Milford Man Pleads Guilty to "Hacking" (December 18, 2003)
DOJ Seal
December 18, 2003

United States
Department of Justice
United States Attorney
Southern District of Ohio
Gregory G. Lockhart
221 East Fourth Street, Suite 400
Cincinnati, OH 45202
Contact: Fred Alverson
(616) 469-2057 ext. 1604


Milford Man Pleads Guilty to Hacking

Intrusion and Theft of Data Cost Company $5.8 Million

CINCINNATI -- Daniel Jeremy Baas, age 25, of 308 Valley Brook Apartments in Milford pled guilty in United States District Court here today to a one-count information charging him with exceeding authorized access to a protected computer and obtaining information, conduct that is commonly referred to as “hacking.”

Gregory G. Lockhart, United States Attorney for the Southern District of Ohio; Hamilton County Sheriff Simon Leis; James Emery, Special Agent in Charge, United States Secret Service; and Kevin Brock, Special Agent in Charge, Federal Bureau of Investigation, announced the plea entered today before United States District Judge Susan J. Dlott.

Baas was charged in August with illegally accessing, or “hacking” into a protected computer and stealing customer databases from Acxiom, a Little Rock, Arkansas-based company that manages customer information for credit card issuers, banks, automotive manufacturers, retailers and others. The total cost to Acxiom of Baas’s intrusion and theft of data is more than $5.8 million.

Baas faces a maximum penalty of five years in prison, a fine of $250,000 or twice the amount of gain or loss, and three years of supervised release.

According to a statement of facts filed with the guilty plea, Baas was the computer systems administrator for a Cincinnati company that did business with Acxiom. Baas was allowed to download files set aside for his employer on Acxiom computers.

“Baas committed a crime when he exceeded his authorized access, looked for and downloaded an encrypted password file, and ran a password cracking program against the file,”

Lockhart said. “Baas stole files that belonged to other Acxiom customers, and these files contained personal identification information.”

The statement of facts says Baas illegally obtained about 300 passwords, including one that acted like a “master key” and allowed him to download files that belonged to other Acxiom customers. The downloaded files contained personal identification information. The data stolen by Baas was not used for criminal or commercial purposes.

The cost to Axciom includes employee time, travel expenses, and payments for security audits and encryption software in addition to the value of the information he stole.

Baas is in state custody on other charges. Judge Dlott ordered him to remain in custody, pending sentencing. Judge Dlott will set a date for sentencing. “Cybercrimes pose a significant threat to our privacy, our safety, our financial soundness, and even our national security,” Lockhart said. “Cases involving cybercrimes will be prosecuted to the fullest.”

Lockhart commended the cooperative investigation of the Hamilton County Sheriff’s Office, the Secret Service, the FBI and Assistant U.S. Attorney Robert A. Behlen, Jr., who prosecuted the case.

Baas pled guilty to violating 18 U.S.C. § 1030(a)(2) and (c)(2)(B)(iii).

# # #