Man convicted in massive database theft

August 12, 2005

Associated Press

http://www.msnbc.msn.com/id/8924987/



LITTLE ROCK, Ark. - A Florida man was convicted Friday of stealing information from data-management company Acxiom Corp. in what prosecutors said was the largest federal computer theft trial ever.

The jury convicted Scott Levine, the owner of defunct e-mail marketing contractor Snipermail.com, on 120 counts of unauthorized access to data, two counts of access device fraud and one count of obstruction of justice.

Jurors cleared Levine of 13 counts of unauthorized access of a protected computer, one conspiracy count and one count of money-laundering.

Statutory maximum sentences for his convictions total 640 years in prison and fines of $30.7 million, though his punishment likely will be much less under federal sentencing guidelines. Sentencing was set for Jan. 9.

Prosecutors said Levine and his company stole 1.6 billion customer records - the equivalent of 550 telephone books filled with names, e-mail and postal addresses. The government did not charge anyone with identity theft.

"We're very pleased with the outcome. We think it’s the appropriate verdict," U.S. Attorney Bud Cummins said outside U.S. District Court. "These are very serious crimes, a huge amount of data that was stolen for monetary gain and he should be held accountable. The jury apparently saw it that way."

Six Snipermail employees pleaded guilty to conspiracy charges and testified against Levine in the case.

In the trial, Levine’s lawyer, David Garvin, claimed Levine’s employees were guilty of the unauthorized downloads and tried to pin them on their relatively computer-illiterate boss. Levine said nothing as he left the courthouse with his wife, Sabrina.

Garvin said the verdicts were "compromised" because the jury found Levine guilty based on the same evidence jurors acquitted him on in the other counts.

"We thought that the jury had reached the correct conclusion when they found Mr. Levine not guilty of conspiracy and proceeded to find him not guilty on (other) counts," Garvin said. "We were very disappointed. We will go forward at this stage and try to clear Mr. Levine's good name."

Prosecutors say Levine ran Snipermail as a spam factory, devising computer aliases to get around industry blacklisting. Atlanta-based Experian Inc., one of the three credit bureaus that control consumer credit scores, said it was approached by Snipermail for a corporate buyout of its contact lists — which had been artificially enlarged through the theft of Acxiom’s data.

Although both sides in the trial acknowledge that Snipermail didn’t initially hack into the Acxiom server, prosecutors alleged Levine and subordinates unlocked some passwords to reach more Acxiom data in an effort to make Snipermail attractive for a multimillion-dollar buyout.

Acxiom stored the data for one of the advertisers with which Snipermail had a contract.

Through that relationship, Snipermail was given what should have been limited access to some data on Acxiom's servers. In April 2002, former Snipermail programmer Jeff Burstein entered an Acxiom server to find nearly unlimited access to personal customer records, including names, postal and e-mail addresses, bank and credit card numbers.

Security is crucial to the operation of Little Rock-based Acxiom, which serves large corporations by collecting and managing information for marketing purposes. In a statement Friday, Acxiom said that, since the unauthorized access was uncovered two years ago, the company has tightened its security.

"There is no evidence that any individuals are at risk of harm due to the breaches," the company said. "It is also important to note that only one external server was accessed, and there was no intrusion of Acxiom's internal security firewalls or internal databases."

The jury heard testimony for a month, and began deliberations Wednesday.


main page ATTRITION feedback