4Law – 22/2/06
Scott Levine Gets 8 Years in Data Theft Case
WEDNESDAY, FEBRUARY 22, 2006
TDD (202) 514-1888
FORMER OFFICER OF INTERNET COMPANY SENTENCED IN CASE OF MASSIVE DATA THEFT FROM ACXIOM CORPORATION
WASHINGTON, D.C. – Scott Levine, 46, was sentenced today to 96 months in federal prison after being found guilty on Aug. 12, 2005, by a jury in Little Rock, Ark., of 120 counts of unauthorized access of a protected computer, two counts of access device fraud, and one count of obstruction of justice, the Justice Department announced.
The sentence was handed down by U.S. District Judge William R. Wilson in the Eastern District of Arkansas.
“This sentence reflects the seriousness of these crimes,” said U.S. Attorney Bud Cummins of the Eastern District of Arkansas. “At first blush, downloading computer files in the privacy of your office may not seem so terribly serious. But, if you are stealing propriety information worth tens of millions of dollars from a well-established and reputable company, you can expect to be punished accordingly.”
“Neither the Internet nor cyberspace will ever be a safe haven for individuals who attempt this type of cyber crime. The Secret Service, along with our law enforcement partners, will hunt you down, keystroke by keystroke, until you face a jury of your peers,” said Brian Marr, Special Agent in Charge of the Little Rock office of the U.S. Secret Service. “The Secret Service’s investigation regarding this type of crime has been and will always be a top priority.”
“The investigation of cyber crime, particularly as it relates to computer intrusion, is one of the FBI’s top priorities,” said William C. Temple, Special Agent in Charge of the Little Rock office of the Federal Bureau of Investigation. “Working with our counterparts from the U.S. Secret Service, we were able to quickly recover the stolen data and prevent it use in a wide range of fraud schemes. The success of this investigation should send a strong message to those who might consider becoming involved in similar criminal activity.”
Levine, of Boca Raton, Fla., was the controlling owner of Snipermail, Inc., a Florida corporation engaged in the business of distributing advertisements over the Internet to e-mail addresses. While working with others at Snipermail, Inc., he stole more than one billion records containing personal information – including names, physical and e-mail addresses, as well as phone numbers – belonging to Acxiom Corporation clients, from approximately January 2003 through July 2003. Acxiom is a large repository for personal, financial and company data, including customer information for other companies.
Levine used sophisticated decryption software to illegally obtain passwords and exceed his authorized access to Acxiom databases, which contained information belonging to Acxiom’s clients. Former Snipermail employees, who agreed to cooperate with the federal investigation, testified to how Levine and others concealed physical evidence relating to the intrusions and thefts of data.
There is no evidence to date that any of the data stolen by Levine or others associated with this investigation has been used in identity theft or credit card fraud schemes. However, some of the data was resold to a broker for use in an ad campaign.
The criminal investigation was jointly conducted by the FBI and the Secret Service, with assistance from the U.S. Attorney’s Office for the Southern District of Florida. The case was prosecuted by Assistant U.S. Attorneys George C. Vena, Todd L. Newton, and Karen L. Coleman from the Eastern District of Arkansas and Trial Attorney Amanda M. Hubbard of the Criminal Division’s Computer Crime and Intellectual Property Section.
4Law – 13/8/05
Scott Levine, left, of Florida, the owner of the now defunct e-mail marketing contractor Snipermail.com, leaves the Little Rock, Ark., federal courthouse with his wife Sabrina, right, Friday, Aug. 12, 2005. Scott Levine was convicted Friday on 123 counts in the theft of 8.2 gigabytes of data from Little Rock-based Acxiom Corp. (AP Photo/Mike Wintroath)
4Law - 22/7/04
ALLEGED ACXIOM HACKER INDICTED
It could be one of the largest cyber crimes in
Wednesday federal investigators arrested a Florida man, saying he hacked into the company's computer system causing seven million dollars worth of damage. Federal investigators say 45-year-old Scott Levine from Boca Raton, Florida stole the personal information of millions of people. They say he was able to get names, addresses, and in some cases even credit card numbers. The Special Indictment includes the US DOJ CCIPS Chief Martha Stansell - Gamm Signature Here her 4Law Cyber Crimes Page Video…
Acxiom,The Little Rock, Arkansas, company, which made $958 million in revenue last year from selling people's names, addresses and profiles is one of the world's largest data aggregators, Acxiom, one of the world's largest data aggregators, has information about virtually every adult in America. It also manages and enhances data for major banks, insurers, direct marketers, the credit bureau TransUnion and others. It has developed some of the world's most sophisticated data analysis software.
A Look Inside:
Some of the most respected companies in the world are clients of Acxiom – a leader in customer and information management solutions. At the heart of each of our solutions -- from customer data integration to IT outsourcing -- are our data center facilities. What sets Acxiom apart from competitors? Here are just a few of the reasons:
· Acxiom houses 850 terabytes of online system storage...enough capacity to contain the entire contents of the U. S. Library of Congress 42 times.
· Acxiom controls 14,000 MIPS of mainframe processing power… 3 times what a worldwide insurance or telecommunications company might house.
· 4,500 servers and midrange systems are under management...a number more than 6 times the capacity of the nation's largest retailers.
Acxiom maintains security procedures to help ensure that information will not be made available to any unauthorized person or business. We use a variety of multi-level security systems to control access to our services and information products. All users at client locations, as well as all Acxiom associates, must have the appropriate access codes and be expressly authorized to access certain data and applications.
Acxiom Chief Security Officer Frank Caserta leads the development and execution of Acxiom’s security strategy. which includes risk assessments and regular audits on our internal and external information systems to maintain the integrity of our information. Acxiom's enterprise security operations center maintains real-time monitoring for information system vulnerabilities and unauthorized access attempts into internal systems. We also maintain appropriate physical security for our facilities and limit access to certain critical areas of the business.
