The US Department of Justice (DoJ) has shed light on what it's calling the largest computer security breach in American history – after three men were charged with hacking email hosting firms, stealing email addresses, and then using the businesses' data centers to run a spam operation.
"These men — operating from Vietnam, the Netherlands, and Canada — are accused of carrying out the largest data breach of names and email addresses in the history of the Internet," said Assistant Attorney General Caldwell.
"The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers. This case again demonstrates the resolve of the Department of Justice to bring accused cyber hackers from overseas to face justice in the United States."
The DoJ claims the scam started in 2009 when Viet Quoc Nguyen, 28, a citizen of Vietnam who was living in the Netherlands, hacked into at least eight US email service providers, and stole more than a billion email addresses.
"This case reflects the cutting-edge problems posed by today's cybercrime cases, where the hackers didn't target just a single company; they infiltrated most of the country's email distribution firms," said Acting US Attorney John Horn.
"And the scope of the intrusion is unnerving, in that the hackers didn't stop after stealing the companies' proprietary data—they then hijacked the companies' own distribution platforms to send out bulk emails and reaped the profits from email traffic directed to specific websites."
Nguyen and his Vietnamese coconspirator Giang Hoang Vu, 25, then used the firm's own servers to run a highly profitable three-year spam campaign. The emails linked to products and services offered by Canadian biz Marketbay.com, which paid the two a commission for the traffic, we're told.
David-Manuel Santos Da Silva, 33, of Montreal, Canada, was indicted by a federal grand jury on March 4 for conspiracy to commit money laundering for his part in the alleged scam. Da Silva is the co-owner of 21 Celsius Inc., a Canadian corporation that ran Marketbay.com. Between May 2009 and October 2011, he and Nguyen earned around $2m for the sale of products derived from the spam emails, it's claimed.
Vu has now pleaded guilty to charges of committing computer fraud, and Da Silva is scheduled to be arraigned on Friday after being arrested at Ft. Lauderdale International Airport in February. Nguyen is still at large.
"Large scale and sophisticated international cyber hacking rings are becoming more problematic for both the law enforcement community that is faced with the challenges of identifying them and laying hands on them, but also the Fortune 500 companies that are so often their targets," said the FBI special agent in charge Britt Johnson.
"The federal indictments, apprehensions and extraditions in this case represents several years of hard work as the FBI and its cadre of cyber trained agents and technical experts acted quickly to stop the ongoing damage to the numerous victim companies as a result of these individuals' hacking activities." ®