
“The AT&T Hacker” Sentenced To 41 Months In Prison - dirkdk
http://techcrunch.com/2013/03/18/andrew-auernheimer-aka-the-att-hacker-sentenced-to-41-months-in-prison-3-years-probation-and-restitution-of-73k/
======
rdl
Marcia Hofmann is joining his appeals team, so I suspect this is going to
SCOTUS.

Normally you pick the _most_ compassionate defendant (like they did in Heller
in DC) for a test case. Weev is probably the _least_ sympathetic defendant.
But I guess you go to war with the weev you have, not the aaronsw you wanted.

~~~
smsm42
I think somebody that publishes this:
[http://www.reddit.com/r/IAmA/comments/1ahkgc/i_am_weev_i_may...](http://www.reddit.com/r/IAmA/comments/1ahkgc/i_am_weev_i_may_be_going_to_prison_under_the/c8xgqq9)
a day before his sentencing is either completely sure for some reason he gets
away with it or is an idiot. Nothing more effective to prove you're not a
criminal that saying in public "I only regret I didn't do more harm to whoever
they accusing me of harming, next time will be worse". It's like saying "no, I
didn't beat up this guy but my only regret is that I didn't break his other
arm too". Smart move.

~~~
rdl
I think the thing is that weev genuinely doesn't care if he gets 41 months vs.
36 months. This is a long troll by him; by being a troll, he brings more
attention to the case, maximizing lulz, and bringing bigger guns to bear in
his defense.

If he'd gotten 3-6 month suspended sentence, even if you thought that was a
bit much for essentially incrementing numbers, you'd probably not care much.

If he were facing life in prison, you'd probably leave the US if you were
doing anything in security research, change how you vote, etc.

~~~
smsm42
If he doesn't care why should I? I know many security researchers who aren't
trolls and they are doing fine. When it happens to somebody who isn't
purposefully self-destructive, then it may be a better case for concern.

~~~
DanBC
> If he doesn't care why should I?

If you pay US taxes you're paying to keep him in jail. I think he's a vile
idiot. I don't think he should be in prison.

There's a bunch of stuff that I think he did wrong, but I'll have to read the
court documents to see if I agree with them.

For example: He could have written a proof of concept script, and only
downloaded a sample 10 pages, rather than grabbing as many as possible.

I might think that would have prevented him going to jail, but would the court
agree?

~~~
at-fates-hands
Most likely. He would at least have leverage to say he just needed proof the
exploit worked after he notified AT&T (which he claims he did, but I didn't
find any clear evidence he had). Once you download over 100,000 records, your
intent becomes a lot clearer in the eyes of the law.

Had he only downloaded a few records, chances are he might get some community
service and probation. Also, his stupidity in taking to Reddit to proclaim
next time he won't be so nice didn't help either.

~~~
sneak
I believe from extensive conversations with weev that his intent is and was
always to fuck with ATT as much as possible without targeting innocents.

Malicious? Sure. Criminal. Not a chance.

He loves manipulating press and media for his own entertainment. The bigger
the number, the bigger of an asshole he makes ATT look like by their not
protecting it, and the more anguish he causes their management by damage to
their brand and stock price.

A valid effort, I think, as manipulating some shitty corporation's reputation
with FACTUAL DATA is one of the least underhanded ways of achieving the goal
of "fuck with ATT".

------
rayiner
It should be noted that he was convicted on two counts: conspiracy to access a
computer system without authorization, and fraud in connection with personal
information.

The way the CFAA works is that it's a misdemeanor unless the illegal access is
pursuant to some other crime, which bumps it up to a felony. Had weev simply
stumbled upon AT&T's security flaw and reported it AT&T, the worst they could
have gone after him for is a misdemeanor.

People are acting like the fact that he downloaded tens of thousands of pieces
of personal information is totally irrelevant, but it's not. It's highly
relevant. It's why he's been convicted of a felony rather than a misdemeanor.
And it should make intuitive sense and it's mind-boggling to me that somehow
people on here intellectualize the situation to the point where they write out
this part of the facts.

In meat space, the crime of trespassing can range in severity from a nothing
to a serious felony depending on what the surrounding circumstances says to a
jury about the trespasser's intent. Here, it was totally reasonable for a
dispassionate observer to conclude that weev's intent in downloading tens of
thousands of pieces of personal information (not to mention the IRC
conversations) was seriously malevolent.

