(Photo: Crimint.com)

Andrew Auernheimer, better known by his pseudonym "weev," was sentenced today to 41 months in prison for exploiting an AT&T security flaw that allowed him to collect and publish the email addresses of 114,000 AT&T iPad owners. He alerted AT&T to the flaw before sending the dataset to Gawker, which published it, leading to an FBI investigation.

Mr. Auernheimer is part of the grey hat hacker collective Goatse Security, a division of the Gay Nigger Association of America, recently responsible for trolling the Daily Mail and unleashing a torrent of malicious spam on Tumblr. Back in November, Mr. Auernheimer was found guilty of "one count of identity fraud and one count of conspiracy to access a computer without authorization" for his participation in Goatse Security's AT&T hack.

The case is a controversial one, as Goatse Security didn't technically have to hack anything to obtain the information--they simply were exploiting a security flaw with AT&T. Still, Mr. Auernheimer must serve approximately 3.5 years in jail with three years of supervised release and a $73,000 fine to be paid to AT&T for damages (because AT&T is the real victim here).

Mr. Auernheimer's legal defense team attempted to argue that he did not deserve hard time, and instead just six months probation for the offense, but that plea failed.

According to Gawker's Adrian Chen, prosecutors cited a Reddit AMA Mr. Auernheimer did last night as proof that he would reoffend following his release. In the AMA, Mr. Auernheimer stated that he would run for Congress once released, and because of "congressional immunity" this would allow him to "drop hacks on the floor of Congress and be completely immune for doing so."

For his part, Mr. Aeurnheimer seemed to show little remorse towards AT&T. "My regret is being nice enough to give AT&T a chance to patch before dropping the dataset to Gawker," he wrote. "I won't nearly be as nice next time."

https://twitter.com/AdrianChen/status/313649642057371649

The spammy message. (Screencap: Tumblr)

Community managers all over town are dealing with what probably feels like the end of the world right now. We just logged onto our dashboard and discovered that quite a few Tumblrs--most prominently the Verge, as well as USA Today and the Daily Dot--seem to have been hijacked. Your dashboard, like ours, is probably being flooded with this charming message:

Dearest `Tumblr’ users,

We have taken the liberty of upgrading your (rather tasteless, we must say) blog to our premier GNAA Deluxe Gary Niger (pictured to the left) Signed Edition! This is in response to the seemingly pandemic growth and world-wide propagation of the most FUCKING WORTHLESS, CONTRIVED, BOURGEOISIE, SELF-CONGRATULATING AND DECADENT BULLSHIT THE INTERNET EVER HAD THE MISFORTUNE OF FACILITATING.

It goes on in that vein, suggesting emo Tumblr users drink bleach and die.

The language of the post seems to indicate that it's the work of hacker group "Gay Nigger Association of America." Plus, here they are on Twitter:

3,800 unique tumblr users (and counting) show their support for the GNAA: tumblr.com/tagged/bronies

— Gary Niger - GNAA (@Gary_Niger) December 3, 2012

Betabeat has covered the group's antics before, when they tricked several publications into believing people were looting following Superstorm Sandy. Wikipedia calls them an "anti-blogging Internet-trolling organization."

The hack is fairly benign, though widespread. It's a Javascript exploit that immediately reblogs the post to your Tumblr if you hit Okay or Cancel on the dialogue box that pops up. You can get rid of the posts by going into your Tumblr's mass post editor and deleting them; you'll also want to change your password as an extra security precaution.

The focal point of the spam began with the Tumblr brony tag, where fans of My Little Pony congregate (hence the fact that The Daily Dot was one of the first Tumblrs to get hit). In a press release, GNAA writes:

An elite team of GNAA ubernigger supersoldier commandos (each packing 9-to-11 inches of black power) stormed the DHX Media Vancouver headquarters under cover of darkness late last night to commemorate the release of My Little Pony: Friendship is Magic Season 3.

"The New Release of My Little Pony: Friendship is Magic Season 3 marks the third anniversary of this perverse Jewish abomination. The ‘Brony’ movement is an illogical fetish for manchildren. While our previous ‘Brony Outreach’ had been a success", stated GNAA Founder and CEO Niger, "we quickly grew tired of these perverted repugnant manchildren within our ranks."

