Latest episodes 
Subscribe 
Season 3 / Episode 257
Much like Aaron Swartz did, Andrew "weev" Auernheimer fought against the Computer Fraud and Abuse Act - a law both men belived to be dangerous and unjust. But unlike Swartz, the internet's own boy, weev is an unapologetic troll who spread bile and chaos wherever he goes, a man who seems to take pleasure in making others miserable. His fight raises a thorny question: when a bad person fights for a good cause, how should we feel about it?
- Episode 22
- Episode 23
- Episode 24
- Episode 25
- Episode 26
- Episode 27
- Episode 28
- Episode 29
- Episode 30
- Episode 31
- Episode 32
- Episode 33
- Episode 34
- Episode 35
- Episode 36
- Episode 37
- Episode 38
- Episode 40
- Episode 42
- Episode 43
- Episode 44
- Episode 45
- Episode 46
- Episode 47
- Episode 48
- Episode 49
- Episode 50
- Episode 51
- Episode 52
- Episode 53
- Episode 54
- Episode 55
- Episode 56
- Episode 57
- Episode 58
- Episode 59
- Episode 60
- Episode 62
- Episode 63
- Episode 64
- Episode 65
- Episode 66
- Episode 67
- Episode 68
- Episode 70
- Episode 71
- Episode 72
- Episode 73
- Episode 74
- Episode 75
- Episode 77
- Episode 78
- Episode 79
- Episode 80
- Episode 81
- Episode 82
- Episode 83
- Episode 84
- Episode 85
- Episode 86
- Episode 87
- Episode 88
- Episode 89
- Episode 90
- Episode 91
- Episode 92
- Episode 93
- Episode 94
- Episode 95
- Episode 96
- Episode 97
- Episode 98
- Episode 99
- Episode 100
- Episode 101
- Episode 102
- Episode 103
- Episode 104
- Episode 105
- Episode 106
- Episode 107
- Episode 108
- Episode 109
- Episode 110
- Episode 111
- Episode 112
- Episode 113
- Episode 114
- Episode 115
- Episode 116
- Episode 117
- Episode 118
- Episode 119
- Episode 120
- Episode 121
- Episode 122
- Episode 123
- Episode 124
- Episode 125
- Episode 126
- Episode 127
- Episode 128
- Episode 129
- Episode 130
- Episode 131
- Episode 132
- Episode 133
- Episode 134
- Episode 135
- Episode 136
- Episode 137
- Episode 138
- Episode 139
- Episode 140
- Episode 141
- Episode 142
- Episode 143
- Episode 144
- Episode 145
- Episode 146
- Episode 147
- Episode 148
- Episode 149
- Episode 150
- Episode 151
- Episode 152
- Episode 153
- Episode 154
- Episode 155
- Episode 156
- Episode 157
- Episode 158
- Episode 159
- Episode 160
- Episode 161
- Episode 162
- Episode 163
- Episode 164
- Episode 165
- Episode 166
- Episode 167
- Episode 168
- Episode 169
- Episode 170
- Episode 171
- Episode 172
- Episode 173
- Episode 174
- Episode 175
- Episode 176
- Episode 177
- Episode 178
- Episode 179
- Episode 180
- Episode 181
- Episode 182
- Episode 183
- Episode 184
- Episode 185
- Episode 186
- Episode 187
- Episode 188
- Episode 189
- Episode 190
- Episode 191
- Episode 192
- Episode 193
- Episode 194
- Episode 195
- Episode 196
- Episode 197
- Episode 198
- Episode 199
- Episode 200
- Episode 201
- Episode 202
- Episode 203
- Episode 204
- Episode 205
- Episode 206
- Episode 207
- Episode 208
- Episode 209
- Episode 210
- Episode 211
- Episode 212
- Episode 213
- Episode 214
- Episode 215
- Episode 216
- Episode 217
- Episode 218
- Episode 219
- Episode 220
- Episode 221
- Episode 222
- Episode 223
- Episode 224
- Episode 225
- Episode 226
- Episode 227
- Episode 228
- Episode 229
- Episode 230
- Episode 231
- Episode 232
- Episode 233
- Episode 234
- Episode 235
- Episode 236
- Episode 237
- Episode 238
- Episode 239
- Episode 240
- Episode 241
- Episode 242
- Episode 243
- Episode 244
- Episode 245
- Episode 246
- Episode 247
- Episode 248
- Episode 249
- Episode 250
- Episode 251
- Episode 252
- Episode 253
- Episode 254
- Episode 255
- Episode 256
- Episode 257
Hosted By
Ran Levi
Co-Founder @ PI Media
Born in Israel in 1975, Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.