It should finally be noted that the "fraud in connection with personal
information" conviction would have been by itself sufficient to support the
sentence.

~~~
sneak
Possessing email addresses should not be a crime.

Identity fraud for a list of emails? Really?

It's insane even if you assume they were pristine and never received any spam
before weev came along and "stole" them. Furthermore, the list was never sold,
distributed, or published.

An excerpt was sent to the media.

They kicked around the idea of spearphishing, of spamming, of pastebinning it,
of selling it. In full knowledge of the value and leverage that this data
allowed, they contacted the media and deleted their own copies. It profited
them nothing.

The idea that this is akin to trespassing is simultaneously both obtuse and
dangerous. There were _no_ access controls; ATT themselves said in court that
the information was published (by them) on the web.

~~~
rayiner
> Possessing email addresses should not be a crime.

Collecting lists of e-mail addresses from private databases without
authorization should be.

> Identity fraud for a list of emails? Really?

Weev said in IRC conversations that he was going to sell the e-mail lists.
Maybe you don't believe him, but it's hard to argue that no reasonable person
could have believed that he was going to do what he said he might do.

> Furthermore, the list was never sold, distributed, or published.

If someone breaks into your house with safe-cracking tools in his possession,
he doesn't have to actually break into your safe to be charged with and
convicted of burglary.

> There were _no_ access controls;

I don't lock the door to my apartment. That doesn't mean you're welcome to
walk in and look around. If we were in Florida or Texas, I could shoot you in
the face for walking into my unlocked house and nobody would convict me.

Society charges you with being a normal functioning human being and respecting
obvious boundaries. Obviously this is too high of a bar for people like Weev.

~~~
josh2600
Is there not some level of basic accountability? I mean, shouldn't AT&T face
penalties for hosting consumer data in such an egregiously unsafe fashion?

While I think the responsible disclosure could've happened in a better way, I
don't think this is akin to walking into an unlocked house. This is a web
server that's only protection was prayer. There was no authentication, no
verification and no accountability.

What makes me so mad is that AT&T can be so goddamn careless with my
information and skate away free while the gentleman who exposed this lack of
attention is sent to a jail for a very long time. It just doesn't sit well
with me and I don't think the boundaries are obvious.

I'm not a hacker if I increment a URL by 1. I wouldn't even call you a hacker
if you used DNS reflection attacks. To identify cheap parlor tricks as hacking
is offensive to the professional breakers and ludicrous in the larger scheme
of things.

~~~
rayiner
> Is there not some level of basic accountability? I mean, shouldn't AT&T face
> penalties for hosting consumer data in such an egregiously unsafe fashion?

That's a separate issue.

> This is a web server that's only protection was prayer. There was no
> authentication, no verification and no accountability.

The protection was the fact that the information therein was obviously
sensitive and not intended for public disclosure. In a civilized society,
that's all that should be necessary.

> What makes me so mad is that AT&T can be so goddamn careless with my
> information and skate away free while the gentleman who exposed this lack of
> attention is sent to a jail for a very long time

He's not being sent to jail for "exposing this lack of attention." He's being
sent to jail for exploiting this lack of attention tens of thousands of times
more than was necessary to prove his point and for talking smack on IRC that
led people to believe that he might sell those e-mail addresses for profit.

------
zalzane
Every time I see a ruling like this, I can't help but think that future
historians will view this time period in the same way that present day
historians view the crusades/religious persecution/witchhunts of the past
millennium.

It's amazing how much point of view can change perspective.

~~~
objclxt
I don't think this particular case is black and white. Judging by my Twitter
feed, a number of security researchers and white hats feel the same way I do:
the law as it stands is not good, but what Weev did was also really, really
unhelpful and borderline stupid.

Rather than disclosing to AT&T, he leaked it directly to Gawker, and discussed
how to potentially abuse the data he had (by shorting the stock, selling the
e-mail addresses he had collected to spammers, etc).

The sentence is absolutely disproportionate. But there are _so many ways_ in
which the guy could have handled himself better. I think a lot of people in
the infosec industry are simultaneously angry at the sentence but not
massively empathetic with the defendant.

What I'm trying to say is that as a test case or campaign to change the law
it's far from ideal.

~~~
flyinRyan
Sounds like a bunch of victim blaming to me. So the guy is an idiot, is that
enough to go to prison now?

~~~
anglebracket
>Sounds like a bunch of victim blaming

Ironic that you should say that, considering that Weev's defense is
essentially "her parameters were all hanging out and it was just so easy."

