A hacker charged with federal crimes for obtaining the personal data of more than 100,000 iPad owners from AT&T's website was found guilty on Tuesday.

Andrew Auernheimer, 26, of Fayetteville, Arkansas, was found guilty in federal court in New Jersey of one count of identity fraud and one count of conspiracy to access a computer without authorization.

The jury reached its verdict just hours after being sequestered.

Auernheimer tweeted to supporters that he expected the verdict and planned to appeal.

Auernheimer and Daniel Spitler, 26, of San Francisco, California, were charged last year after the two discovered a hole in AT&T's website in 2010 that allowed anyone to obtain the e-mail address and ICC-ID of iPad users. The ICC-ID is a unique identifier that's used to authenticate the SIM card in a customer's iPad to AT&T's network.

The iPad was released by Apple in April 2010. AT&T provided internet access for some iPad owners through its 3G wireless network, but customers had to provide AT&T with personal data when opening their accounts, including their e-mail address. AT&T linked the user's e-mail address to the ICC-ID, and each time the user accessed the AT&T website, the site recognized the ICC-ID and displayed the user's e-mail address.

Auernheimer and Spitler discovered that the site would leak e-mail addresses to anyone who provided it with a ICC-ID. So the two wrote a script - which they dubbed the "iPad 3G Account Slurper" – to mimic the behavior of numerous iPads contacting the web site in order to harvest the e-mail addresses of iPad users.

According to authorities, they obtained the ICC-ID and e-mail address for about 120,000 iPad users, including dozens of elite iPad early adopters such as New York Mayor Michael Bloomberg, then-White House Chief of Staff Rahm Emanuel, anchorwoman Diane Sawyer of ABC News, New York Times CEO Janet Robinson and Col. William Eldredge, commander of the 28th Operations Group at Ellsworth Air Force Base in South Dakota, as well as dozens of people at NASA, the Justice Department, the Defense Department, the Department of Homeland Security and other government offices.

The two contacted the Gawker website to report the hole, a practice often followed by security researchers to call public attention to security holes that affect the public, and provided the website with harvested data as proof of the vulnerability. Gawker reported at the time that the vulnerability was discovered by a group calling itself Goatse Security.

AT&T maintained that the two did not contact it directly about the vulnerability and learned about the problem only from a “business customer."

Auernheimer later sent an e-mail to the U.S. attorney's office in New Jersey, blaming AT&T for exposing customer data, authorities say.

"AT&T needs to be held accountable for their insecure infrastructure as a public utility and we must defend the rights of consumers, over the rights of shareholders," he wrote, according to prosecutors. "I advise you to discuss this matter with your family, your friends, victims of crimes you have prosecuted, and your teachers for they are the people who would have been harmed had AT&T been allowed to silently bury their negligent endangerment of United States infrastructure."

But prosecutors say his interest went beyond concern about the security of customer data.

According to the criminal complaint, a confidential informant helped federal authorities make their case against the two defendants by providing them with 150 pages of chat logs from an IRC channel where, prosecutors said, Spitler and Auernheimer admitted conducting the breach to tarnish AT&T's reputation and promote themselves and Goatse Security.

Spitler: I just harvested 197 email addresses of iPad 3G subscribers there should be many more ... weev: did you see my new project? Auernheimer: no Spitler: I'm stepping through iPad SIM ICCIDs to harvest email addresses if you use someones ICCID on the ipad service site it gives you their address Auernheimer: loooool thats hilarious HILARIOUS oh man now this is big media news ... is it scriptable? arent there SIM that spoof iccid? Spitler: I wrote a script to generate valid iccids and it loads the site and pulls an email Auernheimer: this could be like, a future massive phishing operation serious like this is valuable data we have a list a potential complete list of AT&T iphone subscriber emails ... Spitler: I hit fucking oil Auernheimer: loooool nice Spitler: If I can get a couple thousand out of this set where can we drop this for max lols? Auernheimer: dunno i would collect as much data as possible the minute its dropped, itll be fixed BUT valleywag i have all the gawker media people on my facecrook friends after goin to a gawker party

At one point the two discussed the legal risks of what they were doing:

Spitler: sry dunno how legal this is or if they could sue for damages Auernheimer: absolutely may be legal risk yeah, mostly civil you absolutely could get sued to fuck

At the same time, others on the IRC chat allegedly discussed the possibility of shorting AT&T's stock.

Pynchon: hey, just an idea delay this outing for a couple days tommorrow short some at&t stock then out them on tuesday then fill your short and profit Rucas: LOL Auernheimer: well i will say this it would be against the law ... for ME to short the att stock but if you want to do it go nuts Spitler: I dont have any money to invest in ATT ... Auernheimer: if you short ATT dont let me know about it Spitler: IM TAKIN YOU ALL DOWN WITH ME SNITCH HIGH EVERYDAY

In the wake of news stories about the breach, they allegedly discussed their failure to report the vulnerability to a "full disclosure" mailing list, as well as the opportunity to push their Goetse Security business as a result of the breach:

Nstyr: you should've uploaded the list to full disclosure maybe you still can Auernheimer: no no that is potentially criminal at this point we won Nstyr: ah Auernheimer: we dropepd the stock price Auernheimer: lets not like do anything else we fucking win and i get to like spin us as a legitimate security organization

Spitler pleaded guilty to the charges last year.