In 2007, created the popular Israeli podcast, Making History, with over 16 million downloads as of Nov 2023.
Author of 3 books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.
Reach out to me via ran@ranlevi.com.
Special Guest
Tor Ekeland
A New York City based computer, trial and appellate lawyer.
Tor is a trial and appellate lawyer. He’s best known for representing hackers and white collar defendants in federal criminal court and on appeal. Tor also counsels businesses and individuals under investigation by the United States Department of Justice, and those needing counseling on U.S. and international computer laws.
Prior to starting the Firm, Tor was a complex commercial and securities litigator with the New York City office of Sidley Austin, LLP. At Sidley, he gained in depth experience representing individuals and business entities under government investigation by the United States Department of Justice for violations of the Foreign Corrupt Businesses Act, the SEC for securities fraud, as well as working on litigation involving complex financial derivatives. Businesses often turn to Tor for counseling on virtual currencies such as BitCoin, ICO’s, and the intersection of U.S. securities and computer laws.
Weev, Part 1
Tor Ekeland
By 2011, Tor Ekeland’s life was, to put it mildly, a mess. As a young 20-something, he dreamed of making it big in showbiz – but at 32 years old, after a long stint as a production manager in New York on Broadway, the glamor of theater had lost its luster.
“[Tor] And I was trying to sell out because I was like, what can I do? […] And at that point in your life when you know you’re like, I need to make money, and I need to survive, and I need to have a future.”
Disillusioned, Tor traded the drama of Shakespeare for the steady paycheck of a junior associate in a big New York City corporate law firm, specializing in commercial and securities litigation. On the outside, he might have looked like a success. But inside, he was anything but.
“[Tor] I lasted about five years there. I’m glad I did it. I learned a lot. But it made me an alcoholic, it was miserable. I’ve never been so unhappy.”
Tor decided to quit his job, and become a criminal defense lawyer, which he found to be a bit more exciting than dealing with securities. The only problem was that he had absolutely no experience in criminal law, and couldn’t get any clients. So, as he was turning 40, Tor’s life was basically falling apart: he was broke, an alcoholic, and his marriage was rapidly deteriorating.
But sometimes, when you’re at your lowest point, life has a way of throwing you a curveball.
“[Tor] And that was right about the time Occupy Wall Street was happening. And my wife at the time was starting her photojournalist career, and she’s since become very successful in front page New York Times. She shoots all over the world. But she was just starting out. So she was shooting Occupy Wall Street because her photojournalist style is anthropological. And one of the ways that she gets her shots is she spends a lot of time just, like, talking to people and getting to know them. So she gets access, like really close access. So there’s this guy at Occupy Wall Street holding a sign that says “Zionist pigs will kill us all.””
The Making of weev
The guy with the sign was Andrew Alan Escher Auernheimer, better known as “weev”.
He was born in 1985 in Arkansas. His parents describe him as an unusually bright kid: when he was just 14 years old, Andrew enrolled at James Madison University to study mathematics, although he dropped out after two years to focus on his real passion – computers.
Even as a kid, Andrew had a special talent for pissing off everyone around him. Years later, in an interview for a podcast aptly named OFFENZIVE, he recalled a story from when he was only ten years old.
“I liked to play MUDs when I was a kid. These are like ancient text based role-playing games. […] I found this MUD that had an integer underflow in the character creation process, where you could type -1, and that specific statistic would be 255. […] I made a script to create a character, this super overpowered character that could kill everybody in the game. […] I killed the entire player base of this MUD […] it was fun to like, totally ruin this game.”
It was a pattern that would repeat throughout Andrew’s life: boundless intelligence paired with an insatiable urge to provoke.
As he carved out his online persona, Andrew chose the handle “Evil Weevil.” He later shortened it to “weev”—not for simplicity, but because it made it easier to climb to the top of Google search results. If Andrew was going to provoke the world, he wanted to make sure everyone could find him.
And provoke he did. On his blog and across various online forums, weev became notorious for his inflammatory, extremist rhetoric. In one post from 2008, he wrote:
“For evolution to work, we must remove unfit specimens from the breeding pool. The physically unfit by birth should be exterminated in infancy. The physically unfit by accident and mentally unfit should not be supported by the state, forcing them to find a sustainable and simple way of life.”
For most people, views like this would spark universal condemnation. For weev, they were just another way to rile people up. He didn’t seem to care whether people admired him or hated him—what mattered was that they noticed him.
And by 2007, the public began to take notice. That year, weev was involved in one of the internet’s earliest high-profile cyberbullying incidents. The target was Kathy Sierra, a 57-year-old blogger and programming instructor. Kathy had angered trolls when she urged bloggers to moderate reader comments to create healthier, less toxic online spaces. To weev, that was a declaration of war.
