Andrew Alan Escher Auernheimer (// AW-rən-hy-mər; born September 1, 1985), also known by his pseudonym weev, is an American grey hat hacker and Internet troll. He has identified himself using a variety of aliases to the media, although most sources correctly provide his first name as Andrew.
Auernheimer claimed responsibility for the disruption to Amazon's services in April 2009 when many books on gay issues were reclassified as pornography. Amazon claimed that Auernheimer was not responsible for the incident. Even before the Amazon incident, several media publications profiled Auernheimer regarding his hacking and trolling activities, notably The New York Times, in which he claimed to be a member of a hacker group called “the organization,” making $10 million annually. He also claimed to be the owner of a Rolls-Royce Phantom. After the Times story on Auernheimer was published, reporters sought out Auernheimer for commentary on hacking-related stories. Gawker published a story on the Sarah Palin email hacking incident and prominently featured Auernheimer's comments in the title of the story.
AT&T data breach
Auernheimer is a member of the group of computer experts known as "Goatse Security" that exposed a flaw in AT&T security which allowed the e-mail addresses of iPad users to be revealed. Contrary to what it first claimed, the group revealed the security flaw to Gawker Media before AT&T had been notified, and also exposed the data of 114,000 iPad users, including those of celebrities, the government and the military. The actions of this group re-provoked the debate on the disclosure of security flaws. Auernheimer maintains that Goatse Security used common industry standard practices and has said that "we tried to be the good guys". Jennifer Granick of the Electronic Frontier Foundation has also defended the tactics used by Goatse Security.
Shortly after the investigation was opened, Auernheimer's home in Arkansas was raided by the FBI and local police. The FBI search was related to its investigation of the AT&T security breach, but Auernheimer was subsequently detained on state drug charges. Police allege that, during their execution of the search warrant related to the AT&T breach, they found cocaine, ecstasy, LSD, and schedule 2 and 3 pharmaceuticals. He was released on a $3,160 bail pending state trial. After his release on bail, he broke a gag order to protest what he maintained were violations of his civil rights. In particular, he disputed the legality of the search of his house and denial of access to a public defender. He also asked for donations via PayPal, to defray legal costs.
In January 2011, all drug-related charges were dropped immediately following Auernheimer's arrest by federal authorities. The U.S. Justice Department announced that he would be charged with one count of conspiracy to access a computer without authorization and one count of fraud. Although his co-defendant, Daniel Spitler, was quickly released on bail, Auernheimer was initially denied bail due to his unemployment and lack of a family member to host him before being released on $50,000 bail in late February 2011. Auernheimer was incarcerated in the Federal Transfer Center, Oklahoma City in February 2011. A federal grand jury in Newark, New Jersey, indicted Auernheimer with one count of conspiracy to gain unauthorized access to computers and one count of identity theft in early July 2011. In September 2011 he was free on bail and raising money for his legal defense fund.
On November 20, 2012, Auernheimer was found guilty of one count of identity fraud and one count of conspiracy to access a computer without authorization. Auernheimer tweeted that he would appeal the ruling. Alex Pilosov, a friend who was also present for the ruling, tweeted that Auernheimer would remain free on bail until sentencing, "which will be at least 90 days out."
On November 29, 2012, Auernheimer authored an article in Wired entitled "Forget Disclosure – Hackers Should Keep Security Holes to Themselves," advocating the disclosure of any zero-day exploit only to individuals who will "use it in the interests of social justice."
[...]Aaron dealt with his indictment so badly because he thought he was part of a special class of people that this didn’t happen to. I am from a rundown shack in Arkansas. I spent many years thinking people from families like his got better treatment than me. Now I realize the truth: The beast is so monstrous it will devour us all.
On March 18, 2013, after being found guilty of identity fraud and conspiracy to access a computer without authorization, Auernheimer was sentenced to 41 months in federal prison and ordered to pay $73,000 in restitution. Just prior to his sentencing, he posted an "Ask Me Anything" thread on Reddit; comments such as "I hope they give me the maximum, so people will rise up and storm the docks" and "My regret is being nice enough to give AT&T a chance to patch before dropping the dataset to Gawker. I won't nearly be as nice next time" were cited by the prosecution as justification for the sentence.
Auernheimer was serving his sentence at the Federal Correctional Institution, Allenwood Low, a low-security federal prison in Pennsylvania, and was scheduled for release in January 2016. On July 1, 2013, Auernheimer's legal team filed a brief with the Third Circuit Court of Appeals, arguing that Auernheimer's convictions should be reversed because he had not violated the relevant provisions of the Computer Fraud and Abuse Act.
On April 11, 2014, the Third Circuit issued an opinion vacating Auernheimer's conviction, on the basis that venue in New Jersey was improper. While the judges did not address the substantive question on the legality of the site access, they were skeptical of the original conviction, noting that no circumvention of passwords had occurred and that only publicly accessible information was obtained. He was released from prison late on April 11.
