Officials arrested an America Online (AOL) employee for allegedly stealing millions of members’ screen names, which were later sold to spammers,” law enforcement officials and the ISP said Wednesday.
Jason Smathers was picked up at his home in Harpers Ferry, W. Va., this morning. The 24-year-old AOL computer engineer allegedly pilfered the screen names last spring and sold them to Internet marketer Sean Dunaway.
Dunaway, in turn, allegedly sold the list to spammers for $52,000. Later, the complaint alleges that Dunaway paid Smathers for an updated version of AOL’s list, which Dunaway also sold.
Dunaway, a 21-year-old Las Vegas resident, was also arrested at his home and is accused of using the screen names to illegally promote his Internet gambling operation.
Smathers and Dunaway face conspiracy charges under the newly enacted Can-Spam law, which took effect on January 1. If convicted, the two men could each face up to five years in prison and a fine of $250,000, or twice the gross gain from the offense.
AOL, the Internet arm of media giant Time Warner , alerted
authorities earlier this year after it uncovered the scheme while preparing litigation against a major spammer.
AOL said it’s not found any theft of credit card numbers or password information. Smathers has been fired and AOL is “absolutely committed to the full prosecution of the employee,” the company said. An AOL spokesman did not know how long Smathers had worked at AOL. Dunaway was not an AOL employee.
But the alleged theft included a staggering 92 million screen names (each AOL subscriber is entitled to seven names). According to the complaint, AOL maintained the customer list in a database at its Dulles, Va., facility.
Smathers was cleared to work in Dulles, but not authorized to access or copy the list, the complaint said. He allegedly used the identification code of another employee to get in.
From there, he “began assembling a complete list of AOL’s customer account screen names and related zip codes, credit card types (but no credit card numbers), and telephone numbers of AOL customers,” authorities said in a statement. AOL keeps credit card numbers in a separate storage area.
The spammers used the lists to market “herbal penile enlargement pills,” the complaint alleges.
David N. Kelley, U.S. Attorney for the Southern District of New York, said the U.S. Secret Service, New York Electronic Crimes Task Force, Washington, D.C., Electronic Crimes Task Force and Las Vegas Electronic Crimes Task Force collaborated on the investigation. He also credited AOL for its cooperation.