~~~
flyinRyan
No weev's defense is that... it was a public URL... Do you really want to set
a precedent that companies get to decide _after the fact_ that some public URL
you surfed wasn't meant to be public so now you _go to jail_?

------
DanBC
Prison doesn't work. It is expensive. Yet the US has the highest documented
rate of imprisonment in the world.

It's going to cost approx $40,000 per year to keep this non-violent criminal
off the streets. (From Wikipedia, California state prison, 2008)

The US should probably consider not putting people into prison unless they are
violent offenders, or unless they are repeat offenders. (But even for repeat
offenders it's probably cheaper to work out why they're offending and put
something in place to stop that.)

([https://en.wikipedia.org/wiki/Incarceration_in_the_United_St...](https://en.wikipedia.org/wiki/Incarceration_in_the_United_States#Cost))

------
ck2
I've seen drunk drivers who kill people get less time.

~~~
afreak
The Steubenville rapists will probably get less time.

~~~
numbsafari
Not to defend them, because what they did was reprehensible, but they were
charged as juveniles. This guy is an adult.

If the two guys from Steubenville had been over 18, the sentences would have
been considerably higher.

~~~
flyinRyan
What a horribly screwed up system that seeks maximum penalty for a guy who
wanted the public to be able to see the research they actually pay for but
charge rapists as juveniles as if rape is less evil if you're less than 18
when you commit it.

~~~
rdl
I think there's a strong case for less culpability for children. If a 5 year
old (EDIT: "accidentally" not intended here) rapes or kills someone, that's a
different crime than if an adult does it.

But, 18 shouldn't be the dividing line for responsibility.

~~~
warfangle
How the fuck do you accidentally rape someone? Do you like, trip and fall in?

~~~
rdl
Heh, that was a spurious "accidentally" I guess.

------
lifeisstillgood
Maybe it's a function of gettin older, but it feels that my country (and as a
sort of extension the English speaking West) has begun to tire of the effort.

We have marched, protested, voted and won. Human rights, gay rights, pollution
and justice. But it took effort and now the injustices are less obvious, are
not next door but a long way away, and so it seems we can stop and rest. But
injustice is like entropy - it never rests and so we let the torture be done
in our name, we don't mind that the youth of the country are given sentences
for looting longer than murderers, we don't shout that companies who leave
their virtual doors unlocked should not be upset i they find people inside the
building

It's right we should be upset, should write our MP should protest the wrongs -
but it just seems lacking

I used to think that the USA had a written condition and so would always
defend these things - but it seems that if we stop caring then we stop
fighting for the spirit of the law and disappear up out own bottoms arguing
over the letter of the amendment.

~~~
king_jester
> We have marched, protested, voted and won. Human rights, gay rights,
> pollution and justice.

This is not true by any stretch. Human rights have been and are continually
violated, esp. for minority groups, mainstream gay rights has become
assimilationist and has abandoned the LBTQ of LGBTQ, and pollution abuses
continue and many of those abuses moved overseas as perpetrating corps. went
for cheaper labor.

> But it took effort and now the injustices are less obvious, are not next
> door but a long way away, and so it seems we can stop and rest.

The injustices are next door, they happen every day. The root causes of issues
have not been addressed and classism, racism, sexism, and capitalist
patriarchy are as much of a part of western society as ever.

> But injustice is like entropy - it never rests and so we let the torture be
> done in our name, we don't mind that the youth of the country are given
> sentences for looting longer than murderers, we don't shout that companies
> who leave their virtual doors unlocked should not be upset i they find
> people inside the building

It should be noted that people have tolerated and/or endorsed this kind of
structural dysfunction for a long time and continue to do so. But you are
right in that injustice is systemic and will continue even if people feel
hopeless or tired of fighting that injustice.

~~~
RougeFemme
As more and more of those who were overtly disciminated against become
assimilated, those who are still facing overt discimination are considered to
be at the "extreme", unfortunately, and are considered "less deserving" of
equal rights. Those who face _subtle_ discrimination are unaware and/or tired.
Pollution abuses continue. . .some still occur here, but the most severe ones
are _not_ in the middle- and upper-class neighborhood, so might as well be
non-existent. And many of us don't view ourselves as global citizens so
virtually _anything_ occurring overseas is ignored or denied.

------
shitlord
For context, this guy used to be part of the GNAA. They don't care at all
about exposing security holes. His goal probably wasn't to cause some sort of
security improvement. Yeah, the punishment was harsh, but this guy isn't
exactly a folk hero.

~~~
khuey
It doesn't really matter if the guy is an asshole. Harsher sentences for
incrementing a URL than for rape or vehicular manslaughter are ridiculous.

