Andrew "Weev" Auernheimer, the Adrian Chen profile

Weev. Photo: Gawker

Adrian Chen at Gawker has a must-read profile on Weev: so-called "iPad hacker," founder of the anti-blogging Internet-trolling organization "Gay Nigger Association of America," and born-again Mormon troll. Snip:

For Auernheimer, the AT&T breach was one of his finest works as a troll. He personally didn't hack anything—the program used to collect the email addresses was written by Spitler—except the media. He was the hype man for Goatse, and he claims blew the breach up far beyond its actual significance. "The bug that I'm indicted over isn't a big deal," he says. "What made it big is the way I presented it." He boils down his success at promoting the AT&T job to three bullet points: "Rhetoric, persuasion, and meme reference."

But was collecting the email addresses actually a crime? "If somebody mistakenly puts information out there on the web and somebody mistakenly gets that information, that's not illegal," says Jennifer Granick, a lawyer and the director of the Center for Internet and Society at Stanford. This is why Auernheimer decided to fight his charges instead of take a plea deal, as Spitler did last year.

"I contend there is no crime in telling the truth or using AT&T's, or anybody's, publicly accessible data, to cite it to talk about how they made people's data public," he told CNET.

Auernhemier's jury disagreed.

Read: The Internet's Best Terrible Person Goes to Jail: Can a Reviled Master Troll Become a Geek Hero?.


  1. Your face, name and DOB are also publically accessible, so I suppose pretending to be you isn’t fraud?

    It is an admittedly shaky case, but the guy did wrong, there’s no question about that.

    1. What about the guys who figured out how to get past those hotel door locks? Did they do wrong by publicly showing people how it was done? What about the people who regularly expose critical software vulnerabilities to the public? What about the security researchers who demonstrate how flawed everything the TSA does is? 

      I don’t like this guy. Weev is a dick. But it seems like he was found guilty of being a dick, rather than for the crime he was on trial for. I would love to see this dick get what he deserves for being a dick, but this still seems like a miscarriage of justice to me.

      He should have been charged for any acts of fraud he committed with people’s personal data and then tried for that. He should have been charged with criminal harassment or incitement probably a few dozen times in his life. He could have been tried for any number of different things, but this particular trial was about AT&T getting revenge against someone for embarrassing them. 

      There’s no question that this guy has “done wrong” in his life. But we get into dangerous territory when we start incarcerating people on “shaky” ground just because we don’t like them. Better to fix the many legal loopholes that he’s slipped through so far then to send him up the river on a corporate vendetta and call the problem solved.

      1. “What about the guys who figured out how to get past those hotel door locks? Did they do wrong by publicly showing people how it was done?”

        That’s called white-hat. The intention (which is important, legally and morally) was to expose a flaw. This guy stole the addresses and tried to sell them, at no point informing AT&T of the problem.

        Even going to Gawker shows a certain level of skeeziness – might as well have gone to the Daily Mail.

        1. I’m pretty sure Brocious didn’t tell the lock manufacturer before he presented the door hack to the public. It’s a pretty clear-cut case if the hacker in question informs the manufacturer and gives them adequate time to push out a fix before making their discovery public, but that frequently does not happen, and people don’t always respond with the same vitriol that Weev is receiving.

          Brocious presented his lock hack at a hacker conference before he told Onity. By your logic, his motives are equally questionable (even if his asking price for the info was substantially cheaper, wanting notoriety rather than cash). The reason people are so happy to hang Weev out to dry on this is simply because he’s an asshole. I won’t argue that he is not, in fact, a pretty big asshole. He very clearly is. But I’d hate to see any legal precedent established (or reinforced) by this case get used against someone like Brocious next time around.

          We can’t let the assholes get the better of us or we end up cutting off our own nose to spite our face.

          1. For some people you may be right – but I’d made up my mind (as far as opinion goes, which is of course subject to change!) how I felt about it before I even found out he was an asshole.

            You make a good point though – and one that shouldn’t be ignored. Ultimately I think if a supposedly white-hat hack’s primary intention isn’t to plug the hole and protect those it makes vulnerable then it’s just a hack. I actually thought that with the hotel locks the hacker had approach the manufacturer – if not then tbh they’re nearly as bad. I know if I discovered something that could put people and their data/possessions at risk I wouldn’t announce it the world like some bumbling trouble maker – save that as a last resort.

          2. I think that presenting at a hacker conference (where many are from the commercial and government security community) is far different than what Weev did. Had he found a buyer he would have taken the money and ran. Notoriety is different than cash. Cash doesn’t mean that the exploit gets published and exposed. As I’ve said below, any worry of legal precedent being made by this is far less of a concern compared to the ammunition he gives the people trying to establish the precedent you are worried about. He makes more of a public case for the anti-hacker side. He is doing damage to ALL sides, and pretty much that’s what he wants. He states in the article that he wants to be the biggest troll ever. Lame. The more I read the article the more I’m going with the theory that he is a pure sociopath. 

          3. You’re using the wrong benchmark to compare Brocious and Weev.

            For them to be equivalent, Brocious would have had to break into 140,000 hotel rooms and take valuables from them to demonstrate his hack.

            AFAIK that didn’t happen :)

          4. Except we know that some people’s property was stolen as a consequence of the door hack. We know that Onity is responding to the door hack by upgrading firmware and suggesting physical replacement for their older locks which aren’t flashable. But we also know that their fix was not deployed in time to stop the thefts in Texas. Maybe it would have been if Brocious had talked to Onity before he publicly disclosed the vulnerability. Maybe it wouldn’t.

