14 DAY TRIAL // US prosecutors indicted three men charged with running spam campaigns using over one billion email addresses stolen from eight email service providers (ESP) in the country; two of them are under arrest, while the third one is on the run.
The operation, which made the subject of a Congressional inquiry in June 2011, is considered to be the largest data breach in the US history, and the fraudsters allegedly made millions of dollars by sending out unsolicited messages that directed the recipients to website related to affiliate marketing activities.
Hacker used ESP distribution platform to send spam
Operating from Vietnam, the Netherlands and Canada, each of the three men had different parts in the scheme, which also included laundering the illegal profits.
Two of them, David-Manuel Santos Da Silva and Giang Hoang Vu, are in custody, the latter pleading guilty on February 5, 2015, to conspiracy to commit computer fraud.
28-year-old Viet Quoc Nguyen (indictment document) from Vietnam is yet to be located and apprehended. He is accused of hacking the ESPs and stealing the email addresses. Together with Vu, 25, he delivered the spam content to millions of recipients.
According to Acting U.S. Attorney John Horn, apart from stealing the data from the companies, the hackers also “hijacked the companies’ own distribution platforms to send out bulk emails.”
Fraudsters make millions in spam campaign
The hacking and spamming activities were carried out between February 2009 and June 2012. The recipients of the messages would be directed to websites that promoted certain products through Da Silva’s corporation, which owned Marketbay.com.
Any sale generated this way would put money into Nguyen’s pockets. The investigators believe that Nguyen and Da Silva (33, of Montreal, Canada) made about $2 / €1.84 million between May 2009 and October 2011 through this scheme. Da Silva (indictment document) was arrested on February 12, 2015.
Catching and indicting the two fraudsters is the result of years of work for the FBI, who in August 2012 was able, in collaboration with Dutch law enforcement, to execute search warrants in the Netherlands, terminating the compromise of the affected email providers.