His crime involved taking advantage of eBay’s affiliate program.
Here’s how that program is supposed to work: If you own a website like this one, you can provide a link to eBay somewhere in a blog post. If a reader clicks on that link and buys something (anything!) on eBay, you receive a small commission in the process. For most people, that amounts to beer money. A few people are fortunate enough to make a pretty decent amount per month — maybe several hundred dollars.
Brian Dunning, in a 13-month span between 2006 and 2007, made $5,200,000.
How the hell did he do that?
Dunning admitted that he carried out his scheme by providing free applications at two of his websites that users could download and use on their own websites: ProfileMaps.info, which showed the physical location of visitors to a MySpace profile, and WhoLinked.com, which showed who was linking to the user’s website or blog. Both applications contained code Dunning had written that operated so that, when a user visited a website that had installed the application, the code would cause the user’s browser to receive a cookie with KFC’s ID number, even though the user did not click on an eBay ad or link, did not see any content from eBay’s website, and did not realize that his or her browser had been re-directed to eBay’s tracking server. As a result, KFC would be paid if that user subsequently conducted an eBay revenue action within a certain period of time.
In short, he wrote computer code that allowed him to receive a commission from eBay on purchases that had nothing to do with links that he provided on his site. He took advantage of the program, turning his company into the second largest eBay affiliate in the world, and his greed raised enough red flags that the feds eventually caught him.
Earlier this year, Nate Anderson at Ars Technica wrote about Dunning’s scam and how elaborate it became:
Dunning took steps to make this activity harder to detect. According to the government, his programs would not stuff cookies on any computers that appeared to be located in San Jose or Santa Barbara, California (the respective headquarters of eBay and of the outside company eBay used to manage the affiliate program). eBay further alleged that Dunning had programmed his tools not to double stuff machines that had been targeted before. After all, the presence of two eBay cookies bearing the same affiliate ID numbers might have raised a flag in eBay’s anti-fraud systems.
All this from a guy who didn’t even need the money.
The federal attorneys even made Dunning’s greed a focal point in their argument for a tough sentence:
Mr. Dunning did quite well. As the PSR notes… he was able to pay off his mortgage in 2007 using the proceeds of commissions paid to him by eBay. It is therefore ironic that one of the arguments Mr. Dunning may be expected to make in an effort to avoid prison is that, if he is sent to prison, he and his family might be forced to sell the house… — although, since there are no bank liens, it is unclear exactly who the Dunnings are expecting to force a sale: Mr. Dunning’s attorneys? His step-father? Regardless, like the “trauma” theme discussed earlier, the government would submit that any risk that Mr. Dunning might have to sell or refinance his home to pay legal fees falls into the category of a self-inflicted wound.
They asked for a 27-month prison sentence. They got 15. Even if that’s a relatively light sentence, it’s good to see a white-collar criminal get punished for once.
There’s also no shortage of irony in seeing a notable skeptic get taken down by even better skeptics who saw through his deceptions.
***Update*** (7:53p CT) : Dunning has issued a personal statement.