Home / World Business
Fri, Jun 25, 2004 - Page 12 News List

AOL worker nabbed for selling e-mail list to spammers

DATA THEFT Officials said a Virginia man stole 92 million screen names along with postal codes and other information


Millions of America Online (AOL) customers were hit with junk e-mail after a company insider stole the Internet giant's subscriber list and sold it to spammers, prosecutors say.

The scheme resulted in AOL customers being sent unsolicited advertisements for herbal penile enhancement pills and Internet gambling come-ons, prosecutors said Wednesday.

Officials said Jason Smathers, 24, stole 92 million AOL screen names while working at AOL offices in Dulles, Virginia, and sold the list to a Las Vegas, Nevada, man, Sean Dunaway. Dunaway used it to send gambling ads and then sold it to spammers, a criminal complaint said.

Smathers' list also included customer postal codes and credit card types, prosecutors said. AOL said it did not appear that Smathers had gained access to credit card numbers, which the company keeps in a separate facility.

Smathers and Dunaway, 21, were arrested and charged with conspiracy.

"We deeply regret what has taken place and are thoroughly reviewing and strengthening our internal procedures as a result of this investigation and arrest," AOL spokesman Nicholas Graham said.

AOL has about 32 million customers worldwide, Graham said.

Many customers register several different screen names for family members or themselves.

David Kelley, the US attorney for Manhattan, said the arrests were two of the first prosecutions under federal anti-spamming legislation that took effect early this year.

Each man could face up to five years in prison and at least US$250,000 in fines if convicted.

Smathers was not authorized to have access to the screen name list, but used another employee's access code last year to steal it, prosecutors said. AOL fired Smathers on Wednesday.

In other developments, four large Internet service providers -- AOL, Yahoo, EarthLink and Microsoft -- agreed to a partial truce on Tuesday in their battle with one another over potential technology to stop junk e-mail in hopes that they can devote their united energy to fighting spam.

Most spam, and nearly all of the messages in the rapidly growing identity theft fraud known as phishing, uses a fake return address. Many experts suggest that a system that could identify and discard such falsely addressed messages is one of the most potent possible anti-spam weapons.

AOL and EarthLink said on Tuesday that they would use Domain Keys by the end of the year. Yahoo said it would probably start using both Domain Keys and Sender ID by the end of the year.

Microsoft did not commit to using Domain Keys, saying it is still evaluating it and some other approaches like one recently proposed by Cisco.

This story has been viewed 3088 times.

Comments will be moderated. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned.

TOP top