Fired AOL Engineer gets 15 Months

n3hat writes "A former America Online software engineer was sentenced to 15 months in prison for stealing 92 million screen names and e-mail addresses and selling them to spammers who sent out up to 7 billion unsolicited e-mail messages, according to this A.P. story in the Baltimore Sun."

Why jail?

[Eightyford]

I've never understood why non-violent criminals are even put into jail. Instead of us taxpayers paying about 25 grand a year for this guy(a number I pulled directly out of my ass, by the way); he should be forced to repay the damage that he has done. And, if it takes the rest of his life, then so be it; just don't let the guy declare bankruptcy (another thing I've never really understood).

Anyways, save jail for the murderers, rapists, and child molesters of the world. Make people like this guy, Martha Stewart, and Bernie Ebbers repay they're debt in other more productive ways.

That's quite a feat.

[Rocky1138]

I wonder how he stole them? And how long did it take for him to give them back? Did they ever find them?

The truth of the matter is...

[jhfry]

of those 92 million, only about 2 million actually use aol mail... the rest are people who used up thier free trial and moved on.

I mean seriously, you expect me to believe that AOL has 92 million paying customers?

Honestly if I were a spammer, I'd only pay half price for AOL addresses, the odds of someone reading your email (especially after filtering) is nearly zero.

Re:The truth of the matter is...

[YrWrstNtmr]

92 million screennames. A lot unused, of course, but each paying account can, and often does, have several screen names/email addresses. Each sucking down all that glorious spam.

Re:Why jail?

[YrWrstNtmr]

Repayment is only a deterrent if the perp has been less than successful. A millionaire spammer (Richter?) could consider that just the cost of business, and be on his merry way.

Re:In a related story...

[securitas]

Or maybe it means that novices sign up to become familiar with interacting with the online world.

Once they've become comfortable with using a computer and an online service, they feel that they can take the training wheels off and find things on the Web for themselves. The most common Internet activities are e-mail, Web and chat. You don't need AOL for those.

Read TFA

[Alomex]

If you read TFA you'll see that the AOLer got off easy because he pleaded guilty very early on. In contrast this Kevin Mitnick nitwit is even now trying to play the victim and not really sounding contrite about it.

Re:Why jail?

[Seumas]

That's why all the guys who ran Enron and Worldcom are in jail.

Oh, wait...

Re:15 months is all he got?!? Opinion folks - fair

[Mazem]

It all comes down to fear. People fear "hackers", and so hackers get tougher sentences.

Everyone understands the notion of an employee stealing personal information from their company. On the other hand, the average
American has no clue how hardcore hackers do what they do, or what they are capable of and so naturally hackers are feared. They are the "boogey man" of technology.

Next

[TRRosen]

what I want to know is when we can expect to hear about the conviction of the spammers he sold to. Obviously due to the size of the database (every AOL member ever apparently) they knew it was stolen. So we should see several spammers charged with 92,000,000 counts of recieving stolen merchandise right???

OK - no chance of the government being that smart... but it would be nice.

Re:Why jail?

[dal20402]

I agree with you that, in general, too many people are in jail.

But in cases of very costly (to the rest of us) and profitable (to the perp) white-collar crime, there is very little else that can serve as a deterrent. White-collar criminals tend to have a different attitude from low-level drug offenders: they aren't desperate or sick, and don't even recognize that what they're doing is wrong. Instead, they feel no guilt about gaming the system in any way possible (speaking in generalities, of course).

If you fine them, they'll hide their money (as another poster said). If you try to leverage their knowledge, they'll fail to cooperate. As long as you let them have their freedom, they'll find a way to beat you. The way to make them think twice is to take away their freedom.

If we put one white-collar perp in jail for every five low-level drug offenders we let out and put into intensive treatment programs, we'd make the market a more honest place and solve a lot of social problems at the same time.

Re:Please don't call him an "engineer"

[stygar]

And most of the people with titles like "software engineer" put just as much time, effort, and money into getting their computer science degrees.

I'll take "software engineer" off my business card as soon as I see engineering professors stop referring to themselves as "Dr.".

