* U.S. said data from 120,000 iPad users was stolen
* Defendant discussed causing "freakout" from hacking
* Co-defendant Daniel Spitler pleaded guilty on June 23
By Jonathan Stempel
NEW YORK, July 6 A man accused of hacking into AT&T Inc (T.N) servers and stealing personal data belonging to 120,000 Apple Inc (AAPL.O) iPad users was indicted on Wednesday, two weeks after a co-defendant pleaded guilty.
Andrew Auernheimer was charged by a Newark, New Jersey grand jury with one count of conspiracy to gain unauthorized access to computers and one count of identity theft, the office of U.S. Attorney Paul Fishman in New Jersey said.
The indictment follows co-defendant Daniel Spitler's guilty plea on June 23 to the same charges. Spitler could face a 12- to 18-month prison term at his sentencing, which is scheduled for Sept. 28. [ID:nN1E75M1C6]
Auernheimer is a resident of Fayetteville, Arkansas, and has been free on bail. The federal public defender's office in Newark, which represents him, did not immediately return a call seeking comment.
Prosecutors in January accused Auernheimer and Spitler of using an "account slurper" to conduct a "brute force" attack over five days last June to extract data about iPad users who used the Internet through AT&T's network.
Both were affiliated with Goatse Security, a group of "self-professed Internet 'trolls'" who try to disrupt online content and services, prosecutors said.
The indictment details conversations in which Auernheimer is said to be discussing the hacking.
"If we get 1 reporters address with this somehow we instantly have a story," it said he wrote to Spitler on June 6, 2010. "HI I STOLE YOUR EMAIL FROM AT&&T WANT TO KNOW HOW?"
The next day, upon learning from Spitler that data on more than 100,000 accounts had been accessed, Auernheimer said "the more email addresses we get ... the more of a freakout we can cause," according to the indictment.
AT&T is a partner of Apple in the United States to provide wireless service on the iPad. After the hacking, it shut off the feature that allowed email addresses to be obtained.
The case is U.S. v. Spitler, U.S. District Court, District of New Jersey, No. 11-mj-04022. (Reporting by Jonathan Stempel; Editing by Phil Berlowitz)