Slashdot Mirror

← Back to Stories (view on slashdot.org)

Consumer Database Company Hacked Again

Posted by michael on from the don't-worry-be-happy dept.

x-guru writes "CNN is reporting on the indictment of a Florida man on 144 identity theft charges including fraud, money-laundering, and obstruction of justice. Approximately 8.2 GB of data was stolen from Acxiom Corp, a company responsible for the storage of vast amounts of personal, financial and corporate data. It looks to be an inside job as six Acxiom employees have agreed to cooperate with the investigation." Acxiom was hacked last year as well.

6 of 230 comments (clear)

  1. Details... by Anonymous Coward · · Score: 5, Informative
    Remember last year when Acxiom had some "minor" security issues? It was slashdotted, here and here. Their nightmare is far from over. Just yesterday a 144-count indictment was slapped to Scott Levine, 45, of Boca Raton, Fla.-based Snipermail.com Inc. Levine was charged with conspiracy, unauthorized access of a protected computer, access device fraud, money laundering and obstruction of justice, according to the indictment. Did I mention he accussed of stealing about 8.2 gigs worth of data at the same time Daniel Baas was stealing gigs of data? Baas has already been conviced.

    THIS WAS NOT AN INSIDE JOB. Two people from different parts of the country were "hacking" Acxiom at the same time, using the same vulnerability. Neither of them even knew each other. Acxiom's security was a flaming turd.

    Search all the Daniel Baas articles and you will find he cracked a password file they had in a public directory on the ftp server. This guy did the same thing. Acxiom should be shutdown for their stupidity.

  2. Get your facts straight! by Anonymous Coward · · Score: 2, Informative

    It wasn't Acxiom employees that agreed to cooperate it was Snipermail employees. Man, people can't get facts straigh.

    "Snipermail employees have cut deals and aided federal investigators, prosecutors said.

    Also named in the indictment are Levine's brother-in-law Magdiel Castro; longtime business associate Jeffrey Richman, who operates Florida corporation RichMedia Inc.; systems administrator Jeffrey Burstein; Melvin Donald Atkinson, a computer analyst; Marcos Cavalcante, a graphic designer; and William F. Clinton, a computer specialist."

  3. The 6 insiders are NOT from Acxiom by Tex+Bravado · · Score: 2, Informative

    the cooperating employees are at snipermail,
    according to the CNN article.

  4. Re:What? by panda · · Score: 4, Informative

    Actually, the articel does NOT say that 6 Acxiom employees agreed to cooperate with the investigation. It says 6 employees of the "the company." Since Snipermail was the previous company mentioned, I took it to mean that 6 employees of Snipermail were cooperating with the investigation.

    At any rate, it never said 6 employees of Acxiom, so it is open to interpretation and poorly written. I think someone needs to clarify that point.

    --
    Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
  5. As usual, Slashdot doesn't RFTA - here are facts by GPLDAN · · Score: 2, Informative

    The people that cooperating are not from Acxiom. They are from snipermail. This scumbag Scott Levine and his half-brother, Miguel Castro (Jesus, you can't make these names up, truth is stranger than fiction) created a directed marketing "opt-in" scheme to sell email addresses. They hired a sysadmin by the name of William Clinton (ok, now this is getting positively 'Office Space' like. I'm suprised they didn't have Michael Bolton working there as well.) and good 'ol Billy found that Acxiom ran an unsecured FTP site, which you could CD to /etc and get the password file. He grabbed it and ran crack on it. He decoded 40% of the passwords. They started looging in with those usernames & passwords.

    They weren't clever enough to grab root and cover their tracks or overwrite logfiles, though. These toads remind me of Chris Cooper in Adaptation. Schemin Florida bums without too much upstairs.

    Acxiom hired a security firm to run an audit regarding the PREVIOUS break-in, and the team found that these morons were stealing reams of credit card data with the logins from companies like Microsoft and others. They were then selling the credit card numbers on the black market, mostly overseas.

    This whole sordid tale is laid out in the court documents, which are online and make for a great read. This Scott Levine reminds me of Scott Peterson, in sort of that creepy stupid way, where you know he did it just by the smirk on his face.

    Anyhow, these guys are going to federal pound-you-in-the-ass prison, and hopefully Bill Clinton will cooperate and get off since I doubt with a name like that, he would fare too well in prison.

  6. Re:disclosure by higginsm2000 · · Score: 2, Informative
    I think you are confused.

    In the UK with the Data Protection Act, you have a right to access any data held on any computer system that relates to you, and correct it if it is wrong, but the data does not belong to you IIRC. In fact Acxiom run a very similar operation (data for cash) in the UK too. So what "sensible countries" are you referring to?

    And seriously, I can't see how it could be otherwise. If a store collects data on you via a loyalty scheme, you are suggesting that that data belongs to you? The argument for that is very flimsy, but I would love to hear it...