Re:Hypothetical Prison Conversation

[mhearne]

If I had to go to jail for a cybercrime, I would at least want the other inmates to understand the charge.

15 months really isn't that bad, he'll probably do a third of that with good time (5 months). But he'll have to be on probation for years, and nobody worth working for is going to want to let him do anything more than stuff resistors in circuit boards.

The trouble that comes after prison is often worse than doing the time itself.

Michael

Re:Ahh....

[Mahtar]

Yeah, hilarious. He desereved to be gang raped and/or forced to perform sexual favors for his crime that physicall harmed no one.

Also I guess I missed where the judge included "rape" in the 15 month jail sentence.

Internet tough guys, huh?

Re:Please don't call him an "engineer"

[Detritus]

Are you a P.E.? If not, you aren't legally a "real engineer" in many places.

Don't stow thrones in grass houses.

Re:Lemme get this straight

[firewrought]

Mitnick didn't steal anything? Mitnick allegedly copied and removed....software valued at $2,100,000.00.

I hate to take Kevin's side on this because his actions were illegal and immoral. However, it's very important to accurately appraise the costs (financial, emotional, cultural, etc.) of a crime. If the costs are exaggerated then justice is miscarried, tax money is misspent, the public is misserved, and third parties--such as policy makers, security analysts, and insurance companies--are misinformed.

The $2.1 billion number represents the cost to make the software. If Mitnick merely made an unauthorized copy, burned it to CD, and shoved it in a drawer somewhere, what part of that $2.1 billion did the companies lose? None. Nada. Business would continue uninterrupted.

Alternatively, suppose that Mitnick managed to destroy every copy of the software that the company owned. That would make the $2.1 billion a much more accurate assessment. The business could go bankrupt.

And then there's the middle ground... what about leaking secrets to competitors or providing binaries to black-market distributors? These are things that chip away at that $2.1 billion, but it's unlikely they erode it completely.

Of course, we haven't discussed administrative costs associated with mopping up and responding to the Mitnick incidents. We haven't factored in the intangible losses to privacy or even the hidden gains that might have come from the crime (e.g., if benign criminals attack you early and force you to beef up your security before the truly malignant ones arrive, haven't you inadvertly made money?)

A true valuation is perhaps impossible, but we can be more accurate than to assume that the unauthorized copying of private/proprietary information is directly equivalent to the theft of physical goods.

Re:Lucky guy

[Frogbert]

I think its kind of harsh that he was sent to prison, personally I think that prisons should be reserverd for people who present a physical threat to other people.

In a case such as this, while he may have caused damage and made some money off it, a significant fine would be ample. I mean its not like he is a danger to society if he doesn't get locked away.

Re:Lucky guy

[Anonymous Coward]

Mh? You delete 175 mails per second and only hit spams? You are quite efficent then.

Personally I think he ought to have gotten 15 years, but it's a start.

Re:What's his cellmate's name and address?

[Anonymous Coward]

prison rape is not funny.

Hate to break your bubble, but...

[Moraelin]

... we already have that system. You may notice that stuff like getting a different sentence for pleading guilty or cooperating with justice aren't new to this case. That's how the RL system works, and is supposed to work.

There is no such thing as purely objective justice, where the sentence is just spat out based on a formula. (Just feed the crime in, have a computer churn a few seconds, spit out the exact number of days in jail.) It's not even supposed to work that way.

As for who picks the nitwits, that's the judge. There's a reason laws give him/her a very broad interval and let him/her decide where in that interval you fit.

The job of justice isn't just to dish out punishment, but to hopefully reduce crime. And not just from a theoretical humanitarian point of view. There just isn't place in prisons to give maximum sentence to everyone. It's a limited resource, and you have to decide how much of it is _needed_ to help keep crime down.

So a judge's job _is_ to decide, among other things, what the risks are of you doing it again if he/she let you go.

If you've spent _years_ doing the same kind of crime, and still maintain that it was within your rights to do so and it's the victim's fault if their front door lock could be lockpicked (or their network could be broken into)... you've just convinced him/her that if you were let go, you'd run do the same.