Tumblr spokesperson Katherine Barna told Betabeat:

There is a viral post circulating on Tumblr which begins "Dearest 'Tumblr' users". If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible.

Tumblr also tweeted the following message:

We are aware that there is a viral post circulating on Tumblr. We are working to resolve the issue as swiftly as possible. Thank you.

Well, that seems a little like an understatement.

Meanwhile, Tumblr is responding with--what else?--GIFs. From ILoveCharts:

Update (12:27): Looks like the total number of users affected is at least 8,600, though the account @Gary_Niger appears to have deleted tweets boasting about the hack. Might it have something to do with GNAA publicity account @LiteralKa getting suspended from Twitter?

Update (12:33): Gawker reports that GNAA claims to have warned Tumblr about the security exploit weeks ago. GNAA spokesperson Literal Ka told Adrian Chen:

We contacted Tumblr about this weeks ago and nothing came of it. This was a serious issue that needed to be fixed. Someone would have done a lot worse than just posting a message over and over if they didn't fix it right away...

Betabeat also received a comment from Leon Kaiser, the head of GNAA. He confirms that @Gary_Niger deleted tweets relating to the hack for fear of being suspended by Twitter, elaborating:

The tweets were indeed deleted because we are worried about being suspended from Twitter....This was just another part of our "anti-blogging" campaign. GNAA's stance on blogging in general has always been a negative one: in short, blogging is lowering journalistic standards to the point where the number of friends a murderer has on Facebook has become news.

Mr. Kaiser also told The Guardian that Tumblr consistently "puts the safety of their users second to their revenue."

Update (12:59): Naked Security has more on the hack: Anyone who was logged into Tumblr automatically reblogged GNAA's post upon visiting an infected page. If you weren't logged in, you were simply redirected to the standard log-in page. You can get a more granular look at the hack here.

Update (1:20): As we mentioned earlier, Mr. Kaiser, the president of the GNAA, told The Guardian that today's hack was designed to send a message to Tumblr about prioritizing revenue above security:

"Tumblr is a blogging website whose employees we have found, time and time again, to put the safety of their users second to their revenue. Instead of hiring competent, dedicated staff, they hire part-time programmers who can't even defend against the most basic of security issues, such as XSS. I mean, for chrissake, they don't even throttle (or the threshold is ridiculously high) the number of posts per minute a user is allowed to make! Blogging services everywhere need to step up and hire people who know what they're doing."

Considering that Tumblr employs at least 47 engineers (according to current employees on LinkedIn) and is trying to hire at least 8 more, we asked Mr. Kaiser to elaborate on GNAA's stated motivations for the hack. "If 47 engineers can't prevent simple security issues, then I have serious concerns about who they're hiring," Mr. Kaiser responded by email. (We have reached out to Tumblr to get a total engineer count and will update the post when we hear back.)

Update (1:30): "Tumblr engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs earlier today," Tumblr spokeswoman Katherine Barna told Betabeat in an email. "Thank you for your patience."

Update (2:47): Information about what exactly went wrong for Tumblr continues to trickle out. Slate's Future Tense talked to GNAA's interim VP, who pointed to problems in mobile posting:

@Ms_meepsheep says it exploits vulnerabilities in “multiple fields, including all mobile post fields.” He or she continued, “Lazy developers, far too incompetent to sanitize input, are the ones to blame. As long as web developers do not care about their users, hackers (or script kiddies depending on point if view) will be there to exploit their errors."

Of course, as with everything else from GNAA, this is worth taking with a grain of salt.

Nitasha Tiku contributed reporting to this article.

Original image (left), fake tweet from #SandyLootCrew (right) (Photo: Sydney Morning Herald)

The media hasn't been as roughed up by Sandy as, say, the transportation industry. But with power failures and flooding, it can be hard to get a proper source on the line. And while Twitter may be a “truth machine,” fact-checking rumors in real-time, its constant flood of information is as unpredictable as the storm itself. That came into focus earlier this week when Shashank Tripathi was outed for spreading a false report about the New York Stock Exchange under the pseudonymous handle @comfortablysmug.