            We do not know that any act of fraud or any other harm came to a single one of the people in the AT&T leak as a result of that leak. So, maybe it is an unfair comparison.

    2.  Uh… he never pretended to be anyone, did he? He got convicted for identity theft, but I’ve seen no evidence he ever actually stole anyone’s identity (instead of just knowing their e-mail addresses) He grabbed the e-mail addresses, sent the details to Gawker, and then got rid of them.

      1. You misunderstood my point. I was giving another example of using ‘publicly accessible data’; which seems to be the crux of his defence. Essentially rather than ‘hacking’ the site he exploited it; he worked out how it worked (which was in a silly way, something AT&T need to own up to and accept legal liability for) and took advantage of a hole – there’s blame on both AT&T’s part and his – but the claim that he didn’t do anything wrong is bogus. The guy farmed 100,000 emails and attempted to sell them (he only gave them over to Gawker after failing to sell them, and at no point informed AT&T about the flaw). If his motives were anything other than criminal (arguably egotistical) he’d have tested his theory, presented it to AT&T and approached the media if nothing came of it. No one needs to hand over 100,000 emails to Gawker to prove a point.

    3. He found a URL.  That URL contained sensitive customer data that AT&T illegally and irresponsibly made public.  He copied that data and notified news sources.

      Was that wrong?

      If you were driving through the Nevada desert, and you happened upon a billboard owned by AT&T that contained a startling array of sensitive customer data, what would you do?

      Would you not pull out your cell phone and take a picture?  maybe send that to boingboing?

      Sort of a holy crap look at what I found.

      That’s basically what weev got convicted of doing.  He found a billboard setup in a not so heavily trodden area of the internet filled with customer data.  He took a picture and he sent it to the news media.

      That’s not illegal.  And as for it being wrong?  I am hard pressed to see how.

      Weev as a person is irresponsible, but people shouldn’t be sent to jail because you don’t like them.  That’s the beginning of the end for all of us.

      1. I appreciate its not straightforward – it’s hard to analogise as well – as it wasn’t like he just happened across a web page that contained all the data. There was brute force involved – and spoofing IDs. It wasn’t technically hacking, but it also wasn’t not hacking either – some weirdness in between.

  2. This guy is the internet version of the douchebag “anarchists” that leave their little enclave in Eugene OR and go to protests or other public gatherings in the northwest to throw shit, light stuff on fire and just generally cause trouble for trouble’s sake. It’s easy to be an A-hole. Really, it is. It’s the easiest cop-out. And when people who take this route, as if it’s some kind of heroic duty to abstract thought, go dancing around the heavy machinery like it’s a joke and get squashed I have no sympathy. Is he entitled to the same justice as you and I? Of course. But there are plenty of other people being treated unjustly, or accused of crimes they didn’t commit. He’s at the back of the line only because he put himself there. No-talent, drug abusing, internet and real life troll. buh-bye. 

    1. go to protests or other public gatherings in the northwest to throw shit, light stuff on fire and just generally cause trouble for trouble’s sake.

      He’s an undercover cop?

      1. The undercover cops are a recent addition, and for every one of those, there are still plenty of the real so-called Anarchist D-bags.

  3. “Adrian Chen” and “must read” are two phrases that should never meet. This is the guy who pretended to have cancer on Reddit, and has no problem doxing people just because he doesn’t like them.

    1. and has no problem doxing people just because he doesn’t like them.

      In that case I was on Chen’s side.  Reddit shouldn’t have provided a pseudonymous forum for Brutsch’s bullshit; since the people in a position to do the right thing refused Chen did the only thing he could to change the situation for the better.

      Doxing is not the great moral wrong idiots on Reddit seem to think it is.  Newspapers do it daily and no one complains.

  4. And this: ” Auernheimer can be a bully and a racist but like many trolls he exposes hypocrisies and injustices through his provocation.” Bull. He does it because he is either emotionally a child or a sociopath. Please stop trying to imbue him with some sort of social conscience or cause. He is not a white-hat hacker. He is not a hero. 

  5. What a narrative.  I have no doubt that important facts were left out in order to make tech savvy readers internally conflicted, share it with their friends, and generate more page hits.  Then again, it’s gawker media, so what can you expect.

    Based on the facts we were given (I’m in finals and have neither the time nor the inclination to look up more information) this guy was probably convicted, in part at least, because he’s an asshole.  As a law student, I have an issue with that.  As a law student, I have no issues with that.  You get back what you put out there.  

    1. Exactly. You piss on the machine, it will try to eat you. You piss on the machine AND every other person around you, and no one will reach out when the machine tries to eat you. In a perfect world, all wrongs will be righted. But in this world he’s at the back of the line. Sucks for him. I’ll get around to feeling sorry for him a some point, maybe, probably not. And to the people that cry “but your freedoms are next to be trampled on!”. No, they aren’t. The only thing he’s done is give the people who WANT to take away our freedom on the internet a nice shining example of why they are right. He has done more to damage anyone’s liberty than will be done by letting him get eaten by the machine. 

  6. “I’m a Mormon now,” Auernheimer said, as if converting to Mormonism was as natural a thing for a twenty-something to do as getting a tattoo. “I don’t buy cigarettes anymore.”

    And then…

    “I just got introduced to some fantastic new designer drug. I’m pretty happy with it,” Auernheimer had told me a few days earlier in a Gchat.

    I’m starting to think this guy’s mentally ill and maybe unfit to stand trial.

    1.  To be ‘mentally ill and unfit to stand trial’ is a higher bar of proof than going with whatever gives you the biggest bang for the buck.  I see no evidence that he was unable to understand the consequences of his actions, just that he enjoys being an asshat.

Comments are closed.