So, yes, the moral of the story is: if you're a twit with the judge, he _is_ entitled to have the last laugh. That guy/gal isn't the enemy, and may well even be looking for an excuse to give you community service or a fine instead. (Like he suggested in this case at one point.) But if you tell him basically "bah, they deserved having their house/network/whatever burglarized, and you guys are victimizing me by trying to keep me from doing it again", congrats, you've just shot yourself in the foot.

Re:Lemme get this straight

[tnk1]

Oh yeah, the problem with Mitnick is no one knew what to do with him, so they overreacted. I mean everyone thought he was going to hack into the WOPR and play a game of global thermonuclear war. :) Today, its a bit different because we know that crap only happens in movies. Back then, though, it was different.

Mitnick also really had skills and the ability to break *into* things he wasn't associated with. This dude downloaded the member database using his internal knowledge and some other people's access. There really wasn't any threat of Sir Spamalot here breaking into the Defense Department. Mitnick probably couldn't do that either, but at least he could have made a real attempt at it if he'd been so inclined.

In the end, this guy did more damage, but he's basically a screw up that isn't worth the FBIs time to violate his rights. He did what probably dozens of AOL employees could do if they decided to do without their conscience or ethics. He effectively shoplifted from his own store. Big deal.

Re::-) I hope you too get assraped :~P

[Adnuo]

I actually registered to reply to this. I'm really glad that someone finally stopped the "ZOMG i hope j00 get t3h raped in teh assz0r LOLOLOL spammar!" comments and brought a real light to the situation. Sorry, sodomy isn't a joke. Just glad someone said it :)

He *did* represent a physical threat

[Solandri]

7 billion spams. Say 99% of them were caught by spam filters or went to bogus addresses. That leaves 70 million spams people had to deal with by hand. If it took one second to delete each of those spams, that means he cost everyone an aggregate 2.2 years of life. If someone imprisoned you in front of a computer hitting delete over and over for 2.2 years, wouldn't you consider him to be a physical threat to you and others?

Why is it that people think a distributed crime is any less of a crime? Do you think it'd be OK if he stole $130,000 from a bank? Then why do you think it's OK that he stole $0.0019 each (1 second's wages at $6.75/hr) from 70 million people? They work out to the same amount of money.

Re:Lucky guy

[term8or]

The thought of spending time in a nasty prison has got to be a pretty good deterrent against white-collar crime.

Actually, the fact that you can't get a white-collar job for years after you get out of prison is more of a detterant.

Re:define irony

[dakryx]

The snail mail version of spam is what essentially finances the USPS, without it your typical letter would cost much more to send.

Re:Please don't call him an "engineer"

[Moraelin]

I'll kindly point your attention to one of the definitions you yourself have highlighted: " 1. The application of scientific and mathematical principles to practical ends such as the design, manufacture, and operation of efficient and economical structures, machines, processes, and systems. "

You may notice certain words in there like "scientific" or "mathematical". So, sad to say, an ex-burger-flipper who faked a resume and copies-and-pastes from tutorials he doesn't even _understand_, doesn't fit that definition any way you want to stretch it.

I've worked with people who know their trade and spent two decades learning to do a solid engineering job even without a university degree, yes. But the vast majority of ex-burger-flippers turned VB "engineers" just because it paid better, nope, sorry, are not doing anything even _vaguely_ resembling engineering. (Software or otherwise.)

The vast majority don't even understand the most elementary _basics_ of the science or mathematics behind it. And show no sign of even trying to learn. They'll just do a copy-and-paste job (sometimes via memory, but copy-and-paste job nevertheless) from some tutorial they've seen somewhere, without even understanding what or why happened there.

I fondly call it "cargo cult programming."

The story behind "cargo cults" is that in WW2 airplanes dropped food and supplies on various islands to support their troops there. A lot missed the mark and were found by natives instead. Who never understood what happened there, but some proceeded to pray to the mysterious metal birds to come drop more stuff. And when that didn't happen, they carved statues of airplanes and prayed to them some more.