He retaliated viciously. weev posted Kathy’s home address and Social Security number online, and fabricated claims that she was a former prostitute. He encouraged other trolls to join in, flooding Kathy with a torrent of harassment: she became a target for identity theft, and the rape and death threats came by the hundreds. The onslaught was so relentless, Kathy Sierra felt she had no choice but to withdraw from public life. She stopped blogging, canceled her speaking engagements, and disappeared from the internet for some six years.
It was weev’s first brush with infamy—and a preview of the chaos he would go on to unleash.
Somewhere along the way, he stumbled across a group that perfectly aligned with his ethos of provocation: the Gay Ni**er Association of America, or GNAA. Its members took their cues from a 1992 Danish satirical sci-fi film about intergalactic homosexual black men from the planet Anus—a setup as absurd as their own antics.
GNAA’s trolling campaigns spared no one. They spammed blogs, created shock sites filled with malware, and defaced Barack Obama’s campaign website. After Hurricane Sandy, they spread fake news to sow panic and confusion. The more chaos they caused, the more they reveled in it.
For weev, discovering the GNAA was a revelation. “The level of dedication applied to causing shit on the internet—it was mind-blowing,” he later recalled. “I was like, holy shit.” It wasn’t long before weev became a full-fledged member of the group—and eventually its president.
With a few like-minded members of GNAA, weev co-founded a security research group with a name as infamous as its trolling roots: Goatse Security. The name referenced a notorious obscene internet image, and the group’s motto—“gaping holes exposed”—was equal parts juvenile humor and a mission statement.
Weev doesn’t consider himself a highly sophisticated hacker, though. By his own admission:
“Seventy percent of things that I’ve done that have hit internationally syndicated press, I did with bash scripts that were so poorly written they would make any decent programmer cringe.”
What weev lacked in finesse, though, he made up for with knowledge and dogged persistence. In 2010, Goatse Security made waves by uncovering a flaw in Firefox that left the browser susceptible to cross-site scripting attacks, and a similar one in Apple’s Safari. The group’s discoveries straddled a strange line between genuine security research and the trolling chaos weev thrived on.
The AT&T Hack
In early 2010, Apple unveiled a game-changer: the iPad. Sleek, powerful, and futuristic, it quickly became a must-have gadget. But to truly unleash its potential, users needed internet connectivity. Apple partnered with AT&T to offer an unlimited 3G data plan for $30 a month—a deal too good to pass up for many early adopters.
Among those eyeing the new device was Daniel Spitler, a member of Goatse Security. There was just one problem: Spitler couldn’t afford an iPad. Still, that didn’t stop him from trying to take advantage of AT&T’s tempting data plan.
He purchased a SIM card similar to the ones used in iPads and inserted it into another device, hoping to trick AT&T into granting him access. But AT&T’s system wasn’t so easily fooled: The SIM card required registration through an actual iPad before the network would activate the plan.
Determined to find a workaround, Spitler began poking around the iPad’s operating system, trying to reverse-engineer the registration process. He discovered that during registration, the iPad contacted AT&T’s servers through a specific URL containing a unique identifier called an ICC-ID, or Integrated Circuit Card Identifier. The ICC-ID was tied to the SIM card, and each one was unique.
Spitler experimented, sending a request to AT&T’s servers with his ICC-ID. At first, nothing happened. But then he realized the servers weren’t responding because his request didn’t appear to be coming from an iPad. By spoofing the user agent field of his request to make it look like it originated from an iPad, he succeeded. AT&T activated the plan.
While testing the process, Spitler noticed something curious. AT&T’s system was designed to autofill the login form with the user’s email which was tied to their unique ICC-ID, so when he queried AT&T’s servers with his ICC-ID, they sent back his email address.
That’s when Spitler had an idea. If the servers responded with an email for one ICC-ID, what would happen if he incremented the ICC-ID and sent another request? He wrote a script called “Account Slurper” to automate the process, and within hours, he had collected 114,000 email addresses.
This wasn’t just any collection of email addresses. It was a who’s who of high-profile iPad users: media executives, politicians, celebrities. The list included New York Times Co. CEO Janet Robinson, ABC News anchor Diane Sawyer, and even New York City Mayor Michael Bloomberg.
Spitler shared his findings with his Goatse Security peers, including weev. Ever the showman, weev saw an opportunity for maximum impact. While Spitler had done the technical legwork, weev took charge of publicity. He crafted an email to several journalists using their own exposed email addresses to grab their attention. The subject line? “Hi, I stole your e-mail from AT&T. Want to know how?”
