Feeds

Acxiom database hacker jailed for 8 years

Florida spammer off to slammer

Next gen security for virtualised datacentres

A Florida man has been jailed for eight years after being convicted of stealing vast amounts of personal information from Acxiom, one of the world's largest database companies, in order to inflate the value of his spamming firm.

Scott Levine, 46, of Boca Raton, Florida, was found guilty by an Arkansas jury in August of 120 counts of unauthorised access of a protected computer, two counts of access device fraud, and one count of obstruction of justice, the Justice Department announced. The former head of defunct bulk mail outfit Snipermail.com was cleared of 14 conspiracy charges and money laundering at the end of a trial that lasted almost a month.

Prosecutors described the case as the "largest ever invasion and theft of personal data" ever tried. In court, Levine and Snipermail.com were accused of stealing 1.6bn customer records containing details of the names, addresses and emails of millions of Americans from Acxiom databases during a total of 137 hack attacks between January and July 2003. He was not accused of involvement in identity theft but some of the data was resold to a broker for use in a spamming campaign.

Weak access controls allowed Snipermail.com to illegally access reams of data thanks to a business relationship between Acxiom and one of Snipermail's clients. Snipermail.com should have only been given strictly limited access to Acxiom's databases, but instead was allowed the run of the lan(d). In a DoJ statement, prosecutors said Levine used "sophisticated decryption software to illegally obtain passwords and exceed his authorised access to Acxiom databases". The purloined data was used to inflate Snipermail's contact list and make it a more attractive target for acquisition.

Evidence of Snipermail's alleged assault was discovered by investigators probing a separate security breach at Acxiom. Daniel Baas, 25, of ZCincinnati, Ohio, pleaded guilty to that attack in December 2003. He was jailed for 45 months in March 2005.

"The investigation of cybercrime, particularly as it relates to computer intrusion, is one of the FBI's top priorities," FBI special agent William C Temple said. "Working with our counterparts from the US Secret Service, we were able to quickly recover the stolen data and prevent its use in a wide range of fraud schemes. The success of this investigation should send a strong message to those who might consider becoming involved in similar criminal activity."

Acxiom clients include 14 of the 15 biggest credit card companies, seven of the top ten auto manufacturers and five of the top six retail banks. The company also analyses consumer databases for multinationals such as Microsoft, IBM, AT&T and General Electric.

Arkansas-based Acxiom has overhauled security since the attacks were uncovered. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New twist as rogue antivirus enters death throes
That's not the website you're looking for
ISIS terror fanatics invade Diaspora after Twitter blockade
Nothing we can do to stop them, says decentralized network
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.