Political views and critical reception
Auernheimer has published a number of podcasts and keeps a LiveJournal blog in which he offers commentary on racial and cultural issues. His views have proved controversial, causing Philip Elmer-DeWitt to dub him "the ugliest computer hacker". Rolling Stone calls his hacking results racist and homophobic while others have interpreted his work as deliberately offensive humor, with Fox News calling it "offensive and witty detail" and a Forbes author telling readers to "think: Shakespeare's Puck". This interpretation is in dispute, with an Atlantic magazine author calling the Puck reference "oddly generous".
Auernheimer is an advocate for free speech. He defended the satirical wiki Encyclopedia Dramatica in a Ninemsn interview which was cited as "rather brilliant" in an article about Australian Internet censorship published in The Register.
Auernheimer is the former president of the Gay Nigger Association of America, an anti-blogging trolling group who take their name from the 1992 Danish movie Gayniggers from Outer Space. Members of Goatse Security involved with the iPad hack are also members of GNAA. Auernheimer also claimed responsibility for posting a false account of Kathy Sierra's career in 2007 including claims that she was a former prostitute, along with her actual address and Social Security number. This led to her receiving death threats and threats of sexual violence and to her online absence from 2007 through to 2013. Auernheimer later reversed himself and denied responsibility for posting Sierra's information.
Auernheimer is planning to open a hedge fund, TRO LLC.
- Wallworth, Adam (January 19, 2011). "Fayetteville man charged in e-mail scam". NWA Online. NWA Media. Retrieved August 20, 2011.
- Voigt, Kurt (January 21, 2011). "No bail for 2nd iPad e-mail address theft suspect". MSNBC.com. Associated Press. Retrieved February 15, 2011.
- John Leyden (July 7, 2010). "AT&T iPad 'hacker' breaks gag order to rant at cops". The Register.
- Mills, Elinor (June 10, 2010). "Hacker defends going public with AT&T's iPad data breach (Q&A)". CNET News.
- Elinor Mills (June 15, 2010). "Hacker in AT&T-iPad Security Case Arrested". CBS News.
- Thomas, Owen (April 13, 2009). "Why It Makes Sense That a Hacker's Behind Amazon's Big Gay Outrage". Gawker.com (Gawker Media). Retrieved February 5, 2010.
- Fowler, Geoffrey A. (April 14, 2009). "Did "Weev" Play a Role in Amazon "Error?"". WSJ Blogs (The Wall Street Journal). Retrieved February 5, 2010.
- Thomas, Owen (April 13, 2009). "Amazon.com Says 'Embarrassing' Error, Not Hacker, Censored 57,310 Gay Books". Gawker.com (Gawker Media). Retrieved February 5, 2010.
- Schwartz, Mattathias (August 3, 2008). "The Trolls Among Us". NYTimes.com (The New York Times Company). Retrieved February 5, 2010.
- Thomas, Owen (August 3, 2008). "Journalists do it for the lulz". Gawker.com (Gawker Media). Retrieved February 5, 2010.
- Birch, Alex (August 8, 2008). "Interview: Professional Hacker and Troll Weev". Corrupt (CORRUPT.org). Retrieved February 5, 2010.
- Moe (September 18, 2008). "Hacker From That Times Story On Palin Emails: "i wish they'd done it properly"". Gawker.com (Gawker Media). Retrieved February 5, 2010.
- Spencer Ante and Ben Worthen (June 11, 2010). "FBI Opens Probe of iPad Breach". Wall Street Journal.
- Foresman, Chris (January 19, 2011). "Goatse Security trolls were after "max lols" in AT&T iPad hack". Ars Technica. Retrieved November 22, 2012.
- Worthen, Ben; Spencer E. Ante (June 14, 2010). "Computer Experts Face Backlash". WSJ.com.
- Tate, Ryan (June 9, 2010). "Apple's Worst Security Breach: 114,000 iPad Owners Exposed". Gawker.com (Gawker Media). Retrieved June 13, 2010.
- United States District Court — District Court of New Jersey, Docket: MAG 11-4022 (CCC). Filed with the court January 13, 2011
- Dowell, Andrew (June 17, 2010). "Programmer Detained After FBI Search". The Wall Street Journal.
- Mills, Elinor (June 15, 2010). "Hacker in AT&T-iPad security case arrested on drug charges". CNET News (CNET News). Retrieved July 11, 2010.
- Perna, Gabriel (June 17, 2010). "Arrested Hacker's Web Site Reveals Extremist Views". International Business Times (International Business Times). Retrieved July 11, 2010.
- weev (July 5, 2010). "Hypocrites and Pharisees". Goatse.fr.
- "Criminal charges filed against AT&T iPad attackers — Computerworld". January 18, 2011.
- Porter, David (February 28, 2011). "Suspect in iPad Data Theft Released on Bail in NJ". ABC News. Associated Press. Retrieved March 2, 2011.
- Stempel, Jonathan (July 6, 2011). "iPad hacker Andrew Auernheimer indicted by Newark grand jury". Huffington Post. Reuters. Retrieved September 12, 2011.
