AT&T hacker released on bail after drug arrest

Source says group targeted AT&T because the carrier announced plans to end its unlimited smartphone data plan.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

June 17, 2010 2:43 p.m. PT

2 min read

Andrew Auernheimer Washington County Sheriff's Office

A hacker involved in the disclosure of a security flaw in an AT&T iPad-related Web site was released from an Arkansas jail Thursday after posting a $3,160 bond on felony drug possession charges, authorities said.

Andrew Auernheimer, 24, was arrested Tuesday after officials searching his Fayetteville, Ark., home on an FBI search warrant said they found less than a gram of cocaine, one ecstasy pill, 19 tabs of LSD, and some Oxycodone. They also allegedly found a different pharmaceutical classified as schedule 3, which makes it a misdemeanor.

FBI officials would not say whether or not the search warrant was related to the AT&T case or indicate what prompted the search.

Auernheimer, who goes by the name "Escher" and the hacker handle "Weev," is a key member of a hacker group that publicly disclosed a security hole in an AT&T Web site for iPad owners last week that exposed the e-mail addresses of 114,000 users.

AT&T criticized the hackers for disclosing the flaw and vowed to help authorities investigate the matter, but an AT&T spokesman declined to comment when asked if the search warrant was related to the case.

In an interview with CNET before his arrest, Auernheimer defended the group's actions, saying they waited until AT&T had fixed the problem.

Andrew Auernheimer used the name "Andrew Wbeelsoi" when he gave a presentation at the ToorCon hacker conference in 2006. Joris Evers/CNET

Someone familiar with the group told CNET on Tuesday that the hackers targeted AT&T because the carrier had announced plans to end its unlimited data plan for smartphones.

Auernheimer served as the public spokesman for the group, which calls itself Goatse Security, but he is not the one who discovered the security problem in the AT&T Web site or wrote the code to exploit it, according to sources.

At a ToorCon hacker conference in 2006, Auernheimer claimed to be on acid during his presentation related to a supposedly unsecured Firefox bug, according to former Washington Post reporter Brian Krebs, who talked to Auernheimer at the event.

Auernheimer is a controversial figure, even in the underground hacker community, where some have alleged he holds racist beliefs. In an interview with CNET, he said he's not antisemitic and denied claims of misbehavior lodged against him in a 2008 New York Times profile. He did, however, admit to being an Internet troll.

A hearing on the felony drug charges is scheduled for July 16 at 7:45 a.m. CDT in Washington County Circuit Court, officials in the Washington County Detention Center said. Auernheimer also faces a misdemeanor drug possession charge.