Fired AOL Engineer gets 15 Months 371
n3hat writes "A former America Online software engineer was sentenced to 15 months in prison for stealing 92 million screen names and e-mail addresses and selling them to spammers who sent out up to 7 billion unsolicited e-mail messages, according to this A.P. story in the Baltimore Sun."
Why jail? (Score:5, Insightful)
Anyways, save jail for the murderers, rapists, and child molesters of the world. Make people like this guy, Martha Stewart, and Bernie Ebbers repay they're debt in other more productive ways.
That's quite a feat. (Score:3, Insightful)
The truth of the matter is... (Score:4, Insightful)
I mean seriously, you expect me to believe that AOL has 92 million paying customers?
Honestly if I were a spammer, I'd only pay half price for AOL addresses, the odds of someone reading your email (especially after filtering) is nearly zero.
Re:The truth of the matter is... (Score:3, Insightful)
Re:Why jail? (Score:5, Insightful)
Re:In a related story... (Score:4, Insightful)
Or maybe it means that novices sign up to become familiar with interacting with the online world.
Once they've become comfortable with using a computer and an online service, they feel that they can take the training wheels off and find things on the Web for themselves. The most common Internet activities are e-mail, Web and chat. You don't need AOL for those.
Read TFA (Score:5, Insightful)
Re:Why jail? (Score:2, Insightful)
Oh, wait...
Re:15 months is all he got?!? Opinion folks - fair (Score:3, Insightful)
Everyone understands the notion of an employee stealing personal information from their company. On the other hand, the average
American has no clue how hardcore hackers do what they do, or what they are capable of and so naturally hackers are feared. They are the "boogey man" of technology.
Next (Score:4, Insightful)
OK - no chance of the government being that smart... but it would be nice.
Re:Why jail? (Score:5, Insightful)
But in cases of very costly (to the rest of us) and profitable (to the perp) white-collar crime, there is very little else that can serve as a deterrent. White-collar criminals tend to have a different attitude from low-level drug offenders: they aren't desperate or sick, and don't even recognize that what they're doing is wrong. Instead, they feel no guilt about gaming the system in any way possible (speaking in generalities, of course).
If you fine them, they'll hide their money (as another poster said). If you try to leverage their knowledge, they'll fail to cooperate. As long as you let them have their freedom, they'll find a way to beat you. The way to make them think twice is to take away their freedom.
If we put one white-collar perp in jail for every five low-level drug offenders we let out and put into intensive treatment programs, we'd make the market a more honest place and solve a lot of social problems at the same time.
Re:Please don't call him an "engineer" (Score:2, Insightful)
And most of the people with titles like "software engineer" put just as much time, effort, and money into getting their computer science degrees.
I'll take "software engineer" off my business card as soon as I see engineering professors stop referring to themselves as "Dr.".
Re:Hypothetical Prison Conversation (Score:5, Insightful)
15 months really isn't that bad, he'll probably do a third of that with good time (5 months). But he'll have to be on probation for years, and nobody worth working for is going to want to let him do anything more than stuff resistors in circuit boards.
The trouble that comes after prison is often worse than doing the time itself.
Michael
Re:Ahh.... (Score:5, Insightful)
Also I guess I missed where the judge included "rape" in the 15 month jail sentence.
Internet tough guys, huh?
Re:Please don't call him an "engineer" (Score:4, Insightful)
Don't stow thrones in grass houses.
Re:Lemme get this straight (Score:4, Insightful)
I hate to take Kevin's side on this because his actions were illegal and immoral. However, it's very important to accurately appraise the costs (financial, emotional, cultural, etc.) of a crime. If the costs are exaggerated then justice is miscarried, tax money is misspent, the public is misserved, and third parties--such as policy makers, security analysts, and insurance companies--are misinformed.
The $2.1 billion number represents the cost to make the software. If Mitnick merely made an unauthorized copy, burned it to CD, and shoved it in a drawer somewhere, what part of that $2.1 billion did the companies lose? None. Nada. Business would continue uninterrupted.
Alternatively, suppose that Mitnick managed to destroy every copy of the software that the company owned. That would make the $2.1 billion a much more accurate assessment. The business could go bankrupt.
