NEWARK, N.J., March 18 (UPI) -- A U.S. hacker who exploited a security flaw in AT&T's iPad registration scheme to download information on iPad users has been sentenced to 41 months in prison.
A federal judge said Andrew Auernheimer, better known by his online handle "weev," will be subject to three years of supervised release after his sentence and he and a co-defendant have been ordered to pay AT&T $73,000, arstechnica.com reported Monday.
Auernheimer discovered a vulnerability in the website used to register iPad users who signed up for AT&T's 3G service that allowed him to obtain tens of thousands of email addresses of iPad owners, which federal prosecutors maintained was a violation of the Computer Fraud and Abuse Act.
On the website, an iPad's ICC-ID -- a unique identifier embedded in the device's microSIM card -- would return a user's email address.
Auernheimer was able to estimate and enumerate tens of thousands of ICC-ID numbers and obtain the corresponding email addresses.
"I'm going to jail for doing arithmetic," Auernheimer said at a news conference before his sentencing.
Auernheimer expressed no remorse for his act.
"My regret is being nice enough to give AT&T a chance to patch before dropping the data set to Gawker," he wrote in a news blog thread. "I won't nearly be as nice next time."
Prosecutors cited his remarks as a reason to justify a longer prison sentence.
Auernheimer said he would appeal his conviction.