~~~
DannyBee
Sure, but that's a question for the legislature, of course. Courts are going
to give deference to the policy choices of what crimes deserve what
punishments.

~~~
jbooth
They hit him with the maximum sentence, not the minimum -- this one's on the
courts. If it was a case of someone going away for 10 years for shoplifting
because of 3 strikes, then that's on the legislature.

~~~
DannyBee
No it isn't The minimum/maximums are legislatively defined (In this case,
through the US sentencing guidelines, which came through the Sentencing act of
1984)

If they didn't want the maximum to be the maximum, they shouldn't have put it
in the range?

For the most part, the actual calculation is mechanical. Unless the judge
performed an upward departure (which i can't find any evidence of), he was
just following the guidelines.

------
numbsafari
If you are driving down the street, and notice that I put the deadbolt onto my
house backwards (so that it locked from the outside), is the appropriate thing
to do to let yourself in and walk around looking at all my stuff and then call
the local news station and invite them in along with you, or is it to call the
police or leave me a note letting me know I've got a problem?

~~~
drhayes9
I think a more useful analogy is this: there's a large municipal building in
town that stores a lot of its citizen's vital records, and they've been
slipshod on security. You gather evidence about just how slipshod they've been
and turn it over to a journalist.

Conflating what weev did to someone walking around inside your house brings in
too many emotional triggers about private property. He wasn't in someone's
house, he was trying to demonstrate that the company you hired to keep your
private property was doing a crappy job at it.

EDIT: Okay, yes, he was probably just trying to be an ass but fortunately
that's not a crime.

~~~
smsm42
You don't "gather the evidence", you rather take the records for 100,000
citizens, put them on a truck and dump them in the frontyard for a local
newspaper, after considering how much you could sell it for and deciding it's
probably more fun to just cause public embarrassment. If you wanted just to
show the system is insecure, 2 records would be enough. Stealing 100K of them
is not something you do if your goal is just "gathering the evidence".

~~~
drhayes9
There's definitely a "being an ass" component to this, no doubt... but one
could argue that presenting two records to a journalist implies a small
security hole. 100k of them is a giant security hole.

~~~
gavinlynch
Yah, except for the part where he spends an extra 10 seconds explaining "here
are 2 of hundreds of thousands, as an example".

The headline would be the same: "X Company exposes N Number of user accounts
in discovered security hole". So do you see where that doesn't make any sense?

edit: agree with you @drhayes9, just responding to the OP's assertion that the
number mattered.

~~~
drhayes9
I don't think the number of documents mattered in this case, legally. One or
one hundred thousand, the crime was the same.

I think the numbers helped sensationalize it, sure.

------
vinhboy
I've never seen an uglier IAMA on reddit:
[http://www.reddit.com/r/IAmA/comments/1ahkgc/i_am_weev_i_may...](http://www.reddit.com/r/IAmA/comments/1ahkgc/i_am_weev_i_may_be_going_to_prison_under_the/)

~~~
cgag
Just when you think your opinion of Reddit can't get any lower... I can't
believe how many people think you should go to jail for being mean.

~~~
xb95
It wasn't just being mean.

First-hand experience in my case. He and his GNAA attacked my volunteer-run
open source project and did many things, including calling Child Protective
Services (CPS) and making false complaints -- leading one of my volunteers and
his children to have to undergo interviews with CPS to suss everything out.

They emailed one person's professors at university and made false, damaging
claims. Bosses were tracked down and jobs were contacted. Parents were found
and harassed. Our web site was attacked and taken offline. Our business
associates were contacted and they concocted a fictitious business persona to
file spurious complaints with our payment processors, leading to us being
dropped from two providers.

weev was not just "being mean", he transcended that to stalking, bullying, and
harassment. He caused emotional harm to my volunteers and staff and fiscal
harm to my business. All in the name of "trolling".

And yes: we pursued the legal route. The FBI is just not super interested in
tracking down some random dude on the Internet for harassing a small business.
They were happy to talk to us and very compassionate and gave us some advice,
but that was the extent of it.

