US Prosecutors have indicted hackers alleged to have stolen over one billion email addresses. These addresses are said to have powered an extensive spam campaign, driving traffic towards the marketing websites of their accomplice. Assistant Attorney General Leslie Caldwell described the crime as:
…the largest data breach of names and e-mail addresses in the history of the Internet.
The accused hackers are Viet Quoc Nguyen and Giang Hoang Vu, both citizens of Vietnam. David-Manuel Santos Da Silva, a citizen of Canada, was charged with conspiring to money launder the proceeds from the crime.
Per U.S. Attorney John Horn, Nguyen is accused of hacking at least eight American email service providers between 2009 and 2012. Horn went on to say:
The scope of the intrusion is unnerving, in that the hackers didn’t stop after stealing the companies’ proprietary data — they then hijacked the companies’ own distribution platforms to send out bulk e-mails.
Nguyen allegedly hacked the email service providers’ computer databases and, in conjunction with Vu, used his unauthorized access to send email spam to tens of millions of recipients. Various methods were used to gain access. In some instances Nguyen allegedly directed email phishing campaigns at employees of the email providers. The malware in the phishing emails allegedly gave Nguyen backdoor access to employee computers, allowing him to steal access credentials for their employer’s systems. Nguyen then downloaded data from the email providers to his server in the Netherlands.
Vu was arrested by Dutch law enforcement in Deventer, Netherlands, in 2012 and extradited to the United States in March 2014. He pleaded guilty to conspiracy to commit computer fraud and is scheduled to be sentenced in April. Viet Quoc Nguyen remains a fugitive.
Da Silva is the co-owner, President and a Director of 21 Celsius Inc, a Canadian corporation that ran a website called Marketbay.com. It is claimed he entered into an affiliate marketing arrangement with Nguyen that allowed revenue to be generated from the computer hacks. As an affiliate marketer, Nguyen allegedly received a commission on sales generated from internet traffic that he directed towards websites associated with Marketbay.com. Nguyen and Da Silva received around USD2mn for the sale of products derived from these affiliate marketing activities. Da Silva was arrested at Ft. Lauderdale International Airport, in Florida, on February 12th of this year.
J. Britt Johnson, Special Agent in Charge, FBI Atlanta Field Office, stated:
Large scale and sophisticated international cyber hacking rings are becoming more problematic for both the law enforcement community that is faced with the challenges of identifying them and laying hands on them, but also the Fortune 500 companies that are so often their targets. The federal indictments, apprehensions, and extradition in this case represents several years of hard work as the FBI and its cadre of cyber trained agents and technical experts acted quickly to stop the ongoing damage to the numerous victim companies as a result of these individuals’ hacking activities.
… [the] investigation targeted not only the hackers but the businesses that helped monetize the data that was stolen from those victim companies. This case further reflects the productive partnership of the FBI and the U.S. Secret Service in aggressively addressing this 21st century crime problem.