Gawker broke the story in June 2010 with the headline: “Apple’s Worst Security Breach: 114,000 iPad Owners Exposed.” The article was a bombshell, embarrassing both AT&T and Apple. AT&T, already notorious for poor service, was now publicly humiliated for exposing its most valuable customers.
But the celebration at Goatse Security didn’t last long. A few weeks later, the FBI raided weev’s home in Fayetteville, Arkansas, and arrested him. After struggling to scrape together enough bail, weev was eventually released from custody.
But the challenges didn’t end there. With no job and no steady income, he couldn’t afford an attorney to represent him in the case. He had been assigned a federal defender who urged him to accept a plea bargain: in fact, Daniel Spitler, his accomplice, agreed to such a deal and was sentenced to 12 months in prison. The prosecution in weev’s case was asking for the maximum prison term under the law: 5 years. But weev had no intention of signing any deals. He wrote the following in his blog.
“After meeting with upwards of a hundred attorneys I had resigned myself to running my case pro se, representing myself. I had only met a single competent attorney who understood the legal issues at hand in the case. They wanted a six figure sum to do it. After several years of nonstop federal harassment, I had not a dime to my name left. I went to Zuchotti Park and started trolling passersby with an inflammatory sign about [the Zionist Occupation Government]. As a result I met Tor Ekeland.”
Meeting with Tor
“[Tor] So my wife goes up to him and says, “You know, you’re not gonna be really popular in this town with that kind of sign, you know?””
True to form, weev wasn’t trying to be popular: he was at the Occupy Wall Street protest that day in 2011 for the sole purpose of sawing mayhem. And he was certainly successful: On his right was an Israeli man holding a sign saying “Fuck this guy”, with an arrow pointing at weev – and on his left were two women supporting Palestine, with their own sign which said “We’d fuck this guy.”
“[Tor] So she starts talking to him and the conversation turns to the fact that he’s being prosecuted for a computer crime, and he’s going to go to trial. And my wife knows that I really want to do a trial. […] So she comes back home and says, oh, I just met this guy. He’s been accused of computer crime and he’s looking for a lawyer.”
Tor googled weev’s name and quickly realized who he was dealing with. But Tor was so down on his luck, he just didn’t care.
“[Tor] I was like, OK, whatever. right like I got to do something. right like You’re desperate. And so I go to a bar, and I meet him, and we start talking. […] and I’m like, look, man I’ll rep you for free you know at trial but just understand i’ve never done a trial before and he just said to me – “yeah, that’s okay, Tor has kept me out of jail many a time.”
The Tor weev was referring to is the Tor network, an open source project that makes it more difficult to trace a user’s internet activity. Maybe the name Tor really was the deciding factor for weev — but maybe, just maybe, there was more to it than that. Perhaps, when he first met Tor Ekeland, he saw something that set the rookie lawyer apart from the typical buttoned-up attorney. Beneath the suit, there was still a glimmer of the actor Tor had once wanted to be—a trace of the performer, the spark of mischief that had never fully faded. Just listen to the way Tor warns us NOT to google the word Goatse…
“[Tor] They, you know, they had this security group called GOATSE. Do not Google it, G-O-A-T-S-E. You will regret it. You will not be able to unsee it. That’s G-O-A-T-S-E.“
Legal Debate
The next day, Tor began to formulate his strategy for trial. At the heart of weev’s case was a law enacted in 1986 called the Computer Fraud and Abuse Act, which prohibits unauthorized access to a protected computer.
The prosecution argued that what weev and Daniel Spitler did – incrementing ICC-IDs and probing AT&T’s servers – was no different than wandering through a neighborhood, trying doorknobs to see which doors had been left unlocked and then rifling through private drawers, exposing sensitive information that was never meant to be seen.
Furthermore, claimed the prosecution, AT&T’s servers weren’t open to just anyone; their design required specific steps to impersonate an authorized user – such as altering the user-agent field to make their requests appear as though they were coming from an iPad. In other words, this wasn’t just casual browsing—it was deception, an intentional circumvention of digital safeguards.
Tor built the core of weev’s defense around a simple argument: probing public-facing URLs couldn’t be considered unauthorized access. If the information was available on the open web, requiring no passwords or special permissions, how could retrieving it possibly constitute a crime?
“[Tor] unauthorized access is a really vague term […] Obviously if you hack something and, you know, you break a password or you brute force a password or whatever and […] you get into someone’s system. That’s an obvious case of unauthorized access, right? But cases came up like, is it unauthorized access to violate the terms of service to a social media site?
