Archive for November, 2012


Thanksgiving Advice to the Nation

November 22, 2012

Don’t brag about your elite hacking adventures on IRC.

Before making analogies about how Andrew Auernheimer (weev) did this or that, or the ethics of breaking into whatever, pay close attention to what he was actually found guilty of.

Auernheimer was not found guilty of accessing a computer without authorization.  He was found guilty of conspiracy to access a computer without authorization.  The prosecution didn’t make a case that he had actually broken into anything.

You can be found guilty of conspiracy without ever doing the deed.

So, in the case of this minor ICCID enumeration exercise, you can read for yourself the IRC log excerpts about how they were going to bring ATT to its knees, and how this was such a huge hack: “[T]his could be like, a future massive phishing operation serious like this is valuable data we have a list a potential complete list of AT&T iphone subscriber emails”.

What Andrew didn’t know is that the FBI had a confidential informant.  So, all that pie-in-the-sky bragging on IRC about what they “totally could do” ends up going into evidence.  Whoops.

It is a hacker tradition to inflate minor finds into Big Deals.  It is tradition to sit on IRC, bragging about what you could do — feasible or not — to impress and one-up your buddies.

It is a matter of time and place.  Bragging in front of a Senate committee that you “could totally take down the internet” can bring you fame and fortune.  Bragging on IRC about sticking it to ATT can put you in court.


The hammer falls.

November 20, 2012

Never brag about your exploits on IRC

“Andrew Auernheimer, 26, of Fayetteville, Arkansas, was found guilty in federal court in New Jersey of one count of identity fraud and one count of conspiracy to access a computer without authorization.”

Given that the problem they found was that ATT wasn’t using any authentication, the conspiracy charge is quite the slap in the face.