[ISN] Prosecutors cut 6 counts in Acxiom hacker case

InfoSec News isn at c4i.org
Wed Jun 29 01:04:58 EDT 2005


http://www.ardemgaz.com/ShowStoryTemplate.asp?Path=ArDemocrat/2005/06/28&ID=Ar02306&Section=Business

BY BRIAN BASKIN 
ARKANSAS DEMOCRAT-GAZETTE
June 28, 2005 

U.S. attorneys want to drop six of 144 charges against Florida spammer
Scott Levine, two weeks before he stands trial on charges that he
orchestrated a massive data theft from Little Rock's Acxiom Corp.
   
The six charges relate to instances where Levine is accused of gaining
access to an Acxiom server without downloading any data, according to
a Friday filing in the U.S. District Court for Arkansas' Eastern
District.
   
"It's a tenuous theory to push that the crime was committed on those
files," said U.S. Attorney Bud Cummins, who described the changes as
routine before a trial.
   
On July 11 in Little Rock, Levine will still face 133 counts of
unauthorized access of a protected computer. Each catalogues a
separate time between April 2002 and August 2003 when he reportedly
downloaded information about consumers from Acxiom.
   
The Boca Raton owner of the defunct bulk e-mail operation
Snipermail.com Inc. also is being tried for conspiracy, money
laundering, two counts of unauthorized possession of Acxiom passwords
and obstruction of justice.
   
U.S. attorneys also amended the indictment to ask that Levine forfeit
a Boca Raton home he bought after selling a home named in the July
indictment. Other homes near the property Levine owns sold recently
for between $1.1 million and $2 million, according to real estate
records.
   
"He sold [the first] house out from under us before we got our claws
into it," Cummins said.
   
At Levine's July 2004 indictment, a U.S. attorney said the breach "may
be the largest intrusion of personal data ever."
   
None of the stolen information was used for identity theft.  Instead,
Levine is supposed to have integrated the stolen data into Snipermail
databases and sold them to clients, according to the indictment.
   
Levine may have hacked into Acxiom servers as early as November 2001
but was only made known in August 2003 when the company checked its
servers in response to another hacking incident.
   
Daniel Baas, an employee of an Acxiom partner in Ohio, stole millions
of records between Dec. 10, 2002, and Jan. 2, 2003, but never used any
of the data.
   
He was sentenced in state 1 court in Ohio to 2 /2 years in prison in
October. In March, he was sentenced to 45 months in federal prison by
the U.S. District Court in Cincinnati.
   
Acxiom collects and analyzes data about virtually all U.S.  
households. It sells consumer information for marketing purposes and
assists clients with data processing.





More information about the ISN mailing list