NEWARK, N.J. (AP) — An Arkansas man accused of stealing more than 100,000 e-mail addresses of Apple iPad users last year was released on bail Monday and will be prohibited from using the Internet except for work — which in his case means a job as a computer consultant.
Andrew Auernheimer of Fayetteville left the Martin Luther King Jr. Federal Building on Monday without commenting on the charges or his release from federal detention. He had been extradited from Arkansas, where he was arrested Jan. 18.
Auernheimer and San Francisco resident Daniel Spitler face one count each of fraud and conspiracy to access a computer without authorization. Authorities say the two men, both in their mid-20s, tricked AT&T’s website into divulging e-mail addresses that included those of New York City Mayor Michael Bloomberg, film mogul Harvey Weinstein and then-White House chief of staff Rahm Emanuel, who is now Chicago mayor.
U.S. Attorney Paul Fishman has said there’s no evidence the addresses were disseminated for criminal purposes.
Auernheimer’s $50,000 bail was covered by a friend identified as Jeffrey Paul Lussier, who attended the hearing with another man who didn’t identify himself but said outside court that he had known Auernheimer for years and would employ him as a computer consultant. Auernheimer’s travel will be restricted to New Jersey and New York.
In court, Assistant U.S. Attorney Zach Intrater said Auernheimer “has demonstrated himself to be a menace on the Internet” and should have his computer use closely monitored. U.S. Magistrate Judge Madeline Cox Arleo ordered that any computer Auernheimer uses for work must be monitored by law enforcement, and she prohibited him from owning a cell phone that has Internet access.
“If I find him with an iPad or a Droid or any other device that has Internet access, I’ll revoke bail,” Cox Arleo said. “It’s his choice.”
Authorities say Auernheimer and Spitler were members of a “loose association of Internet hackers” named Goatse Security that claimed last June to have discovered a weak link in AT&T’s security. AT&T acknowledged at the time that more than 100,000 e-mail addresses of iPad users who signed up for AT&T’s 3G wireless Internet service were exposed and that it had fixed the problem.
A representative for Goatse Security told The Associated Press in June that it contacted AT&T and waited until the vulnerability was fixed before going public with the information. But federal prosecutors say AT&T was unaware of the breach until it appeared in online media reports.
In January, after the arrests, Goatse Security said in an e-mail to the AP that Spitler and Auernheimer did nothing wrong and were acting in the public interest by exposing the security flaw.
Spitler was released on $50,000 bail in January. Each of the counts he and Auernheimer face carries a five-year maximum prison sentence.