for doing arithmetic’

Jesse Brown on the grey world of digital information sharing

Andrew Auernheimer leaves the courthouse after posting bail on Monday, Feb. 28, 2011 in Newark, N.J. (Julio Cortez/AP)

If comedian Lenny Bruce were alive today, he’d be a hacker.

Think about it; there’s not much left to say on a stand-up stage that truly threatens authority or social orthodoxy. It’s hard to imagine Louis CK or Chris Rock going to jail, or even to court, over their filthy routines. But governments, courts and corporations are proving remarkably touchy about what we do and say with our computers. While Lenny Bruce was sentenced to jail for using common language to say things that were obviously true, today you can similarly lose your freedom for using common computer techniques to expose obvious realities.

Case in point is the trial of Weev. Andrew Auernheimer, the infamous hacker/troll/prankster, has been sentenced to 3.5 years in prison for violating the U.S. Computer Fraud and Abuse Act, the same law used to prosecute Aaron Swartz.

Here’s what Weev did:

When the iPad came out, thousands of new owners subscribed to mobile data service for it through AT&T. Weev discovered that a public web page posted by AT&T revealed the email addresses of these iPad owners. There was no hacking involved in obtaining the emails–just change the seemingly random number included in the web address, and the page would spit out a stranger’s email address. Weev and a friend wrote a script to automate this, adding a digit to the number and getting a new address, one at a time. They quickly collected 114,000 emails this way, including the addresses of prominent early iPad owners like Rahm Emmanuel and Harvey Weinstein.

Had Weev been a “white hat” hacker, he might have privately informed AT&T of the security gap and given them the chance to close it without embarrassment. Had he been a “black hat” hacker, he might have found a way to sell the data or otherwise exploit it. But Weev considers himself a “gray hat” hacker. He didn’t want to profit from the discovery or harm the people whose information was compromised: He just wanted to embarrass AT&T for their poor data hygiene. So he sent a sample of the emails to Gawker as proof of the bug, in the hopes that they would run a story on the corporation’s blunder.

For that, he’s going to jail. He and his co-defendant will also have to pay AT&T $73,000 in restitution. (One wonders what AT&T might have paid Weev to have learned of the bug before he went public. Google, for example, pays hackers up to $150,000 each for cracking their software and telling them how.)

Before his sentencing, Weev said to a crowd assembled outside the court, “I’m going to jail for doing arithmetic.”  As they made the case for his incarceration, Weev’s prosecutors admitted that they did not understand computers.

Bruce’s tormenters similarly bragged about not having seen the comedy routine they were persecuting him for.

Weev plans to appeal his conviction, and the Electronic Frontier Foundation has taken on his case.

Follow Jesse on Twitter @JesseBrown

Looking for more?

Get the Best of Maclean's sent straight to your inbox. Sign up for news, commentary and analysis.