One of the two men accused of hacking AT&T’s website to grab personal information about thousands of iPad users has been released on bail.
Andrew Auernheimer was released from custody on Monday on a US$50,000 bond. He will be working for a friend’s New Jersey company as a computer consultant while out on bail, according to the U.S. Department of Justice. Auernheimer is not allowed to travel outside of New Jersey and New York and is prohibited from using Internet-enabled cell phones. While on bail, he can use the Internet, but only for work-related tasks, the DOJ said.
Auernheimer, who used the hacker name Weev, and Daniel Spitler were charged with fraud and conspiracy last month in connection with the June 2010 incident, where members of their hacking group downloaded data on about 120,000 iPad users and handed it over to a reporter, saying they had uncovered an important security vulnerability in the AT&T website.
The flaw allowed them to obtain both the e-mail addresses and unique ICC-ID (integrated circuit card identifier) numbers belonging to the iPad users.
In subsequent interviews, Auernheimer said he was trying to make AT&T aware of a serious security flaw.
He also said his group had notified AT&T about the issue, but court documents cast doubt on that claim. “[Y]ou DID call tech support right?” asked one hacker, named Nstyr, in a chat log excerpt obtained by prosecutors. “[T]otally but not really,” Auernheimer replied. “[I] don’t… care [I] hope they sue me.”
Spitler made bail after appearing in a New Jersey court last month.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is firstname.lastname@example.org