Allen Eric Carlson inflicted spoofing attacks, forging the entry in the "From:" field of emails, to make it appear that prominent sports writers and editors were sending tirades against the Phillies baseball team to their contacts. The FBI brought Carlson up on 79 charges of computer fraud and identity theft and at the time of the indictment, Carlson faced a maximum sentence of 471 years in prison and fines amounting to over $117 million.
Disgusted by the Phillies' performance during the early 2000s, Carlson composed a series of profanity-laced rants and hacked into the computers of a number of sports journalism outlets to gain access to email addresses to use for his spoofing. His main targets were "The Philadelphia Inquirer," "Philadelphia Daily News" and the Phillies' organization itself. Carlson also used email addresses from The Sporting News, ESPN and Fox Sports to launch his spam attacks.
Consequences of Carlson's Attacks
Many of the writers whose addresses Carlson used received angry responses from their contacts, who wondered why they were on the receiving end of these tirades. Carlson also had an abundance of bad email addresses among the legitimate ones to which he sent his rants. When a tirade couldn't be delivered due to an email address being inactive or non-existent, the rant would be returned to the spoofed originating address. This triggered a torrent of returned email to the spoofed account. One of Carlson's victims received 60,000 returned emails as a result of failed deliveries.
Investigation and Arrest
Many of Carlson's victims contacted the FBI after having their computers hacked. The FBI determined that Carlson was the originator of the spam e-mail torrents, in part by using trace programs. Cogeco Cable of Burlington, Ontario, Canada provided crucial assistance by tracing a spam attack that originated from one of their customers' computers back to Carlson. FBI agents arrested Carlson on October 7, 2003. Carlson confessed to the attacks during his arrest, but Mark T. Wilson, Carlson's federal defender, maintained that Carlson didn't know that his actions were criminal.
Trial and Conviction
Wilson maintained that the case shouldn't be tried in a Federal court, as Carlson's actions didn't inflict $5,000 worth of damage on his victims, the legal damage threshold for sending a case to federal court. Assistant U.S. Attorney Michael L. Levy disputed this claim, saying that the time and financial costs of having technicians undo the damage Carlson inflicted to his victims' computer systems easily reached this threshold. U.S. Attorney Patrick L. Meehan used identity theft laws in prosecuting Carlson, the first time he'd used this legislation as a basis for prosecuting a computer-related offense. In the end, Carlson was convicted on all 79 counts of computer and identity fraud and was sentenced to 48 months in prison.
- Philly.com: Charges in Hacking Against Phillies. Authorities Arrested a Calif. Man
- Department of Justice: Disgruntled Phillies Fan Charged with Hacking Into Computers Triggering Spam E-Mail Attacks
- Philly.com: Trial Begins for Phillies Fan Accused of E-Mail Hacking
- Logical Security: To Catch a Thief
- Crime Classification Manual: A Standard System for Investigating and Classifying Violent Crimes; John Douglas, et. al.
- Department of Justice: Disgruntled Phillies Fan/Spammer Sent to Prison for Four Years
- russian soldier image by Alexey Klementiev from Fotolia.com