weev | |
Birth Name: | Andrew Alan Escher Auernheimer |
Birth Place: | Fayetteville, Arkansas, U.S. |
Occupation: | Hacker |
Known For: | Neo-Nazism, hacktivism,[1] alt-right activism |
Andrew Alan Escher Auernheimer[2] (;[3] born), best known by his pseudonym weev, is an American computer hacker[4] [5] and professional[6] [7] Internet troll.[8] [9] Affiliated with the alt-right, he has been described as a neo-Nazi, white supremacist, and antisemitic conspiracy theorist.[10] He has used many aliases when he has contacted the media, but most sources state that his real first name is Andrew.[11]
As a member of the hacker group Goatse Security, Auernheimer exposed a flaw in AT&T's security that compromised the e-mail addresses of iPad users. When it revealed the flaw to the media, the group also exposed the personal data of over 100,000 people, which led to a criminal investigation and an indictment for identity fraud and conspiracy. Auernheimer was sentenced to serve 41 months in a federal prison, of which he served approximately 13 months before his conviction was vacated by a higher court.
In 2016, Auernheimer was responsible for sending thousands of white-supremacist flyers to unsecured web-connected printers at multiple universities and other locations in the U.S. Since his release from prison, he has lived in several countries in Eastern Europe and the Middle East.[12] In 2016, he told an interviewer that he was living in Kharkiv.[13] In 2017, it was reported that he was acting as webmaster for the neo-Nazi website The Daily Stormer.[14] The Southern Poverty Law Center describes him as "a neo-Nazi white supremacist"[15] known for "extremely violent rhetoric advocating genocide of non-whites".
Auernheimer was born in Arkansas in 1985. At age 14, in 1999, he enrolled at James Madison University to study mathematics, but dropped out in 2000.[16] [17] Despite his neo-Nazi affiliations, Auernheimer's mother has stated that he "comes from a 'large, mixed-race family' with Native American heritage, and she has also stated that he most certainly has a Jewish lineage 'on both sides of his family.'"[18]
Auernheimer claimed responsibility for the reclassification of many books on gay issues as pornography on Amazon's services in April 2009.[19] [20] Amazon said that he was not responsible for the incident.[21]
Even before the Amazon incident, several media publications profiled him regarding his hacking and trolling activities, including The New York Times, in which he claimed to be a member of a hacker group called "the organization", making $10 million annually. He also claimed to be the owner of a Rolls-Royce Phantom.[22] [23] [24] After the Times story on Auernheimer was published, reporters sought him out for commentary on hacking-related stories. Gawker published a story on the Sarah Palin email hacking incident and prominently featured Auernheimer's comments in the title of the story.[25]
In the New York Times magazine interview, Auernheimer claimed responsibility for harassing the author and game developer Kathy Sierra in response to her "touchy" reaction to receiving threatening comments on her blog.[22] This included posting a false account of her career online, including charges that she was a former sex worker, along with her home address and Social Security number. The post instigated further harassment and abuse of Sierra, which led her to withdraw from online activity for several years.[26] Author Bailey Poland calls the "highly gendered nature" of his attacks on women a form of "cybersexism".
