America Online, which has sued hundreds of spammers, has gone after one of its own.
AOL worked with law enforcement officials toward the arrest of Jason Smathers, 24, of Harper's Ferry, W. Va., an employee who has since been fired from the company's Dulles headquarters. Authorities have accused Smathers of stealing the company's entire subscriber list of 92 million customer screen names on May 19 or 20, 2003, and selling it to an Internet marketer, Sean Dunaway, 32, of Las Vegas. The list represented about 30 million customers, who each have the ability to create multiple screen names.
A spammer uses fraud, deceit and evasion to send unsolicited junk e-mail or spam to consumers online. The e-mail is usually promotional in nature and similar to junk mail.
Smathers and Dunaway were charged last week with conspiracy to transport stolen goods across state lines, gaining access to computers and sending bulk emails with disguised origins. They each face up to five years in prison and at least $250,000 in fines.
Smathers was hired as an AOL software engineer in 1999. He allegedly sold the list to Dunaway for $100,000; Dunaway, who is in the Internet gambling business, used the list to send his own bulk e-mails and to sell it to others for the same purpose, the court document said.
SECRET SERVICE Special Agent Peter Cavicchia detailed the crimes in the court file.
Records found in Smathers' work computer reflect his e-mail dialogue with Dunaway as they planned the theft and tested computer processes to execute it, the court document said.
Other records in Smathers' computer showed him communicating with Dunaway "utilizing Internet communication methods and channels that are designed for secret, encrypted communications," the document said.
Authorities learned about the crimes from a source who bought a copy of the list from Dunaway, the court document said. "The source has provided information and assistance to the Government in the hope of receiving leniency concerning his/her participation in the conspiracy described herein. The information provided by the source has been reliable, and has been corroborated by independent information, as described more fully herein," the document said.
Dunaway told the source that he was making $10,000 to $20,000 per day on the list, the document said.
The source paid $52,000 for the list last year and $32,500 for an updated list of 18 million screen names in March 2004, the document said. The shorter list also contained zip codes, telephone numbers, credit card types (but no actual credit card numbers) and account numbers — information that is stored separately from the screennames at AOL. Some of that data resulted from merging the AOL names with other publicly available Internet databases, the document said.
Smathers allegedly infiltrated the AOL Data Warehouse by using the account of an AOL employee who works in Tucson, Ariz., and who had access rights to the data. He committed the crime from his home and at work, the document said.
AOL spokesman Nicholas Graham said AOL blocks 2.5 billion pieces of spam daily. It also provides a number of tips on how a member can block spam. Logged-in AOL members can access them by clicking on "keyword," typing in the word "spam," and pressing "enter."
He advised members it is not necessary to change their screen names, because spam will continue to be a factor. "We deeply regret what has happened," he said. "We'll continue to tighten our procedures."
ASKED WHETHER AOL was going to provide a remuneration for the members representing the 92 million screen names, Graham said, "I think AOL is a victim here also. This was a very devious, rogue employee who, as far as we can tell, was acting on his own and in a criminal way.
"We have done the responsible thing in reporting it and [telling] the authorities what took place."
Graham said AOL has filed about 30 lawsuits "against hundreds of alleged spammers and companies who have spammed, and won millions of dollars in judgments and many, many court injunctions to stop the spam."
Jon Miller, chairman and CEO, wrote an inner-office e-mail to AOL employees saying that the company will pursue every lead to shut down spammers. "We will do so even if that takes us inside AOL and reveals we have a bad actor we have to root out and turn over to the authorities," he said.
AOL's cooperation with law enforcement officials on this case should send another clear message, he wrote. "We will absolutely not tolerate wrongdoing by employees. … Instances of unethical or illegal behavior threaten our most precious commodity - our members' trust. As a company, we must expect that everyone abide by the highest ethical standards."