Andrew ‘weev’ Auernheimer was sentenced to 41 months imprisonment due to finding a security flaw in AT&T’s website.  The security flaw enabled weev to collect personal data of 114,000 iPad owners on AT&T’s network. Aside from the more than three years jail time, upon his release, he will be subjected to three years of supervised release.

Weev and co-defendant Daniel Spitler, who plead guilty in 2011, were both ordered to pay $73,000 in restitution to AT&T.

Weev who previously served as president of the “Gay Niggers Association of America,” a group famous for web trolling and Goatse Security, which is known for exposing security flaws publicly, publicized the AT&T security flaw in Goatse Security back in 2010 but never actually released hacked information.  He was prosecuted in 2011 and was found guilty of one count of conspiracy to gain unauthorized access to computers and one count of identity theft.

Weev has since been active on Twitter and the night before his sentencing, participated in a Reddit AmA (Ask me Anything ) where he stated that, “My regret is being nice enough to give AT&T a chance to patch before dropping the dataset to Gawker. I won’t nearly be as nice next time.”  Not really a smart thing to say before your sentencing.  Weev also added that he plans on running for congress when he gets out since he can drop information without being sued for libel because of congressional immunity.  Also not a smart thing to say a day before your sentencing.

Prosecutors cited the Reddit AmA three times when justifying weev’s sentencing aside from the excerpts found in Encyclopedia Dramatica.

Some security researchers and online activists were not happy with weev’s sentence since it was established during the trial that weev and Spitler were never able to access user passwords and that they didn’t illegally access a private server to acquire the personal information.

Independent journalist Tim Pool tweeted, “I felt like I was watching a witch trial as prosecutors admitted they didn’t understand computers.”

But the fact remains that weev and Spitler intended to use the acquired data for phishing activities, thus the sentence of imprisonment, supervised release and payment towards AT&T make a lot of sense.

The focus on this case is on weev for what he did, the prosecutors’ lack of computer knowledge, and of course the sentence.  While reading on BoingBoing.net, one comment struck me.

“I’m equally amazed at the duration of the sentence as I am at the idea of financial restitution — he’s expected to pay to notify AT&T customers that they had a website that publishes email addresses, as if it’s the yellow pages.  He basically used a reverse phone lookup website,” wrote Jonathan Vanasco.

It would be nice if someone, like the EFF, went after AT&T in a Class Action lawsuit for “consumer rights.”

AT&T customers were the ones affected by weev’s actions  but their voices were never heard in the trial.  Weev actually did the AT&T customers a favor.  He exposed the flaw which, hopefully, led to AT&T fixing the security flaw thus better protecting its clients.  If the security flaw was discovered by another hacker, there might have been thousands of people who fell victim to identity theft.  If that happened, I’m pretty sure more people would’ve gotten involved and some may even have filed a class action lawsuit against AT&T.

So think about it, was weev’s sentence just?