Hackers Charged With Stealing One Billion Email Addresses

US Prosecutors have indicted hackers alleged to have stolen over one billion email addresses. These addresses are said to have powered an extensive spam campaign, driving traffic towards the marketing websites of their accomplice. Assistant Attorney General Leslie Caldwell described the crime as:

…the largest data breach of names and e-mail addresses in the history of the Internet.

The accused hackers are Viet Quoc Nguyen and Giang Hoang Vu, both citizens of Vietnam. David-Manuel Santos Da Silva, a citizen of Canada, was charged with conspiring to money launder the proceeds from the crime.

Per U.S. Attorney John Horn, Nguyen is accused of hacking at least eight American email service providers between 2009 and 2012. Horn went on to say:

The scope of the intrusion is unnerving, in that the hackers didn’t stop after stealing the companies’ proprietary data — they then hijacked the companies’ own distribution platforms to send out bulk e-mails.

Nguyen allegedly hacked the email service providers’ computer databases and, in conjunction with Vu, used his unauthorized access to send email spam to tens of millions of recipients. Various methods were used to gain access. In some instances Nguyen allegedly directed email phishing campaigns at employees of the email providers. The malware in the phishing emails allegedly gave Nguyen backdoor access to employee computers, allowing him to steal access credentials for their employer’s systems. Nguyen then downloaded data from the email providers to his server in the Netherlands.

Vu was arrested by Dutch law enforcement in Deventer, Netherlands, in 2012 and extradited to the United States in March 2014. He pleaded guilty to conspiracy to commit computer fraud and is scheduled to be sentenced in April. Viet Quoc Nguyen remains a fugitive.

Da Silva is the co-owner, President and a Director of 21 Celsius Inc, a Canadian corporation that ran a website called Marketbay.com. It is claimed he entered into an affiliate marketing arrangement with Nguyen that allowed revenue to be generated from the computer hacks. As an affiliate marketer, Nguyen allegedly received a commission on sales generated from internet traffic that he directed towards websites associated with Marketbay.com. Nguyen and Da Silva received around USD2mn for the sale of products derived from these affiliate marketing activities. Da Silva was arrested at Ft. Lauderdale International Airport, in Florida, on February 12th of this year.

J. Britt Johnson, Special Agent in Charge, FBI Atlanta Field Office, stated:

Large scale and sophisticated international cyber hacking rings are becoming more problematic for both the law enforcement community that is faced with the challenges of identifying them and laying hands on them, but also the Fortune 500 companies that are so often their targets. The federal indictments, apprehensions, and extradition in this case represents several years of hard work as the FBI and its cadre of cyber trained agents and technical experts acted quickly to stop the ongoing damage to the numerous victim companies as a result of these individuals’ hacking activities.

… [the] investigation targeted not only the hackers but the businesses that helped monetize the data that was stolen from those victim companies. This case further reflects the productive partnership of the FBI and the U.S. Secret Service in aggressively addressing this 21st century crime problem.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.