And then there's the middle ground... what about leaking secrets to competitors or providing binaries to black-market distributors? These are things that chip away at that $2.1 billion, but it's unlikely they erode it completely.
Of course, we haven't discussed administrative costs associated with mopping up and responding to the Mitnick incidents. We haven't factored in the intangible losses to privacy or even the hidden gains that might have come from the crime (e.g., if benign criminals attack you early and force you to beef up your security before the truly malignant ones arrive, haven't you inadvertly made money?)
A true valuation is perhaps impossible, but we can be more accurate than to assume that the unauthorized copying of private/proprietary information is directly equivalent to the theft of physical goods.
Re:Lucky guy (Score:4, Insightful)
In a case such as this, while he may have caused damage and made some money off it, a significant fine would be ample. I mean its not like he is a danger to society if he doesn't get locked away.
Re:Lucky guy (Score:1, Insightful)
Personally I think he ought to have gotten 15 years, but it's a start.
Re:What's his cellmate's name and address? (Score:2, Insightful)
Hate to break your bubble, but... (Score:3, Insightful)
There is no such thing as purely objective justice, where the sentence is just spat out based on a formula. (Just feed the crime in, have a computer churn a few seconds, spit out the exact number of days in jail.) It's not even supposed to work that way.
As for who picks the nitwits, that's the judge. There's a reason laws give him/her a very broad interval and let him/her decide where in that interval you fit.
The job of justice isn't just to dish out punishment, but to hopefully reduce crime. And not just from a theoretical humanitarian point of view. There just isn't place in prisons to give maximum sentence to everyone. It's a limited resource, and you have to decide how much of it is _needed_ to help keep crime down.
So a judge's job _is_ to decide, among other things, what the risks are of you doing it again if he/she let you go.
If you've spent _years_ doing the same kind of crime, and still maintain that it was within your rights to do so and it's the victim's fault if their front door lock could be lockpicked (or their network could be broken into)... you've just convinced him/her that if you were let go, you'd run do the same.
So, yes, the moral of the story is: if you're a twit with the judge, he _is_ entitled to have the last laugh. That guy/gal isn't the enemy, and may well even be looking for an excuse to give you community service or a fine instead. (Like he suggested in this case at one point.) But if you tell him basically "bah, they deserved having their house/network/whatever burglarized, and you guys are victimizing me by trying to keep me from doing it again", congrats, you've just shot yourself in the foot.
Re:Lemme get this straight (Score:2, Insightful)
Mitnick also really had skills and the ability to break *into* things he wasn't associated with. This dude downloaded the member database using his internal knowledge and some other people's access. There really wasn't any threat of Sir Spamalot here breaking into the Defense Department. Mitnick probably couldn't do that either, but at least he could have made a real attempt at it if he'd been so inclined.
In the end, this guy did more damage, but he's basically a screw up that isn't worth the FBIs time to violate his rights. He did what probably dozens of AOL employees could do if they decided to do without their conscience or ethics. He effectively shoplifted from his own store. Big deal.
Re::-) I hope you too get assraped :~P (Score:4, Insightful)
He *did* represent a physical threat (Score:5, Insightful)
Why is it that people think a distributed crime is any less of a crime? Do you think it'd be OK if he stole $130,000 from a bank? Then why do you think it's OK that he stole $0.0019 each (1 second's wages at $6.75/hr) from 70 million people? They work out to the same amount of money.
Re:Lucky guy (Score:2, Insightful)
Actually, the fact that you can't get a white-collar job for years after you get out of prison is more of a detterant.
Re:define irony (Score:2, Insightful)
Re:Please don't call him an "engineer" (Score:3, Insightful)
You may notice certain words in there like "scientific" or "mathematical". So, sad to say, an ex-burger-flipper who faked a resume and copies-and-pastes from tutorials he doesn't even _understand_, doesn't fit that definition any way you want to stretch it.
I've worked with people who know their trade and spent two decades learning to do a solid engineering job even without a university degree, yes. But the vast majority of ex-burger-flippers turned VB "engineers" just because it paid better, nope, sorry, are not doing anything even _vaguely_ resembling engineering. (Software or otherwise.)
