Today in astonishing prison time for computer crimes: Andrew 'weev' Auernheimer has been sentenced to 41 months in jail, pretty much because he handed over some iPad email addresses to Gawker. Yes, that's a very long time for something that might not even be considered a crime. In addition, Auernheimer has to pay $73,000 to AT&T, all allegedly because he obtained "unauthorized access" to AT&T's information. The feds are using the now all too familiar charge of conspiracy to access a computer without authorization, along with a count of identity fraud — both of which Auernheimer was found guilty of back in November — to back up the three-plus years in prison, which he's appealing. But while the cases of Aaron Swartz and Matthew Keys made them into even bigger heroes because of villainous sounding prosecutions and astonishingly long potential jail times, this harsh sentencing might make a champion out of a guy who, really, is just an expert troll.
Back in June 2010, the man known as Weev, operating with the organization Goatse Security, exposed an AT&T security hole, which made email addresses publicly accessible. Using a program called "account slurper," which Weev didn't even write himself, he collected these emails and then sent them to Gawker — just to prove a point, he insisted. Like any good troll, Auernheimer did it to get a rise out of people, telling Gawker's Adrian Chen that he thinks the breach wasn't "a big deal" and that "What made it big is the way I presented it." At a press conference before his sentencing, Auernheimer reiterated that point: "I'm going to jail for doing arithmetic," he said. Really, all he did was collect e-mail addresses, something that a lawyer told Chen does not at all break the law. And yet, because of the now famously harsh penalties for "unauthorized access" in the Computer Fraud and Abuse Act, Weev is facing several years in prison for a felony crime. (In a case of downloading academic papers from JSTOR, Swartz at one point faced 35 years in jail before he killed himself; Keys is facing 25 years for changing some copy on a Los Angeles Times story about a tax deal in Washington.)
But the case against Weev — and how he obtained said "unauthorized access" — appears to be even thinner than the one against Swartz. At MIT, Swartz snuck into a closet and created fake account names to game a system. (Still, many argue that he did not deserve felony charges for obtaining access to JSTOR documents by way of the school servers.) And Weev just took advantage of a security vulnerability. He found an "open door," as Motherboard's Alex Pasternack explains, and he didn't even use the information for his own gain: "while they had considered exploiting their score for personal gain, [Weev and his hacking partner Daniel Spitler] acted mostly in the public interest, releasing what they found only to Gawker."
Perhaps like the indictments of Keys and Swartz, the feds want to set an example with Weev. But it's also possibly that he's receiving such a harsh sentence and perhaps undue attention because of his outsize online persona. Wee, after all, is a professional troll. Chen, who covers a lot of these types, called him "The Internet's Best Terrible Person." On the evening of his sentencing, Weev was still at it — during a Reddit Ask Me Anything Sunday night he said a bunch of inflammatory things, including another threat to AT&T. That didn't go unnoticed by the jury, which cited his AMA three times in its sentencing letter to the judge in his case. They also pointed to his Encyclopdia Dramatica — a "satirical" Wiki entry, which describes Auernheimer as an "eDork" who "smells of rotting turnips." Indeed, his own trial may have been his most successful troll yet.