Don’t brag about your elite hacking adventures on IRC.
Before making analogies about how Andrew Auernheimer (weev) did this or that, or the ethics of breaking into whatever, pay close attention to what he was actually found guilty of.
Auernheimer was not found guilty of accessing a computer without authorization. He was found guilty of conspiracy to access a computer without authorization. The prosecution didn’t make a case that he had actually broken into anything.
You can be found guilty of conspiracy without ever doing the deed.
So, in the case of this minor ICCID enumeration exercise, you can read for yourself the IRC log excerpts about how they were going to bring ATT to its knees, and how this was such a huge hack: “[T]his could be like, a future massive phishing operation serious like this is valuable data we have a list a potential complete list of AT&T iphone subscriber emails”.
What Andrew didn’t know is that the FBI had a confidential informant. So, all that pie-in-the-sky bragging on IRC about what they “totally could do” ends up going into evidence. Whoops.
It is a hacker tradition to inflate minor finds into Big Deals. It is tradition to sit on IRC, bragging about what you could do — feasible or not — to impress and one-up your buddies.
It is a matter of time and place. Bragging in front of a Senate committee that you “could totally take down the internet” can bring you fame and fortune. Bragging on IRC about sticking it to ATT can put you in court.
Threat Forward 