Federal prosecutors and a former America Online Inc. software engineer have negotiated a tentative plea agreement over charges he stole more than 92 million e-mail addresses and sold them to Internet spammers, according to two people familiar with the case.
Jason Smathers, 24, of Harpers Ferry, W.Va., is scheduled to appear today in U.S. District Court for the Southern District of New York.
In exchange for a guilty plea by Smathers to violating the federal Can Spam Act, prosecutors will recommend a fine and up to two years in prison, said one person familiar with the agreement, who spoke on condition of anonymity because the court hearing -- and the judge's final approval -- was pending.
The case is among the earliest criminal prosecutions under the new anti-spam law, which went into effect in January.
The telephone number listed for Smathers in West Virginia had been disconnected, and Smathers did not return telephone messages left with family members. Smathers' attorney, identified in court papers as Faith A. Freidman, also did not return telephone calls. Federal prosecutors declined to comment.
Authorities said Smathers, who was fired by AOL in June, used another employee's access code to steal the valuable list of AOL's customers in 2003 from its headquarters in Dulles, Va., and sold it to Internet spammers for more than $100,000.
Court papers said Smathers sold the list to Sean Dunaway of Las Vegas, who used it to send unwanted gambling advertisements to subscribers of AOL, the world's largest Internet provider. Dunaway then sold the list to others, including one unidentified spammer who reported the theft to authorities this year after his own prosecution for spamming, court papers said.
AOL's investigators searched Smathers' company-owned laptop and found e-mails between Smathers and Dunaway, court papers said.
"It isn't going to be easy," Smathers wrote in one message. "I think I found the member database ... just need to get the (screen names) it is spread over like 30 computers.... You can't talk about this."
The stolen list of 92 million e-mail addresses -- a potential gold mine for spammers peddling loans, pornography, jewelry and prescription drugs -- included multiple addresses used by each of AOL's estimated 30 million customers. The list is believed to be still circulating among spammers, although America Online has taken aggressive steps to prevent unwanted e-mails from reaching subscribers.
Asked about the criminal penalties facing Smathers, AOL spokesman Nicholas Graham said, "Sic semper spammers," which translates from Latin as, "Thus always to spammers." He declined to comment further.
Brian McWilliams, a journalist who published "Spam Kings," a new book about e-mail spammers, said AOL subscribers were particularly targeted for unwanted sales pitches because spammers considered them to be Internet newcomers and less sophisticated. He said one well-known spammer, Davis Hawke, compared AOL subscribers to hunted deer.
"An AOL user is like a deer with a red ribbon in its antlers," McWilliams said. "They tend to be newcomers to the Internet, perhaps more naive or gullible, so they're very desired customers. Those guys target a lot of AOL members for that reason."