Spammer hit with criminal charges
Published: 22 Jul 2004 08:45 BST
A bulk emailer in Florida has been charged with electronically breaking into a massive data warehouse and stealing gigabytes of personal information on Americans, federal prosecutors said Wednesday.
Scott Levine, 45, of Boca Raton was indicted by a federal grand jury in Arkansas for allegedly breaking into Acxiom's servers and downloading 8.2 gigabytes of data in what the US Justice Department called one of "the largest cases of intrusion of personal data to date". Acxiom operates the world's largest repository of consumer data and counts as customers major banks, credit card companies, insurers and the US government.
A 31-page indictment released on Wednesday says that Levine, who ran Snipermail.com, and one or more conspirators accessed an Acxiom server used for file transfers and downloaded an encrypted password file called ftpsam.txt in early 2003. Then they ran an unnamed cracking utility on the ftpsam.txt file, were able to discover 40 percent of the passwords, and used those accounts to download even more sensitive information, the indictment says.
Levine and his cohorts allegedly incorporated "the stolen data into the Snipermail system" and resold it to clients, including a marketer working on behalf of a firm "engaged in the manufacture, sale and promotion of a brand-name pharmaceutical". It's unclear from the indictment how much of the alleged theft included email addresses versus physical mailing addresses, and the Justice Department did not immediately respond to queries.
Levine could not be reached through email or on the phone on Wednesday. While the Snipermail.com site is now offline, a company Web page stored by Archive.org in early 2003 touts Snipermail.com's "opt-in" mailing lists and stresses that "subscribers to that list have stated that they want to receive promotional messages."
Snipermail.com has drawn fire from anti-spam advocates in the past for falsely claiming to operate only "opt-in" lists. The company's domain name shows up on the Register of Known Spam Operations compiled by the Spamhaus Project, and 63 sightings of spam from Snipermail.com appear on Usenet's abuse-sightings discussion group.
Acxiom did not reply to questions about how many Americans were affected by the alleged disclosure. The company provided a statement saying that since 2003: "We've improved our intrusion detection, vulnerability scanning and encryption systems, enhanced our internal and external audit practices, and are fully committed to working with our clients and outside experts to ensure continuous improvement in our security environment... There is no indication that any individuals are at risk of harm due to the breaches."
Levine has been charged with 144 counts related to computer crime, with each file transfer listed as a separate violation of the law. The charges include conspiracy, unauthorised access of a protected computer, access-device fraud (because of alleged password misuse), money laundering and obstruction of justice for allegedly trying to conceal evidence and erase hard drives.
This is not the first prosecution to arise out of poor security practices on Acxiom's file transfer protocol (FTP) server. Last year, an Ohio man named Daniel Baas pleaded guilty to illegally entering Acxiom's FTP site. That investigation led federal police -- including the FBI and Secret Service -- to Levine, according to the Justice Department.
Did you find this article useful?
50 out of 96 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
