February 22, 2006 5:25 PM PST

Data thief gets eight years

A bulk e-mailer who looted more than a billion records with personal information from a data warehouse has been sentenced to eight years in prison, federal prosecutors said Wednesday.

Scott Levine, 46, was sentenced by a federal judge in Little Rock, Ark., after being found guilty of breaking into Acxiom's servers and downloading gigabytes of data in what the U.S. Justice Department calls one of the largest data heists to date. Acxiom, based in Little Rock, says it operates the world's largest repository of consumer data, and counts major banks, credit card companies and the U.S. government among its customers.

In August 2005, a jury convicted Levine, a native of Boca Raton, Fla., and former chief executive of a bulk e-mail company called Snipermail.com, of 120 counts of unauthorized access to a computer connected to the Internet. The U.S. government says, however, there was no evidence that Levine used the data for identity fraud.

Prosecutors had asked for a longer sentence, but expressed satisfaction with an eight-year prison stay. "This sentence reflects the seriousness of these crimes," said U.S. Attorney Bud Cummins of the Eastern District of Arkansas. It also includes a $12,300 fine; restitution has not yet been determined.

According to court documents, Levine and others broke into an Acxiom server used for file transfers and downloaded an encrypted password file called ftpsam.txt in early 2003. Then they ran a cracking utility on the ftpsam.txt file, prosecutors said, discovered 40 percent of the passwords, and used those accounts to download even more sensitive information.

When it was in operation, Snipermail.com drew fire from antispam advocates for falsely claiming to operate only "opt-in" lists. The company's now-defunct domain shows up on the Register of Known Spam Operations compiled by the Spamhaus Project, and dozens of sightings of spam from Snipermail.com appear on Usenet's news.admin.net-abuse.sightings discussion group.

Acxiom has said that after the 2003 intrusion, it improved its intrusion detection, vulnerability scanning and encryption systems.

This is not the first prosecution to arise out of poor security practices on Acxiom's file transfer protocol server (FTP). An Ohio man named Daniel Baas previously pleaded guilty to illegally entering Acxiom's FTP site. That investigation led federal police--including the FBI and Secret Service--to Levine, according to the Justice Department.

See more CNET content tagged:
Acxiom Corp., Snipermail.com, Arkansas, prosecutor, FTP

7 comments

Join the conversation!
Add your comment
Forced anti-PC Conditioning would be nice
Force this piece of **** to go through a drug and torture induced conditioning against ever manipulating any electronic data will be nice. It can't be trusted around electronics, EVER.
Posted by kamwmail-cnet1 (292 comments )
Reply Link Flag
You first...
:)
Posted by dave aszenine (16 comments )
Link Flag
I love news like this
Not only was he a hack but a spammer as well. I hope he ends up as a prison sex toy to a big man named bubba.
Posted by Seaspray0 (9714 comments )
Reply Link Flag
Gets eight years
This made my day. He should have received 18 years. That would really send a message to all the spammers, and data snatchers out there.
Good job
Posted by rlunderhill (17 comments )
Reply Link Flag
Data theft success is rampant
Excellent, the thief was caught, but not until he had already accessed and jeopardized numerous accounts. The problem here is that poor security practices come from a combination of not knowing the best solutions (encryption is great, but encryption with rights management is even better) and a fear of the massive overhead costs for implementing many of the "known" solutions. Get the facts and look to better, more cost effective solutions.

<a class="jive-link-external" href="http://www.essentialsecurity.com/educationalfacts.htm" target="_newWindow">http://www.essentialsecurity.com/educationalfacts.htm</a>
Posted by 209979377489953107664053243186 (71 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.