The vast majority don't even understand the most elementary _basics_ of the science or mathematics behind it. And show no sign of even trying to learn. They'll just do a copy-and-paste job (sometimes via memory, but copy-and-paste job nevertheless) from some tutorial they've seen somewhere, without even understanding what or why happened there.
I fondly call it "cargo cult programming."
The story behind "cargo cults" is that in WW2 airplanes dropped food and supplies on various islands to support their troops there. A lot missed the mark and were found by natives instead. Who never understood what happened there, but some proceeded to pray to the mysterious metal birds to come drop more stuff. And when that didn't happen, they carved statues of airplanes and prayed to them some more.
Well, that's the kind of code I see every day. Code written by someone who never even understood wtf _is_ a factory, or a singleton, or whatever (and much less _mathematical_ stuff like why an algorithm is "O(n*log n)" and another is "O(n*n)" and why the heck that matters. Or even what that funny "O" notation means.) But they proceeded to dutifully make their own mental cult around them, and carve statues to those all over the code.
For bonus points, when the statue they carve isn't even of a pattern that makes sense. Nah, it's of some stupid "optimization" that actually worked only in Java 1.0 or only with a very specific C compiler on some obscure platform, and only under very specific circumstances. But they never understood all that, so they'll faithfully carve statues of it all over the place, in the _awfully_ wrong places.
If that's applying scientific or mathematical principles... eh, I rest my case.
Re:He *did* represent a physical threat (Score:3, Insightful)
but yeah, before yahoo's filter started catching 99% of all the spam instead of having 6-7 spams a week to delete, i'd have 100-200 pwer day. before that i had to manually try and use spamcop. that was even more than 1 second per spam, more like half a minute. yahoo eventually had to bump up storage, and then stop counting spam as storage space to 'deal' with the issue. how much money a year does yahoo spend storing spam? how much resource? not to mention all the bandwith and space they're using on the whole internet mail infrastructure spam is by no means 'free' and the sad thing this guy is getting 15 months for 'stealing' the list of addresses, not for spamming.
Re:In a related story... (Score:3, Insightful)
Most people think that it is just a regular ISP but it isn't. You get a ton of extras to go along with it (streaming music, videos, stock tracking, games, spyware removal, a clean inbox, self configuration, and alot more). Very rarely will you see spam coming from an AOL user, if you do see it, it's probably being forged from somewhere else. Considering all of the zombies that comcast and verizon let live on their networks, AOL's active approach seems refreshing. Just like credit card companies, if they notice unusual activity, they'll notify you, if its really bad they'll lock your account until you can let them know that it isn't a spammer that took control of your account. Anyway... even if AOL is just for noobs, I'd rather most peopl be using AOL for Broadband, rather then Comcast and degrading the quality of the net.
Regards,
Steve
Re:Well, see, that's just the point (Score:3, Insightful)
but to claim that being violently raped, repeatedly, is an acceptable repayment to society for any crime, is a sign that some people here need to unplug a bit. If you get more bent out of shape over spam than large scale violence against fellow people, no matter what laws or social boundaries they've crossed, then I sincerely hope I am never on the recieving end of your decision-making process. It's just junk mail. Yeah, it sucks; but if someone gave a nation the choice between everyone receiving junk mail every day, or having a specific individual gang raped, I should hope the nation would be enlightened enough to deal with the stupid colored pamphlets.
For the love of all that's right, end prison rape. [spr.org]
* It goes something like "It's my moral responsiblity to decrease the Mac's boot time, because if I shave ten seconds off, and have 5 million users, and they each use their Macs for so many years, I'll have saved fifty lives". Uncle Google is failing me right now...
Re:Lucky guy (Score:3, Insightful)
Sure, Kevin got a bum rap - and I don't want to drag up that debate, so if you think I'm full of crap just let it drop on that count - but his sentence gave most of us pause.
I'm not saying that a sentence like that would do a hell of a lot for the kind of white collar crime you see in accounting and other diciples of its ilk, but in the IT industry that kind of sentence could go a long way.