Well, that's the kind of code I see every day. Code written by someone who never even understood wtf _is_ a factory, or a singleton, or whatever (and much less _mathematical_ stuff like why an algorithm is "O(n*log n)" and another is "O(n*n)" and why the heck that matters. Or even what that funny "O" notation means.) But they proceeded to dutifully make their own mental cult around them, and carve statues to those all over the code.

For bonus points, when the statue they carve isn't even of a pattern that makes sense. Nah, it's of some stupid "optimization" that actually worked only in Java 1.0 or only with a very specific C compiler on some obscure platform, and only under very specific circumstances. But they never understood all that, so they'll faithfully carve statues of it all over the place, in the _awfully_ wrong places.

If that's applying scientific or mathematical principles... eh, I rest my case.

Re:He *did* represent a physical threat

[kesuki]

That's what a 'throw away' account like a hotmail acocunt is for, you simply stop reading it and it shuts down you only check it when expect an automated response form some website x that needed a valid e-mail etc... never have to click delete :p

but yeah, before yahoo's filter started catching 99% of all the spam instead of having 6-7 spams a week to delete, i'd have 100-200 pwer day. before that i had to manually try and use spamcop. that was even more than 1 second per spam, more like half a minute. yahoo eventually had to bump up storage, and then stop counting spam as storage space to 'deal' with the issue. how much money a year does yahoo spend storing spam? how much resource? not to mention all the bandwith and space they're using on the whole internet mail infrastructure spam is by no means 'free' and the sad thing this guy is getting 15 months for 'stealing' the list of addresses, not for spamming.

Re:In a related story...

[LnxAddct]

For all this shit people give AOL, I recommend it to every novice user I know. It has integrated spyware detection, some of the best spam and phishing blocking, comes with access to AOL's large library of music and videos, news, etc... It sets up your buddy list and everything for you. All of this is accessible by running one program, and for all of the functionality packed into it, the gui isn't half bad. For the price you pay, you can't beat it.

Most people think that it is just a regular ISP but it isn't. You get a ton of extras to go along with it (streaming music, videos, stock tracking, games, spyware removal, a clean inbox, self configuration, and alot more). Very rarely will you see spam coming from an AOL user, if you do see it, it's probably being forged from somewhere else. Considering all of the zombies that comcast and verizon let live on their networks, AOL's active approach seems refreshing. Just like credit card companies, if they notice unusual activity, they'll notify you, if its really bad they'll lock your account until you can let them know that it isn't a spammer that took control of your account. Anyway... even if AOL is just for noobs, I'd rather most peopl be using AOL for Broadband, rather then Comcast and degrading the quality of the net.
Regards,
Steve

Re:Well, see, that's just the point

[mnoel2]

I know everyone loves that Steve Jobs quote about decreasing boot time*, and I know a distributed crime is still a crime, and I figure that white-collar criminals are probably the group of lawbreakers most likely to be swayed by 'examples' of horribly disproportionate punishments for crimes --

but to claim that being violently raped, repeatedly, is an acceptable repayment to society for any crime, is a sign that some people here need to unplug a bit. If you get more bent out of shape over spam than large scale violence against fellow people, no matter what laws or social boundaries they've crossed, then I sincerely hope I am never on the recieving end of your decision-making process. It's just junk mail. Yeah, it sucks; but if someone gave a nation the choice between everyone receiving junk mail every day, or having a specific individual gang raped, I should hope the nation would be enlightened enough to deal with the stupid colored pamphlets.

For the love of all that's right, end prison rape. [spr.org]

* It goes something like "It's my moral responsiblity to decrease the Mac's boot time, because if I shave ten seconds off, and have 5 million users, and they each use their Macs for so many years, I'll have saved fifty lives". Uncle Google is failing me right now...

Re:Lucky guy

[TGK]

I hate to say it, but given the responce from people here over Kevin Mitnick's conviction, I'd say that a life - or very long sentence - prohibiting the use of certain technologies would be an adequate deterant.

Sure, Kevin got a bum rap - and I don't want to drag up that debate, so if you think I'm full of crap just let it drop on that count - but his sentence gave most of us pause.

I'm not saying that a sentence like that would do a hell of a lot for the kind of white collar crime you see in accounting and other diciples of its ilk, but in the IT industry that kind of sentence could go a long way.