~~~
fnordfnordfnord
I have no trouble believing that weev did those things and worse, and it is
probably criminal behavior, and if so it should be punished. But that has
nothing to do with what the gov't. has just done. Just as defense atty's want
sympathetic defendants, prosecutors are happy to exploit the unsympathetic
response that most people have to learning about weev's behavior. If we let
them do it to weev, we are inviting them to do it to anyone, including
yourself. The gov't has just expanded its power to jail people for what ought
to never have been chargeable, and given that power to companies like AT&T. As
it stands now, any company with the means to do so can use the state to jail
you under similar circumstances. Even if you are a nice guy who saves stranded
kittens from trees.

~~~
nicholassmith
Well, previous behaviour has everything to do with sentencing. Seriously, they
don't just look at the case and go "41 months!", they weigh everything up and
go from there. The likelihood is a security researcher with a spotless past
wouldn't have gone through it, prosecution would have pushed for a hard
sentence of course but the final judgement takes into account everything.

Basically, the prosecution wanted a harsh sentence to set precedent and weev
gave them the ammo to do it.

------
epenn
Whether they've stated it publicly or not, I would imagine AT&T's main
contention with weev is that he released the information publicly (to Gawker)
without attempting to disclose the information to them first (please correct
me if he did and I've overlooked that). Nonetheless, if he were to have gone
to AT&T first I don't think there's anything that could have stopped AT&T from
accusing him of hacking and pressing charges anyway since that wouldn't have
changed the way he went about discovering the issue. That's scary. Even this
particular case aside, how is a person supposed to ethically disclose an
exploit to an organization without fear of prosecution?

~~~
objclxt
> _he released the information publicly (to Gawker) without attempting to
> disclose the information to them first_

Additionally, when he gave the data to Gawker he told them he had already
disclosed the issue to AT&T, which is later turned out wasn't the case.

------
siphor
I really hope Jury nullification
<http://en.wikipedia.org/wiki/Jury_nullification> becomes a bigger thing in
this country..

~~~
throwaway420
I hope so too, but Julian Heicklen and others have already been charged with
"jury tampering" and other such made up crimes simply for trying to inform
others about jury nullification.

Juries are not supposed to be rubber-stamps for the government and I'd urge
anybody who is going to serve on a jury to learn about their rights and
responsibilities before going.

If you think a non-violent person being charged in a marijuana possession case
or other non-crime doesn't merit locking up, throw a wrench into the corrupt
system and vote not guilty.

------
leeoniya
it's ridiculous how a single, cohesive act can be broken apart into individual
charges which each has its own punishment independent of the others. it's like
sentencing someone for murder to 10 years in prison and another 3 years
because the person used an illegally acquired weapon to do it.

~~~
DannyBee
The charges are just charges.

You are also conflating the issue of sentencing with the issue of charging.

The charging/conviction part is actually relatively sane. You can be charged
of things you cannot be simultaneously convicted of. You can be _convicted_ of
anything that is not a lesser included offense of something else.

IE you could be charged with manslaughter and murder of the same person, but
not convicted of both, because manslaughter is a lesser included offense of
murder.

As for the federal sentencing guidelines, they were created to standardize
what was previously a complete crapshoot. Rightly or wrongly, they were at
least based on real data.

They give guideline ranges based on an offense level and criminal history.

The offense level is determined based on the crime plus any enhancements. So
yes, you may start out at offense level 23 for murder, and then add 4 more
levels because you used an illegally acquire weapon to do it.

However, this is still the sentence for _murder_ , not for the illegally
acquired weapon (and note that if the illegally acquired weapon is used as a
sentence enhancement, the facts must be proven to the jury)

------
nicholassmith
I wonder if he's going to become a modern Ned Kelly. I'd hope not, I'm sure
there's better folk heroes for us.

He remained unrepentant, he said next time he'd go the harsher route, rather
than detecting the flaw and reporting it they'd made sure to collate a lot of
information from the leak and according to weev reported it before approaching
Gawker.

I think the sentence is out of line with his crime, but he was never going to
get a slap on the wrist and told to go his merry way. They've probably done
their homework and found he's been up to merry hijinks with computers for
longer than most people have known how to email.

Maybe slightly cynically of me I wonder if this his act of ultimate trolling,
to force the courts to go for a harsh sentencing and to get a wave of sympathy
that leads to people DDoSing .gov pages.

------
smogzer
The only crime here is the judges act to take life time of someone that caused
no harm.

------
fibbery
I think the thing that doesn't sit right about this is that he accessed the
data with entirely ordinary means, but it's called "access without
authorization" simply because the company didn't want him to have it.

If a company accidentally puts a link on their homepage to private info (say,
with a typo) and users click on the link and read the page contents, are the
then violating the CFAA because they should have known that the company didn't
intend for them to view that information?

