Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Three Suspects Charged in Theft of 1 Billion Email Addresses

Three individuals were indicted last week for their alleged role in what is said to be one of the largest data breaches in U.S. history. The incident even made the subject of a Congressional inquiry in 2011.

Three individuals were indicted last week for their alleged role in what is said to be one of the largest data breaches in U.S. history. The incident even made the subject of a Congressional inquiry in 2011.

Two Vietnamese nationals and a Canadian citizen have been accused of taking part in a money-making scheme that involved 1 billion stolen email addresses and affiliate marketing programs.

According to US authorities, Viet Quoc Nguyen, 28, obtained the email addresses and other confidential information after hacking into the systems of at least eight email service providers in the United States between February 2009 and June 2012. With the aid of Giang Hoang Vu, 25, Nguyen used the addresses to send out spam messages to tens of millions of Internet users.

The Vietnamese citizens made a profit by teaming up with David-Manuel Santos Da Silva, a 33-year-old Canadian who co-owned and operated 21 Celsius Inc., a corporation that ran the website Marketbay.com. Nguyen and Da Silva entered an affiliate marketing agreement in which the former sent out spam emails containing links to products marketed on Marketbay.com. Nguyen earned a commission for the traffic he directed to Da Silva’s websites.

Nguyen and Da Silva are believed to have made roughly $2 million between May 2009 and October 2011 through their operation.

Vu was arrested in the Netherlands in 2012 and extradited to the United States one year ago. He pleaded guilty to conspiracy to commit computer fraud on February 5 and he will be sentenced on April 21. Da Silva was arrested last month at the Fort Lauderdale International Airport. Nguyen is a fugitive, the Department of Justice said.

“This case reflects the cutting-edge problems posed by today’s cybercrime cases, where the hackers didn’t target just a single company; they infiltrated most of the country’s email distribution firms,” stated Acting U.S. Attorney John A. Horn of the Northern District of Georgia. “And the scope of the intrusion is unnerving, in that the hackers didn’t stop after stealing the companies’ proprietary data—they then hijacked the companies’ own distribution platforms to send out bulk emails and reaped the profits from email traffic directed to specific websites.”

The government hasn’t named any of the targeted email service providers, but Brian Krebs reports that one of them is Epsilon, one of the world’s largest permission-based email marketing companies. The Epsilon breach affected numerous major brands, including several financial institutions.

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

CISO Strategy

The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks.

Cybercrime

A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...