A federal jury convicted a New York man on Tuesday of hacking into AT&T Inc (T.N) servers and stealing the email addresses and other personal data of about 120,000 Apple Inc (AAPL.O) iPad users, a U.S. attorney in New Jersey said.
Andrew Auernheimer, 27, was convicted by a Newark, New Jersey, jury of one count of conspiracy to access the servers without permission, as well as one count of identity theft, said U.S. Attorney Paul Fishman.
The defendant faces a maximum five years in prison and $250,000 fine on each count. A co-defendant, Daniel Spitler, pleaded guilty to the same charges in June 2011 and is awaiting sentencing.
Prosecutors said Auernheimer and Spitler were affiliated with Goatse Security, a group of Internet "trolls" that tries to disrupt online content and services.
According to the government, the men used an "account slurper" that was designed to match email addresses with "integrated circuit card identifiers" for iPad users, and which conducted a "brute force" attack to extract data about those users, who accessed the Internet through AT&T's network.
The authors of the slurper then provided stolen information to the website Gawker, which published an article naming well-known people whose emails had been compromised, including ABC News anchor Diane Sawyer, New York Mayor Michael Bloomberg and current Chicago Mayor Rahm Emanuel, prosecutors said.
Tor Ekeland, a lawyer for Auernheimer, said his client was free on bail, and planned to appeal the verdict to the 3rd U.S. Circuit Court of Appeals in Philadelphia.
"We disagree with the prosecutors' interpretation of what constitutes unauthorized access to a computer under the Computer Fraud and Abuse Act," Ekeland said in a phone interview. He called the prosecutors' interpretation of that federal law "extremely expansive."
The trial lasted about one week, excluding a disruption related to Hurricane Sandy, and jurors deliberated for a couple of hours, Ekeland added.
AT&T has partnered with Apple in the United States to provide wireless service on the iPad. After the hacking, it shut off the feature that allowed email addresses to be obtained.
The case is U.S. v. Auernheimer, U.S. District Court, District of New Jersey, No. 11-00470.
(Editing by Peter Cooney)