Acxiom Corporation was involved in an incident where some of the data we process was unlawfully accessed. Upon learning of the incident in August 2003, Acxiom took action to remove this exposure. Acxiom takes the security of our systems very seriously, and we believe those who unlawfully intrude on our systems should be dealt with by the criminal justice system. To that end, the US Department of Justice has indicted the individuals responsible.
Since this crime was uncovered and halted, Acxiom has made a strong security system even stronger. With the appointment of Chief Security Officer Frank Caserta, we have developed and launched a comprehensive security strategy. We’ve improved our intrusion detection, vulnerability scanning and encryption systems, enhanced our internal and external audit practices, and are fully committed to working with our clients and outside experts to ensure continuous improvement in our security environment.
Acxiom is also pleased to report that no evidence has been detected – after extensive criminal investigations, client audits, and our own research - that would indicate that any identity theft or fraud was committed against any individuals and no such crime has been reported as a result of these intrusions. It is also important to note that the criminals accessed one external server and did not penetrate Acxiom's internal security firewall.
In the Acxiom case, the unauthorized access occurred as information was being exchanged between Acxiom and some of our clients via one external File Transfer Protocol (FTP) server, a common method in which companies exchange data via the Internet. Not all Acxiom clients nor all clients using this FTP server were affected, and only a small portion of all the information Acxiom processes for our clients was accessed. No breach of Acxiom’s corporate security firewall occurred.
The files that were accessed contained a wide variety of client information, some of which was personally identifiable and some of which was not. Most of the data was non-sensitive, and some of the data was encrypted.
Because the information belongs to Acxiom’s clients, we are not authorized to answer questions from individuals about whether their information was accessed in the breach.
We deeply regret the concern that this incident has created for individuals and for our clients.
If you have questions about our commitment to security, please contact our Security Notice Hotline at 501-342-7722 (toll free 1-877-774-2095) or send an e-mail to email@example.com. We will make every effort to answer your questions.
Prosecutor Sandra Cherry announces the indictment of Scott Levine on charges of stealing millions of names and addresses. (Mike Wintroath -- AP)
U.S Department of
July 21, 2004
Contact: (202) 406-5708
UNITED STATES SECRET SERVICE JOINS FEDERAL TASK FORCE TO SOLVE MAJOR NETWORK INTRUSION CASE
(Washington, DC) – In what has been described as one of the most significant network intrusion cases involving unauthorized access to personal data, the federal Grand Jury in Arkansas today indicted the former owner of Florida-based e-mail marketing company, Snipermail, on a variety of charges, including: conspiracy, unauthorized access of a protected
computer, access device fraud, money laundering and obstruction of justice. Six other individuals associated with Snipermail have agreed to cooperate and have entered into plea agreements with the government.
In August 2003, executives from Acxiom Corporation, headquartered in Conway and Little Rock, Arkansas, became aware of an initial intrusion to their network by an individual in Ohio. A review of activity on the affected server revealed a second series of unauthorized downloads of data.
A federal task force comprised of special agents from the United States Secret Service and the Federal Bureau of Investigation, augmented by Assistant United States Attorneys from the Eastern District of Arkansas, determined the illegal intrusion had emanated from Snipermail, which is located in South Florida.
“With internet capabilities expanding rapidly around the globe, the reach and potential for criminal intrusion are greater than ever,” said Secret Service Director W. Ralph Basham. “Cooperation and partnerships have allowed us to focus our resources and respond quickly to uncover and prevent criminal activity such as network intrusions, financial fraud and other crimes.”
The enormity of this investigation required utilizing agents assigned to the Secret Service’s Electronic Crimes Special Agent Program and the Miami Electronic Crimes Task Force, as well as the FBI’s Regional Computer Forensics Lab, the Department of Justice’s Computer Crime and Intellectual Property Section and computer investigative specialists from the
Internal Revenue Service. Investigators assigned to Secret Service and FBI field offices in Little Rock, Miami, West Palm Beach, and Cincinnati were actively involved in the investigation.
“The positive outcome of this investigation is testament to the strong partnerships we have established with our counterparts at the headquarters and field offices of various organizations, from the FBI and Department of Justice to the Internal Revenue Service and U.S. Attorneys’ Office in Little Rock,” said K.C. Crowley, Special Agent in Charge of Secret Service’s Little Rock Field Office. “Furthermore, I commend Acxiom Corporation for their cooperation and responsible approach to the situation. Acxiom’s quick response in contacting federal investigators after determining there had been a network intrusion should serve as a model for others in similar circumstances.”
The investigation moved rapidly against Snipermail in order to prevent the further compromise and use of the stolen personal and financial information. To date, federal investigators have not uncovered any information suggesting the stolen data was used in any other fraudulent activity, such as identity theft or credit card fraud.
Acxiom is a publicly traded company with offices located throughout the world. The company headquarters are located in Conway and Little Rock, Arkansas. Acxiom provides data integration services for use by marketing departments and lists a number of Fortune 500 companies as its clients.
The United States Secret Service was originally founded in 1865 for the purpose of suppressing the counterfeiting of U. S. currency. Over the years it has grown into one of the premier law enforcement organizations charged with investigating financial crimes. The Secret Service has taken a lead role in the developing area of cyber crime, establishing working partnerships in both the law enforcement and business communities to address such issues as protection of critical infrastructure, internet intrusions and associated fraud.
# # #
EDITOR’S NOTE: For questions concerning this release, please contact the United States
Secret Service Office of Government and Public Affairs at (202) 406-5708.