And there’s this famous case called Drew. I think it’s from like 2010 or nine or somewhere in there, where this woman, this mom lies about her age to get onto MySpace. Remember MySpace everybody? And it’s like a social media site. And she goes on there to harass her teenage daughter’s rival, right? Who’s another teenage girl. And that teenage girl commits suicide. cyberbullying. It’s a case of cyberbullying.
And so the federal government prosecutes under the CFAA under this theory of unauthorized access that because she lied about her age, she violated the terms of service to Myspace. And they get a misdemeanor, I think, conviction. And then Orrin Kerr comes in.”
Orin Kerr is a professor of law at UC Berkeley, and is considered the top expert on computer fraud and CFAA.
“[Tor] And he wins under the theory that lying about your age or violating a terms of service agreement can’t be unauthorized to access because then, you know, millions and millions of Americans are people all over the world. And You lie about your weight on a dating site, you yeah anything, right?
[Ran] Everybody, yeah.
[Tor] Like minor fibs or stupid stuff that you think doesn’t matter. All of a sudden there’s a felony, right? […] But there’s all sorts of debate over what unauthorized access means. And that’s what they charged Weave with […] well, is that any different really from a Google search? right like And if that was a felony, then your grandma doing a Google search in Kansas or wherever, she’s probably committing a felony because there’s no clear line there.”
The trial took place in New Jersey before a jury, and lasted a little more than a week – at the end of which the jury took just two hours to find him guilty. Tor wasn’t surprised; with weev’s toxic reputation and history of trolling, Tor had never expected much sympathy from the jury.
“[Tor] Our plan was to win on appeal. Of course you’re going to try to win the trial, but the conviction rate in federal criminal trials is something like 99%, So only a fool goes in, thinking of betting just all on winning. “
The day of sentencing arrived, and weev saw it as an opportunity—not for contrition, but for maximum publicity.
“[Tor] He looks at me and says, I want you to ask for the maximum sentence possible. And I’m like, what? I want you to ask for the maximum sentence possible. We’ll get the most publicity. I’m like, okay, dude, right? And I remember when I did that with the judge, she goes – yes, I think we can do that, right?”
Tor describes the tense atmosphere in the courtroom as everyone waited for the judge to deliver the sentence.
“[Tor] there’s all sorts of people outside the courthouse, and there’s cameras. And there’s U.S. Marshals are like the sort of security service for the U.S. courts, among other things. And usually when you go into the courthouses, they’re these sort of older men and women who are, you know, retiring. But I’m looking at the front of the courthouse, and there’s these guys that are like you know NFL football linebackers, standing in front of the courthouse, I’m like, the fuck is going on, right? Like it’s all this like, it’s almost like a Fellini moment, if you’ve ever seen any Fellini films. And so as long as people fall in the blue and the courtroom fills up, it’s packed with weev’s supporters and women and like, it’s wild. […] And so we’ve sitting down beside me and he’s got, okay, it was like a tablet or something that the judge let him have. So he’s like live tweeting the shit. Now I look back on it, I’m a little surprised that the judge allowed that, but okay, that’s what was happening.
[…] But at one point, a US Marshal comes up behind Weave and just says, give me your phone, you know give me your tablet. And Weave says, no.
Then the US Marshal, and I’m paraphrasing, says, oh, yeah, you stupid motherfucker, you want to fuck with me? And slams his face down into the table. He gets swarmed by all these linebacker NFL US marshals who’ve been sitting in the jury box. The entire courtroom erupts. Women are crying and screaming.
Right?[…] He gets mobbed, and he’s extending his hand with the tablet, like, in front of me, right, as they’re mobbing him, trying to give it to me. And I’ll never forget Judge Wiginton, just going, Mr. Ecklund.
Could you please take Mr. Arnheimer’s you know phone?” I’m like, sure. I take it, and they swarm him, and they grab him. And as he’s walking out, he yells, hail Eris, which is the, I guess, Greek god of chaos. And they march him to the back holding cell, and he comes back out a few minutes later in you know the orange jumpsuit and shackled by his ankles, and shackled by his hands. And then she gave him three and a half years.”
As weev was led away to serve his 3.5-year sentence, the task of freeing him fell squarely on the shoulders of Tor Ekeland, his inexperienced lawyer. With public hatred for his client running high, the odds didn’t look promising.
But then, an unexpected break. The Electronic Frontier Foundation (EFF), long-time critics of the CFAA, had been watching the trial from a distance. Now, they decided to step into the fight—and they didn’t come alone. Joining them was Orin Kerr, the nation’s foremost expert on computer crime law, and a formidable ally for the appeal.