Three individuals have been indicted on federal charges after allegedly netting $2 million in commissions as a result of millions of unsolicited emails sent after hackers broke into marketing companies and stole 1 billion e-mail addresses.
While the defendants who have averaged fractions of a penny for every spam message sent, The New Zealand Herald reports that it’s the scale of the theft that has made the case significant in the eyes of federal authorities.
The marketing firms targeted by hackers were hit with spear-phishing campaigns in which booby-trapped emails were sent to company employees in order to gain access to internal networks. The penetration technique, which was used in the corporate cyber-attacks perpetrated against Google in China and Sony in Japan, is certainly nothing new, although it has proven over the years to be a successful intrusion technique in a hacker’s arsenal.
The marketing companies which were victimized in the attack are essentially email marketing middlemen providing bulk mailing services to their clients. The hackers who penetrated the firms using booby-trapped emails. Emails used to hack email companies, do you see the irony?
Not only did the hackers steal millions of email addresses to be used in their spam marketing campaigns, they also managed to spam messages to the customers of those companies through their own internal systems which are normally used to send messages to the mailing list subscribers of their clients.
The New York Times quoted Atlanta-based U.S. attorney John Horn as having referred to the incident as “one of the largest reported data breaches in United States history.”
Giang Hoang Vu, 25, plead guilty to a single count of conspiracy to commit computer fraud last month. The 25-year-old is a Vietnamese citizen. He has yet to be sentenced.
Another Vietnamese national, 28-year-old Viet Quoc Nguyen was indicted on a total of 29 counts which included charges of computer fraud as well as wire fraud. He is presently a fugitive of the law.
A 33-year-old Canadian man, David-Manuel Santos Da Silva, has been charged for his alleged role in a money laundering conspiracy after entering into a marketing agreement with the alleged spammers which allowed them to profit from sales generated by their spam.
In order for spammers to generate revenue, they often work with affiliate networks and programs. Some of these networks and programs knowingly participate in these illegitimate activities while others are unaware of the illegal methods of mass communication employed by their affiliates. There are others who work towards combating spammers within their ranks of affiliates by disabling their accounts, holding their illegitimate earnings and so on.
The Canadian, Da Silva, was arrested in Florida last month.
The charges against Vu and Nguyen were brought about back in October of 2012 when the two were indicted, however, their charges were sealed from public view until after the case against Da Silva was filed on Wednesday.
Are you surprised to find that you are just now learning of this massive data breach, years after it took place?
