The US Department of Justice has halted what they refer to as the “largest data breach of names and email addresses in the history of the Internet,” arresting two men running an international spam operation. A third is still at large.
A Global Web of Crime
The defendants, who were working from Vietnam, the Netherlands and Canada, allegedly hacked into the servers of at least eight US email service providers in 2009. After stealing over a billion email addresses, they then hijacked the company’s distribution platforms and sent out bulk emails to the addresses they had stolen.
Between May 2009 and October 2011, the operation was said to have earned the trio more than $2 million through the sale of products and services sent through this unsolicited mail. These goods came from a Canadian online business, which paid a set commission for each sale.
A New Kind of Threat
This case highlights the difficulties created by these kinds of crimes, in particular the fact that cyber hackers don’t simply have to target a single company. In this operation, a large majority of the US’s email distribution firms were compromised. This makes it more difficult for the authorities to identify and apprehend the suspects before they do too much damage to the victim companies.
Additionally while the typical heist would stop after the email theft, in this case the hackers went further and manipulated the providers’ servers to continue their spam operation and bring in millions of dollars’ worth of profits.
A Case in Progress
One conspirator, a Vietnamese named Giang Hoang Vu, has pleaded guilty to committing computer fraud while a second, a Canadian called David-Manuel Santos Da Silva, is due to face trail in the near future. A third suspect, another Vietnamese called Viet Quoc Nguyen, is on the run from the authorities.