AOL Employee Arrested in Spam Scheme 428
LostCluster writes "The AP, Reuters, and AOL's own CNN/Money are all reporting that AOL employee Jason Smathers has been arrested and accused of taking a list of 92 million screennames from the internal AOL system, and selling it to another man, who allegedly used it 'to promote his own Internet gambling business and also sold the list to other spammers for $52,000'. Not surprisingly, Smathers has been fired."
Re:Fired? (Score:5, Informative)
And I don't think anyone can argue that there's cause here.
Re:Arrested and accused... how about convicted (Score:5, Informative)
I'm the government. I can't do anything prison-like or fine-like to you without convicting you first.
Hi.
I'm your employer. Unless you have a contract stating otherwise, odds are you're an at-will employee, which means *I can fire you for just about any reason I want*.
Re:That's a lot of names... (Score:2, Informative)
Re:Fired? (Score:2, Informative)
More details (Score:3, Informative)
Re:Access? (Score:5, Informative)
Re:This reminds me (Score:1, Informative)
Now, if your
Say what?? (Score:2, Informative)
Re:Access? (Score:5, Informative)
Re:This reminds me (Score:2, Informative)
That's why they moved the passwords to the (non world readable)
Though if you're really cool you'd move that to LDAP. If configuring pam, nss, openldap and samba wasn't such a PAIN IN THE ASS (why cant ldap clients just agree to read one conf file, why do I have to deal with
Secure authentication against an LDAP directory. What a concept. Wonder who does that, oh yeah, Windows 2000 and up. Meanwhile here I am sending out MD4 password hashes to authenticate against samba, one of the biggest security faults of NT4.0 that's now embraced by the OSS community for some reason. (Andrew, Samba needs to function as an Active Directory controller! Accept nothing less!)
Anyways, you need to upgrade, fella. There shouldn't be anything special in
Re:AOL's New Slogan (Score:5, Informative)
Re:That's a lot of names... (Score:5, Informative)
The chances of an AOL user falling for a spam-scam are probably good. They already fell for one scam, so they've proven themselves to be targets already.
Comment removed (Score:5, Informative)
Re:AOL's New Slogan (Score:5, Informative)
Mr. Spammers, please delete all @aol.com email addresses in you list, yeah right!
My girlfriend recently recovered an account that has not been active in 3 1/2 years, it still gets flooded with spam despite 3 1/2 years of not existing.
I doubt AOL users will be much better off unless they want to create a new alias.
Perhaps... (Score:2, Informative)
$25,000? (Score:5, Informative)
Former AOL employee Smathers sold the initial list for an unmentioned amount to Dunaway (the spammer) then Smathers sold an updated list to Dunaway for $100,000. Dunaway sold lists to other spammers for $52,000.
Smathers & Dunaway to AOL members: "All your screenname are belong to us!"
I expect something like this happened at eBay a while back. I changed my email address for eBay to a new mailbox. A few weeks later someone spammed it offering to sell lists of eBay members. Then spam followed, usually from phishers.
Re:AOL's New Slogan (Score:2, Informative)
Re:Now do the same over at MSN/Hotmail (Score:2, Informative)
Re:AOL's New Slogan (Score:3, Informative)
Re:92 million?? (Score:3, Informative)
RTC! (Score:2, Informative)
He also e-mailed himself logs of his IM conversations with the buyer, which his AOL laptop stored away, to wit:
"I think I found the member database . . . Just need to figure out how to get the SNs [screen names] it is spread over like 30 computers . .
OK, I got it figured out . . . there are going to be millions of them so, will take time to extract I will do them a chunk at a time . . . "
Most interestingly, the government isn't just charging him with theft; it's also charging him with conspiracy to spam, under the so-called Can-Spam Act enacted late last year.
Re:Security? (Score:2, Informative)
It explains exactly how he was caught. AOL looked at the datestamps in the file that the Secret Service showed them, then correlated that with database access logs and determined whose computer was using the database at the time. It was so easy that it's clear this crook never expected to be caught. But, AOL would never have noticed this activity if nobody had asked them to look. Apparently, they did not monitor database usage in any way before this happened. Maybe now they will.
I seriously doubt AOL's DBMS would "grind to a halt" doing a straightforward query of any scale.
Re:Fired? (Score:3, Informative)
From this [bls.gov] (pdf) article in the "Monthly Labor Review" written by Charles J. Muhl, Esq. "In legal terms, though, since the last half of the 19th century, employment in each of the United States has been "at will," or terminable by either the employer or employee for any reason whatsoever. The employment-at-will doctrine avows that, when an employee does not have a written employment contract and the term of employment is of indefinite duration, the employer can terminate the employee for good cause, bad cause, or not cause at all"
In the footnotes, it is noted that "This article does not address statutory exceptions to employment at will. Many such exceptions have been enacted at both the Federal and State level." examples given are federal laws against discrimination, and some states laws against termination for 'whistleblowing'.