The Arkansas man accused of hacking into AT&T servers and stealing personal data of over 120,000 Apple iPad users is negotiating a plea agreement.
Andrew Auernheimer was indicted earlier this month by a Newark, N.J., federal grand jury on one count of conspiracy to gain unauthorized access to computers and one count of identity theft.
Reuters reported this week that U.S. District Judge Susan Wigenton put Auernheimer’s case on hold, saying “plea negotiations are currently in progress and both the United States and the defendant desire additional time to finalize a plea agreement, which would render trial of this matter unnecessary.”
His co-defendant Daniel Spitler pleaded guilty June 23 to the same charges. His sentencing is scheduled for late September and he faces a possible 12- to 18-month prison term.
Auernheimer and Spitler allegedly were members of an Internet group that aims to disrupt online services. The men, according to officials, wrote a script called the “iPad 3G Account Slurper“ and deployed it against AT&T's servers to steal iPad 3G users' personal information.
The Account Slurper attacked AT&T's servers for several days in June 2010, and was designed to harvest as many Integrated Circuit Card Identifiers, a number unique to the user's iPad, and email address pairings as possible. Once deployed, the Account Slurper used a brute force attack against the servers, randomly guessing at ranges of ICC-IDs. An incorrect guess was met with no additional information, while a correct guess was rewarded with an ICC-ID/email pairing for a specific, identifiable iPad 3G user.
Auernheimer went by the online name Weev and has a history of being very forthcoming about his trolling activities. He previously told The New York Times, “I hack, I ruin, I make piles of money. I make people afraid for their lives.“