[ISN] Convicted data thief gets eight years

InfoSec News isn at c4i.org
Thu Feb 23 04:35:47 EST 2006


By Declan McCullagh 
Staff Writer, CNET News.com
February 22, 2006

A bulk e-mailer who looted more than a billion records with personal
information from a data warehouse has been sentenced to eight years in
prison, federal prosecutors said Wednesday.

Scott Levine, 46, was sentenced by a federal judge in Little Rock,
Ark., after being found guilty of breaking into Acxiom's servers and
downloading gigabytes of data in what the U.S. Justice Department
calls one of the largest data heists to date. Acxiom, based in Little
Rock, says it operates the world's largest repository of consumer
data, and counts major banks, credit card companies and the U.S.  
government among its customers.

In August 2005, a jury convicted Levine, a native of Boca Raton, Fla.,
and former chief executive of a bulk e-mail company called
Snipermail.com, of 120 counts of unauthorized access to a computer
connected to the Internet. The U.S. government says, however, there
was no evidence that Levine used the data for identity fraud.

Prosecutors had asked for a longer sentence, but expressed
satisfaction with an eight-year prison stay. "This sentence reflects
the seriousness of these crimes," said U.S. Attorney Bud Cummins of
the Eastern District of Arkansas. It also includes a $12,300 fine;  
restitution has not yet been determined.

According to court documents, Levine and others broke into an Acxiom
server used for file transfers and downloaded an encrypted password
file called ftpsam.txt in early 2003. Then they ran a cracking utility
on the ftpsam.txt file, prosecutors said, discovered 40 percent of the
passwords, and used those accounts to download even more sensitive

When it was in operation, Snipermail.com drew fire from antispam
advocates for falsely claiming to operate only "opt-in" lists. The
company's now-defunct domain shows up on the Register of Known Spam
Operations compiled by the Spamhaus Project, and dozens of sightings
of spam from Snipermail.com appear on Usenet's
news.admin.net-abuse.sightings discussion group.

Acxiom has said that after the 2003 intrusion, it improved its
intrusion detection, vulnerability scanning and encryption systems.

This is not the first prosecution to arise out of poor security
practices on Acxiom's file transfer protocol server (FTP). An Ohio man
named Daniel Baas previously pleaded guilty to illegally entering
Acxiom's FTP site. That investigation led federal police--including
the FBI and Secret Service--to Levine, according to the Justice

Copyright ©1995-2006 CNET Networks, Inc. All rights reserved.


More information about the ISN mailing list