Two indicted for stealing 1B email addresses in historic breach

The Vietnamese defendants are accused of using stolen email addresses for a spamming operation

Hacker

Two Vietnamese men have been indicted, with one pleading guilty, for hacking into eight U.S. email service providers and stealing 1 billion email addresses and other confidential information, resulting in what's believed to be the largest data breach in U.S. history, the U.S. Department of Justice announced.

The attacks, running from February 2009 to June 2012, resulted in the largest data breach of names and email addresses "in the history of the Internet," Assistant Attorney General Leslie Caldwell said in a statement. After stealing the email addresses, the defendants sent spam emails to tens of millions of users, generating US$2 million in sales, according to the DOJ.

Viet Quoc Nguyen, 28, of Vietnam, allegedly hacked into the email service providers, stealing proprietary marketing data containing more than 1 billion email addresses, the DOJ said. Nguyen, along with Giang Hoang Vu, 25, also of Vietnam, then allegedly used the data to send spam messages, the agency alleged.

The indictments of the two men were unsealed Thursday. On Feb. 5, Vu pleaded guilty in U.S. District Court for the Northern District of Georgia to conspiracy to commit computer fraud.

Vu was arrested by Dutch law enforcement in 2012 and extradited to the U.S. a year ago. He is scheduled to be sentenced on April 21. Nguyen remains at large.

In addition to the unsealing of the indictments, a federal grand jury returned an indictment this week against a Canadian citizen for conspiring to launder the proceeds obtained as a result of the massive data breach.

David-Manuel Santos Da Silva, 33, of Montreal, was indicted for conspiracy to commit money laundering for helping Nguyen and Vu to generate revenue from the spam emails and launder the proceeds.

Da Silva was co-owner of 21 Celsius, a Canadian corporation that ran e-commerce site Marketbay.com, according to court documents. Da Sliva allegedly entered into an affiliate marketing arrangement with Nguyen that allowed the defendants to generate revenue from the alleged data thefts.

Nguyen allegedly received a commission on sales generated from Internet traffic that he directed, from his spam email, to websites selling products.

Nguyen and Da Silva made approximately $2 million for the sale of products derived from Nguyen's affiliate marketing activities between May 2009 and October 2011, the DOJ said.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.