Feeds

Acxiom database hacker jailed for 8 years

Florida spammer off to slammer

High performance access to file storage

A Florida man has been jailed for eight years after being convicted of stealing vast amounts of personal information from Acxiom, one of the world's largest database companies, in order to inflate the value of his spamming firm.

Scott Levine, 46, of Boca Raton, Florida, was found guilty by an Arkansas jury in August of 120 counts of unauthorised access of a protected computer, two counts of access device fraud, and one count of obstruction of justice, the Justice Department announced. The former head of defunct bulk mail outfit Snipermail.com was cleared of 14 conspiracy charges and money laundering at the end of a trial that lasted almost a month.

Prosecutors described the case as the "largest ever invasion and theft of personal data" ever tried. In court, Levine and Snipermail.com were accused of stealing 1.6bn customer records containing details of the names, addresses and emails of millions of Americans from Acxiom databases during a total of 137 hack attacks between January and July 2003. He was not accused of involvement in identity theft but some of the data was resold to a broker for use in a spamming campaign.

Weak access controls allowed Snipermail.com to illegally access reams of data thanks to a business relationship between Acxiom and one of Snipermail's clients. Snipermail.com should have only been given strictly limited access to Acxiom's databases, but instead was allowed the run of the lan(d). In a DoJ statement, prosecutors said Levine used "sophisticated decryption software to illegally obtain passwords and exceed his authorised access to Acxiom databases". The purloined data was used to inflate Snipermail's contact list and make it a more attractive target for acquisition.

Evidence of Snipermail's alleged assault was discovered by investigators probing a separate security breach at Acxiom. Daniel Baas, 25, of ZCincinnati, Ohio, pleaded guilty to that attack in December 2003. He was jailed for 45 months in March 2005.

"The investigation of cybercrime, particularly as it relates to computer intrusion, is one of the FBI's top priorities," FBI special agent William C Temple said. "Working with our counterparts from the US Secret Service, we were able to quickly recover the stolen data and prevent its use in a wide range of fraud schemes. The success of this investigation should send a strong message to those who might consider becoming involved in similar criminal activity."

Acxiom clients include 14 of the 15 biggest credit card companies, seven of the top ten auto manufacturers and five of the top six retail banks. The company also analyses consumer databases for multinationals such as Microsoft, IBM, AT&T and General Electric.

Arkansas-based Acxiom has overhauled security since the attacks were uncovered. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.