Well, add another troll to the list. Rather, an entire crew: the self-styled Gay N**ger Association of America (GNAA), an online activist group, behind the willfully misleading hashtag #sandylootcrew. False information and fake images of black looters tweeted under that hashtag were published by the Daily Mail, the Drudge Report and Infowars, which is exactly what the four core members of the GNAA wanted, Leon Kaiser, GNAA's "interim president and head of public relations" told Betabeat by email.

A fake tweet from the GNAA.

"To sum it up, myself and a few members of the GNAA thought that it would be amusing to pretend to be looters,” said Mr. Kaiser, who claims to be a 19-year-old African-American male living in New Mexico. "One of us came up with the hashtag #SANDYLOOTCREW. We were making the most ridiculous tweets that we could think .. .people will believe literally anything, even us stealing cats.”

(Leon Kaiser is not his real name, he said, "but a combination of my middle and mother's maiden name, respectively." GNAA, which is affiliated with the hacker collective Goatse Security, is cagey after two of Goatse's members--including Andrew Auernheimer, the grey hat hacker "weev"--were arrested in 2011 for revealing iPad users' emails in order to expose an AT&T security hole. Mr. Auernheimer is the former president of GNAA. Mr. Kaiser insists no user information was released in the AT&T case. "A list of emails was only compiled for the purposes of proving to the media that the vulnerability existed," he told Betabeat. "The list of emails was destroyed after that." For its efforts, Goatse received a Crunchie award in Public Service from TechCrunch.)

As the New York Daily News reported Wednesday afternoon, there has been some looting in Coney Island in the wake of the hurricane. Reached by phone, an employee at Rent-a-Center on Mermaid Avenue confirmed reports of theft. Thursday afternoon, NYPD spokesperson Paul Browne responded to questions from Betabeat about the timeline of thefts with the following statement:

Coney Island
There were nine suspects, five of them women, arrested in the 60th Precinct in Coney Island Tuesday afternoon; four for burglary, four for possession of stolen property, and a fifth for criminal possession of a firearm. The suspects were caught in the act of either attempting to gain entry or leaving a closed store or in possession of its merchandise on or near Mermaid Avenue. Some were in possession of property taken from a dollar store, another was arrested after breaking into a Citibank branch but leaving empty-handed. A 29-year-old woman was charged with CPW after the safe she was caring from a store was found to contain a firearm. Tuesday night, police presence was stepped up along Mermaid Avenue and vicinity, and additional light towers were erected. There was no looting overnight Tuesday into Wednesday. However, early this morning just after midnight, police arrested 18 individuals for burglary of Key Food in Coney Island.

Far Rockaway
In the 101st Pct in Far Rockaway four  arrests were made yesterday morning stemming from the entry of a closed  Radio Shack on Beach Channel Drive where four women, ranging in age from 16 to 49, to include possible employees of the store, were charged with burglary.

But none of the GNAA's photos represented crimes committed post-Sandy. In fact, the Sydney Morning Herald traced one of the images reprinted in the Daily Mail as far back as 2005.

The pictures of the woman with the mannequin and the man hugging the TV were posted on forums in 2005.

The boy with the shotgun was posted on a blog about Hurricane Frances in 2008 and the picture of the sign outside a house was found on a 2005 AP story about Hurricane Katrina.

Over email, Mr. Kaiser didn't seem very concerned about possible backlash against the group for fanning the flames of looting hysteria, or for using incredibly offensive racial stereotypes in the name of teaching the media a lesson.

“I'm not worried," he said. "I've gotten scores of death threats and whatnot for doing this, and I do this sort of thing a lot. They get old after a while. If anything were to fan the flames of looting, it'd be the irresponsible handling of this story by the media. Anyone who takes 'NIGGA I JUST STOLE A CAT OUTTA SUM1S HOUSE GET ON MY LEVEL' at face value probably shouldn't be working in the news industry.”

Wonder what Councilman Peter Vallone will have to say about this!