In May of 2003, American Online (AOL) software engineer Jason Smathers used a low tech strategy to steal the private information of 30 million people. He simply stole a co-workers access codes to log in to the AOL private customer records server. Jason was able to steal some 92 million records which included screen names, e-mail addresses, telephone numbers, and the type of credit card (not credit card number) of 30 million AOL subscribers. It is estimated that this crime took him less than 30 days to complete.

Jason then sold the stolen data to Mr. Dunaway of Las Vegas for $27,000. Mr. Dunaway then used the data to advertise his online gambling web site. Mr. Dunaway then sold the data to known spammers for $52,000.

The U.S. Department of Justice prosecuted this case under the Can-Spam Act.

Jason pled guilty and was fined $84,000 and sentenced to 15 months in prison.

AOL estimated that Jason's crime cost them between $400,000 and $2,000,000.

Jason's use of a co-workers administrative logon was a low tech, effective method of bypassing AOL's strict corporate security system. Had Jason's co-worker protected his password better or simply changed it on a regular basis, this crime might never have happened.

The fallout of this crime is still unknown. If the data Jason originally stole is married with other stolen data to form a comprehensive profile of 30 million people, the possible ways in which this data can be used are almost endless but include identity theft and phishing scams to name a few.

This is perhaps the scariest thing about the information age characterized by millions of databases. A little stolen data here and a fine of $50,000 and prison time is just punishment for that single act; however, when that data is combined with other stolen data an entirely new severity of crime emerges. For example, let's say John is fined $100 for stealing 100 names. Another person named Jack is fined $100 for stealing 100 physical addresses. Another person named Jill is fined $100 for stealing 100 credit card numbers. Together the total fine comes to $300. Now here comes Bob with his own stolen list of credit card purchases. Bob merges his own stolen credit card purchases list, with the stolen names list, the stolen physical addresses list, and the stolen credit card numbers list. As a result he creates a new, much more ominous database that is a far greater invasion of privacy. He then can sell access to that database for millions of dollars. Indeed, the sum is truly greater than the individual parts in the Information Age. In this hypothetical situation it is clear that the fines of the individuals involved, $300, is not enough to administer proper justice nor is it a deterrent of this sort of crime.

Related posts:

1. Using Cellphone Reverse Lookup To Search Someone’s Information The reverse cellular phone lookup services has it made almost...
2. Discover the Secret Carnivore That Lies Hidden In Your Internet Connection Carnivore, also known as the Carnivore Electronic Communication Collection System,...
3. What type of technology and how does it work to sweep for hidden electronic devices? What kind of technology do they use when they build...
4. If Your Secret Intellectual Property Is Appearing On the Internet, You Could Be The Victim Of An Underground Espionage Syndicate Secret organizations exist that are paid to steal the data...
5. Record Telephone Calls Reveals Blagojevic Secret One of the most effective means of surveillance is the...