Employee sets off spam avalanche

A former America Online Inc. engineer has pleaded guilty to the charge of selling a staggering 92 million e-mail addresses and screen names to spammers while he worked for the firm.

The theft is estimated to have resulted in seven billion e-mails being sent from a variety of spammers, who barraged AOL subscribers with unsolicited communication.

The 24-year old engineer, Jason Smathers, had originally received US$28,000 from a company looking to push an offshore gambling website, but the e-mail details ended up in the hands of other spammers. The e-mail database is still believed to be in circulation, and is said to include multiple addresses used by customers, which explains the sheer volume of addresses involved.

In a mildly ironic twist, the judge in the case was reported to have said at a previous hearing that he’d decided to stop using the AOL service because of the volume of spam in his inbox.

Smathers has admitted he was able to steal the information by using the log-in details of another AOL employee at the company’s Virginia headquarters. This should serve as a working real-world reminder of how expensive information security means nothing if internal security is lax.

For the crime of trafficking stolen information across state borders, Smathers faces a likely sentence of up to two years, which will be set at a hearing on May 20. He may also be asked to pay several hundred thousand dollars to compensate his former employer for money spent putting right his actions.