If you get naked in front of a window visible from the street, you can't get
mad that someone saw you.

------
thomasvendetta
Absolutely disgusting, AT&T.

~~~
Macsenour
I'm not trying to be snarky here, but why do you blame AT&T?

~~~
kevingadd
Probably because they were the ones who royally screwed up in the first place,
disclosing tons of customer details to literally anyone who wanted it
(including automatic web spiders), and nobody from AT&T is going to spend a
day in jail or pay restitution for that.

~~~
thomasvendetta
Precisely that. Sure, he made a mistake, but so did AT&T, and now because of
it he's potentially going to spend 41 months of his life in jail. Life is too
short as it is.

~~~
sigzero
He "made a mistake"? That is what we are calling it now?

~~~
thomasvendetta
I can see where you're coming from saying something like that... But it is a
mistake in my eyes. It was an unwise decision that he probably would not have
made had he known he faced 3+ years in prison.

That being said, this guy is obviously not a saint. I don't want to sound like
I'm defending his affiliation with GNAA or the fact that he went to Gawker
with it.

If it had been someone who gives to community, is polite, and respectful, and
instead had gone to the NYT or another publication, they still could lose 3+
years of their life. To a mistake.

------
sehugg
Thanks to our strict jaywalking laws, a notorious serial assaulter is finally
behind bars.

------
pm90
The wording of popular news outlets like [0] really casts a doubt on their
work in other areas too. If this is journalism in a reputed company, then how
can we expect an impartial and honest media?

[0]:[http://www.washingtonpost.com/business/technology/man-
convic...](http://www.washingtonpost.com/business/technology/man-convicted-of-
stealing-over-100000-email-addresses-from-ipad-users-faces-sentencing-in-
nj/2013/03/18/eb8c7d98-8fb7-11e2-9173-7f87cda73b49_story.html)

------
whiddershins
I keep seeing posts referencing that his actions were "technically trivial."
How does anyone propose we write or enforce legislation based on that
criteria?

~~~
HeyLaughingBoy
You don't. It's trivial for a stranger to walk through my unlocked front door,
but that doesn't mean they're not committing trespass.

~~~
whiddershins
My point exactly

------
drawkbox
Cruel and unusual punishment, again prison for non-violent crime (non repeat).
We are definitely backwards and feudal in this aspect. Non-violent crime
resulting in prison time is a net loss for everyone and everything involved
except private prisons. Everyone loses in this situation. Do you want to pay
for this guy to sit in prison with your tax dollars?

What would have happened if they jailed Woz + Jobs back in the blue box days?

------
debian69
He went to gawker first then to at & t he hasn't got a leg to stand on , he
tried to profit front he flaw before reporting it..

~~~
lawnchair_larry
Going to Gawker first is not a crime. Not even going to AT&T at all is not a
crime.

If people on _hacker news_ are seriously this confused, it's no wonder there
is no hope for a legitimate jury in CFAA cases.

~~~
smsm42
If you want to get technical, accessing the records in the first place is the
crime. All the rest is just demonstrating the intent and the public interest
in prosecuting him.

------
Smirnoff
I am curious: What is the right protocol about telling that you were able to
locate an egregious security flaw on a public server?

Should I go ahead and tell the company? And possibly get sued anyway? Do I
have a right to show it to my friends or journalists?

Or should I just shut up and pretend that I have never seen this security
problem?

------
guard-of-terra
The next time you find a hole in AT&T property, you just pastebin it
anonymously.

------
joezhou
offer this man a job NOW!

~~~
shitlord
stamping license plates? he's going to prison...

~~~
danielweber
There are plenty of people who will test the security of your applications who
aren't out for the lulz.

------
analog
3.5 years for accessing public urls and then forwarding the information on to
a media organisation (yes I know it's Gawker, but still). Makes me wonder what
Aaron would have got if he'd gone to trial.

~~~
tzs
Would Swartz have done an AMA the night before sentencing where he would state
that his only regret was that he had not harmed enough people, and promise
next time to do more harm, and then have the prosecutors bring that AMA to the
attention of the judge at sentencing, likely causing the judge to opt for a
much longer sentence than he would have otherwise given?

~~~
analog
Well he was certainly a much more likeable character than Weev, but he also
didn't believe that what he did was wrong.

And really, who did Weev harm with this?

~~~
dyno12345
weev believes right and wrong correspond to his amusement