In the same interview, Auernheimer "held forth on the Federal Reserve and about Jews" for "several minutes" during his first introduction with journalist Mattathias Schwartz.[22]
He is a member of the Gay Nigger Association of America,[27] an anti-blogging trolling group who take their name from the 1992 Danish movie Gayniggers from Outer Space.[28] Members of Goatse Security involved with the iPad hack are also members of GNAA.[27] He was also formerly GNAA's president.[29]
Auernheimer was a member of the hacker group known as "Goatse Security" that exposed a flaw in AT&T security in June 2010, which allowed the e-mail addresses of iPad users to be revealed.[30] The flaw was part of a publicly-accessible URL, which allowed the group to collect the e-mails without having to break into AT&T's system. Contrary to what it first claimed,[31] the group revealed the security flaw to Gawker Media before AT&T had been notified,[32] and also exposed the data of 114,000 iPad users, including those of celebrities, the government and the military. The group's actions rekindled public debate on the disclosure of security flaws.[33] Auernheimer maintains that Goatse Security used common industry standard practices and has said that "we tried to be the good guys".[4] [33] Jennifer Granick of the Electronic Frontier Foundation has also defended the methods used by Goatse Security.[33]
The FBI opened an investigation into the incident,[34] which led to a criminal complaint in January 2011 under the Computer Fraud and Abuse Act.[35]
Shortly after the investigation was opened, the FBI and local police raided Auernheimer's home in Arkansas. The FBI search was related to its investigation of the AT&T security breach, but Auernheimer was instead detained on state drug charges.[36] Police alleged that, during their execution of the search warrant related to the AT&T breach, they found cocaine, ecstasy, LSD, and Schedule 2 and 3 pharmaceuticals.[37] He was released on a $3,160 bail pending state trial.[38] After his release on bail, he broke a gag order to protest what he maintained were violations of his civil rights. In particular, he disputed the legality of the search of his house and denial of access to a public defender. He also asked for donations via PayPal, to defray legal costs.[4] [39]
In January 2011, all drug-related charges were dropped immediately following Auernheimer's arrest by federal authorities. The U.S. Justice Department announced that he would be charged with one count of conspiracy to access a computer without authorization and one count of fraud.[40] Although his co-defendant, Daniel Spitler, was quickly released on bail, Auernheimer was initially denied bail because of his unemployment and lack of a family member to host him. He was incarcerated in the Federal Transfer Center, Oklahoma City before being released on $50,000 bail in late February 2011.[3] [41]
A federal grand jury in Newark, New Jersey, indicted Auernheimer with one count of conspiracy to gain unauthorized access to computers and one count of identity theft in July 2011.[42] In September 2011, he was freed on bail and raising money for his legal defense fund.[43]
On November 20, 2012, Auernheimer was found guilty of one count of identity fraud and one count of conspiracy to access a computer without authorization.[44]
On November 29, 2012, Auernheimer wrote an article in Wired entitled "Forget Disclosure – Hackers Should Keep Security Holes to Themselves," advocating the disclosure of any zero-day exploit only to individuals who will "use it in the interests of social justice."[45]
In a January 2013 TechCrunch article,[46] he likened his prosecution to that of Aaron Swartz, writing
Auernheimer was found guilty of identity fraud and conspiracy to access a computer without authorization. Before his sentencing hearing, Auernheimer told reporters, "I'm going to jail for doing arithmetic". He was sentenced to 41 months in federal prison and ordered to pay $73,000 in restitution.[47] Just prior to his sentencing, he posted an "Ask Me Anything" thread on Reddit;[48] his comments, such as "I hope they give me the maximum, so people will rise up and storm the docks" and "My regret is being nice enough to give AT&T a chance to patch before dropping the dataset to Gawker. I won't nearly be as nice next time", were cited by the prosecution the next day in court as justification for the sentence.[49]
Later in March 2013, civil rights lawyer and George Washington University Law School faculty Orin Kerr joined Auernheimer's legal team, free of charge.[50]
Auernheimer was serving his sentence at the Federal Correctional Institution, Allenwood Low, a low-security federal prison in Pennsylvania, and was scheduled for release in January 2016.[51] On July 1, 2013, his legal team filed a brief with the Third Circuit Court of Appeals, arguing that his convictions should be reversed because he had not violated the relevant provisions of the Computer Fraud and Abuse Act.[52] [53]
On April 11, 2014, the Third Circuit issued an opinion vacating Auernheimer's conviction, on the basis that the New Jersey venue was improper, since neither Auernheimer, his co-conspirators, nor AT&T's servers were in New Jersey at the time of the data breach.[54] [55] While the judges did not address the substantive question on the legality of the site access, they were skeptical of the original conviction, observing that no circumvention of passwords had occurred and that only publicly accessible information was obtained.[56] He was released from prison on April 11, 2014.[57] In a letter to the Federal government the following month, he demanded compensation for his jailing to be awarded in bitcoin. He referred to three men, including Oklahoma bomber Timothy McVeigh, as being among "the greatest patriots of our generation" and wished to use the compensation to build memorials to them. The other men were Andrew Stack and Marvin Heemeyer, two men who had also died in violent incidents. (Stack flew his plane into a building in Austin, Texas; Heemeyer also killed himself, in his case after using a bulldozer to demolish many buildings in a Colorado town.)[58] [59] Auernheimer told a journalist from Vice: "I honestly think we need to build statues of them just to piss off federal agents really."