- Mills, Elinor (September 12, 2011). "AT&T-iPad site hacker to fight it on in court (exclusive)". CNET News. CNET News. Retrieved September 12, 2011.
- Zetter, Kim (November 20, 2012). "Hacker Found Guilty of Breaching AT&T Site to Obtain iPad Customer Data". Threat Level. Wired. Retrieved April 30, 2013.
- "Twitter status, 3:38 PM – 20 Nov 12".
- "Twitter status, 3:32 PM – 20 Nov 12".
- Auernheimer, Andrew (November 29, 2012). "Forget Disclosure — Hackers Should Keep Security Holes to Themselves". Wired. Retrieved April 30, 2013.
- Auernheimer, Andrew (January 23, 2013). "iPad Hack Statement Of Responsibility". techcrunch.com. Retrieved January 28, 2013.
- Zetter, Kim (January 23, 2013). "iPad Hack Statement Of Responsibility". wired.com. Retrieved March 18, 2013.
- weev (March 17, 2013). "I am weev. I may be going to prison under the Computer Fraud and Abuse Act tomorrow at my sentencing. AMA.". Reddit. Retrieved April 30, 2013.
- Brian, Matt (March 18, 2013). "Andrew 'weev' Auernheimer sentenced to 41 months for exploiting AT&T iPad security flaw". The Verge. Retrieved April 30, 2013.
- Crook, Jordan (March 22, 2013). "Andrew ‘weev’ Auernheimer Obtains New Lawyer, Files Appeal". TechCrunch.
- "Inmate Locator: Register # 10378-010". Federal Bureau of Prisons. Retrieved December 1, 2013.
- Kerr, Orin (July 1, 2013). "Appellant's Brief Filed in United States v. Auernheimer". The Volokh Conspiracy. Retrieved July 5, 2013.
- "Orin Kerr's Appeal Brief for Andrew "Weev" Auernheimer – Another CFAA Case". Groklaw. July 2, 2013. Retrieved July 7, 2013.
- Case: 13-1816 Document: 003111586090
- Kravets, David (April 11, 2014). "Appeals court reverses hacker/troll "weev" conviction and sentence". Ars Technica. Retrieved April 11, 2014.
- Hill, Kashmir (April 11, 2014). "Weev Freed, But Court Punts On Bigger 'Hacking vs. Security Research' Question". Forbes. Retrieved April 11, 2014.
- Voreacos, David (April 14, 2014). "AT&T Hacker ‘Weev’ Parties and Tweets as Case Still Looms". Bloomberg. Retrieved April 14, 2014.
- Elmer-DeWitt, Philip (June 17, 2010). "The ugliest computer hacker". CNNMoney.com (Cable News Network. A Time Warner Company). Retrieved June 18, 2010.
- Clark, Meredith. "The New Political Prisoners: Leakers, Hackers and Activists". Rolling Stone. Retrieved July 19, 2013.
- "Hacker: I was behind Amazon Gay Book Delisting". Fox News. April 14, 2009. Retrieved December 11, 2010.
- Buley, Talor (April 13, 2009). "Amazon: Caught in the act". Forbes (Forbes magazine). Archived from the original on January 2, 2013. Retrieved December 11, 2010.
- Chokshi, Niraj (June 10, 2010). "Meet one of the hackers who exposed the iPad security leak". The Atlantic (The Atlantic Monthly Group). Retrieved December 11, 2010.
- Paget, Henri (March 9, 2010). "Interview: Encyclopedia Dramatica moderator". Ninemsn (Ninemsn, a Microsoft and PBL Media Company). Retrieved December 9, 2010.
- Oates, John (March 17, 2010). "Irate aussies go after US website". The Register. Retrieved December 9, 2010.
- Jane, Emma (March 5, 2011). "Ugly trolls set internet freedom in flames". The Australian. Retrieved March 29, 2011.
- Jardin, Xeni (October 20, 2011). "Andrew "Weev" Auernheimer, hacker in AT&T iPad case, on Occupy Wall Street". Boing Boing. Retrieved April 30, 2013.
- Dean, Jodi (2010). Blog Theory: Feedback and Capture in the Circuits of Drive. Cambridge, UK: Polity Press. p. 6.
- "CHILDISH GAMBINO RECRUITS CHANCE THE RAPPER, JHENÉ AIKO AND AZEALIA BANKS FOR BECAUSE THE INTERNET LP". FACT. November 10, 2013. Retrieved November 19, 2013.
- Weev Talks About Life In Prison And His Plans To Open A Hedge Fund, TRO LLC TechCrunch, March 15, 2014.
- U.S. v. Auernheimer from the Electronic Frontier Foundation
- U.S. v. Auernheimer from the Digital Media Law Project
- weev's channel on YouTube
- weev's LiveJournal
- weev's twitter account
- weev's online dating profile
- Andrew Auernheimer Legal Defense Fund