UM e-mail hacker gets jail time, probation

Posted Sept. 25, 2009, at 1:12 a.m.

BANGOR, Maine — A former University of Maine business student was sentenced Wednesday in Penobscot County Superior Court to 18 months with all but 30 days suspended for aggravated criminal invasion of computer privacy while a student at the University of Maine. He will serve the sentence in the Penobscot County Jail.

James Wieland, 27, of Lewiston also was sentenced to two years of probation, according to the Penobscot County District Attorney’s Office.

In a plea agreement with prosecutors, Wieland admitted he had gained access to more than 200 e-mail addresses through the university’s First Class e-mail system from August 2007 until his arrest in November 2008.

He faced up to five years in prison and a fine of up to $5,000.

Penobscot County District Attorney R. Christopher Almy said Wednesday that conditions of Wieland’s probation do not limit his access to computers. He, however, must complete counseling to the satisfaction of his probation officer, Almy said.

Information about why Wieland spied on his fellow students was not available Wednesday. He apparently did not use the information, such as credit card numbers, for personal use since the judge did not order him to pay restitution.

At the time of Wieland’s arrest last November, investigators at the university likened the system he used to gain access to First Class accounts to a Trojan horse because the e-mails he allegedly sent out had addresses known to the recipient. University police told the Bangor Daily News they believed this was how Wieland gained access to an increasing number of accounts and was able to expand the number of addresses from which he could send messages.

He apparently sent students an e-mail that contained an attachment. That attachment was a keystroke logging program which, when downloaded, could read and record all of the keystrokes used on a computer. The program had the ability to log everything, including e-mail passwords, credit card numbers and personal information.

Since the breach, further safeguards have been put in place to keep someone from doing the same thing again, Joe Carr, spokesman for the university, said Wednesday.

At the time of his arrest last year, Wieland, who studied business at UMaine from 2000 until the spring of 2008, was working as development director of Trinity Catholic School in Lewiston, according to an Oct. 9, 2008, story in the Lewiston Sun Journal.

Wieland founded Optec Industries, which started as a Web design and photography business, according to information on the company’s Web site, and then expanded into security consulting among other business areas.

A native of California, Wieland resigned from his job at the Lewiston school after his arrest, according to previous reports.