Although its not the first conviction under the CAN-SPAM Act of 2003, the AOL phisher conviction this week is still newsworthy. At test? Can a Jury actually understand a spam case.
One of the arguments we've seen repeatedly as we try to get prosecutors to push forward with spamming cases is that they are "too technical" or "too boring" for jury appeal. The convictions so far have been largely based on the fact that, when faced with overwhelming evidence, spammers cop a plea.
So what was this case about?
Jeffrey Brett Goodin, a 45 year old resident of Azusa, California, hacked into a large number of EarthLink accounts (poor passwords and dictionary attacks, I believe), and used those accounts to send emails to AOL users. The AOL customers would receive a spam telling them that their AOL billing information needed to be updated, or that they would lose their service.
Following the link in the email would lead to an AOL phishing site - a fake website that looked very official - which would ask personal questions including their billing information.
Although the headline says "AOL Phisher Faces up to 101 Years in Prison", this blogger bets that on the June 11th sentencing we'll be lucky to see 7 years.
One note on "swift action" . . . Goodin was arrested on January 26, 2006 - so just 10 days short of one year later for a trial.
Goodin, who went by the creative hacker alias "The Hacker", had been a fugitive from the law for four months prior to his ultimate capture. On July 24, 2006, Goodin's photograph was posted on the FBI's "wanted" website as a fugitive. The original arrest press release, which credited the Los Angeles Electronic Crimes Task Force, and the Ontario Police Department with supporting the arrest, said Goodin faced up to 30 years in prison.
The additional charges occurred as a result of crimes committed during his four months of "fugitive" status after failing to appear for his bond hearing, according to this later Press Release from the LA FBI office. The additional charges includes Failure to Appear, and Witness Harassment.
Congratulations all around and all that, but ONE jury conviction in three years? With spam comprising 90% of all the email on the planet? Let's get that fixed!