Following his release, Auernheimer lived for a time in Lebanon, Serbia, and Ukraine.[60] [12] In 2016, he told an interviewer that he was living in Kharkiv.[13] The Southern Poverty Law Center (SPLC) reported Auernheimer to have left Ukraine in 2017 for Tiraspol, the capital of Transnistria.[61]
Shortly after his release from prison, Auernheimer granted an exclusive interview to Techcrunch in which he disclosed his plans to raise funds for a hedge fund, tentatively to be named TRO LLC.[62] TRO LLC would generate "actionable financial intelligence from the computer underground" and act upon it with a primary strategy of hedged short equities. Auernheimer felt that the visceral dislike that many people had for him could be a market advantage for TRO LLC. Rather than disclosing financial problems, as well-known activist short sellers Muddy Waters do, Auernheimer would seek publicly-traded companies with software privacy flaws, take a short position in them, then tell the media.[63] [64]
In early October 2014, The Daily Stormer published an article by Auernheimer in which he effectively identified himself as a white supremacist and neo-Nazi. He is known for his "extremely violent rhetoric advocating genocide of non-whites", according to the SPLC.
In incidents occurring in March and August 2016, Auernheimer sent flyers adorned with racist and anti-Semitic messages to thousands of unsecured printers across the United States; flyers bearing swastikas and promoting The Daily Stormer were sent to multiple universities.[65] He claimed responsibility for 50,000 flyers sent to printers across the U.S. by using a tool to scour the Internet for unsecured printers, and described in a blog post, finding over a million vulnerable devices.[66] In an interview with The Washington Times, founder of The Daily Stormer Andrew Anglin gave his approval of Auernheimer's actions concerning unsecured printers.[67]
In the second unsolicited flyer printing incident in August 2016, Auernheimer called for violence against individuals he considered non-white: "the hordes of our enemies from the blacks to the Jews to the federal agents are deserving of fates of violence so extreme that there is no limit to the acts by which can be done upon them in defense of the white race." He "unequivocally" supported the killing of children. The Southern Poverty Law Center speculated that motivation for the attack was the then imminent trial of Dylann Roof (later convicted for the Charleston church shooting). Auernheimer wrote of Roof: "I am thank thankful [sic] for his personal sacrifice of his life and future for white children." At the same time, he praised Anders Breivik who was responsible for the 2011 Norway attacks in which 77 people died in two attacks.[68] "He is a hero of his people, and I cannot wait for his liberation from captivity at the hands of swine," Newsweek in April 2016 quoted Auernheimer as saying of Breivik. He claimed to be in contact with a network of thousands of nationalists: "We all love and support him unconditionally. His lawsuit and Roman salute have only increased sympathy and appreciation for him."[69]
An email leak by BuzzFeed News in October 2017 revealed that Auernheimer was in contact with Milo Yiannopoulos, who had asked Auernheimer for advice on an article about the alt-right.[70] Yiannopoulos asked his editor at Breitbart in April 2016 for permission for Auernheimer to appear on his podcast, an option which was rejected since editor Alex Marlow did not want Breitbart to associate with a "legit racist".
In 2017, Auernheimer was reported to be working as the webmaster for The Daily Stormer.[71] An SPLC analyst described Auernheimer and Anglin as "primary innovators" in the use of online trolling by right-wing extremists.[72]
In October 2015, Auernheimer published the names of U.S. government employees who were exposed by the Adult FriendFinder and Ashley Madison data breaches.[73] [74] He told CNN: "I went straight for government employees because they seem the easiest to shame."[75]
Auernheimer has also been involved in the release of the undercover Planned Parenthood videos, which were under a temporary restraining order. The Washington Post quoted him as saying he did it "for the lulz."[76]