Self-described troll and Grey hat AT&T Hacker Andrew "Weev" Auernheimer, 26, has been sentenced to 41 months in prison for exploiting an AT&T security hole three years ago, and releasing thousands of iPad owners email addresses. According to authorities, they obtained the ICC-ID and e-mail address for about 120,000 iPad users.
Each charge carried with it a potential prison terms of five years. He will serve 41 months in a federal prison, with concurrent probation for three years. He also owes restitution to the U.S. Treasury to be dispersed to AT&T in the amount of $73,000.
In 2010, Auernheimer and Daniel Spitler, discovered that visiting an unsecured AT&T Web server and entering a number associated with the customer's wireless account allowed him to obtain that customer's email address.
Computer security researcher Charlie Miller tweeted "We could all go to jail for security research at any moment, and a jury would happily convict us."
Auernheimer compared his prosecution to that of Aaron Swartz. In January, Internet activist Aaron Swartz committed suicide while facing trial for allegedly stealing millions of scholarly journal articles from the digital archive JSTOR using MIT's network. Swartz faced a potential sentenced of more than 30 years in prison.