The U.S. Attorney’s Office unsealed Thursday a criminal indictment against two Vietnamese citizens for their role in a massive data breach of e-mail offering companies all over the United States.
Viet Quoc Nguyen and Giang Hoang Vu, who resided for a period of time in the Netherlands, are accused of “carrying out the largest data breach of names and e-mail addresses in the history of the Internet,” according to Assistant Attorney General Caldwell.
A federal grand jury also returned an indictment this week against Canadian national David-Manuel Santos Da Silva, who is charged with conspiring with Nguyen and others to money launder the proceeds of Nguyen’s computer hacking offenses, the U.S. Attorney’s Office said in a press release on Friday.
“This case reflects the cutting-edge problems posed by today’s cybercrime cases, where the hackers didn’t target just a single company; they infiltrated most of the country’s e-mail distribution firms,” said Acting U.S. Attorney John Horn.
“And the scope of the intrusion is unnerving, in that the hackers didn’t stop after stealing the companies’ proprietary data—they then hijacked the companies’ own distribution platforms to send out bulk e-mails and reaped the profits from e-mail traffic directed to specific websites.”
Caldwell said the defendants allegedly “made millions of dollars by stealing over a billion e-mail addresses from e-mail service providers.”
Between approximately February 2009 and June 2012, Viet Quoc Nguyen allegedly hacked into at least eight e-mail Service Providers (ESPs) all over the United States, including two ESPs based in the Northern District of Georgia, and stole confidential information, including proprietary marketing data containing over one billion e-mail addresses, according to information presented in court.
e-mail Service Providers are companies that generally offer legitimate e-mail marketing or bulk e-mail services to their clients. Clients hire ESPs to assist with sending bulk e-mails to customers or potential customers who have opted to receive such e-mails.
This is contrast to “spam,” which is a commonly-used term for unsolicited e-mail. ESPs generally take affirmative steps to ensure that their e-mail campaigns are not blocked or classified as “spam” by the recipients’ e-mail programs.
Nguyen allegedly hacked into the ESPs’ computer databases and, in conjunction with Vu, used his unauthorized access to launch spam attacks on tens of millions of e-mail recipients.
The indictment alleges that Nguyen used various methods to gain unauthorized access into the ESPs’ computer databases.
In some instances Nguyen allegedly directed e-mail phishing campaigns at employees of the ESPs, which are fraudulent e-mails designed to resemble e-mails from trustworthy persons or entities, but in fact are designed to trick the recipients into clicking a link on the e-mail.
Nguyen’s phishing campaigns allegedly delivered malware, which allowed him backdoor access to the ESP employees’ computer systems and enabled him to steal sensitive information, including the employees’ access credentials for the ESPs’ computer systems.
Using stolen access credentials, Nguyen was not only able to allegedly steal confidential information by downloading the information from the ESPs’ computer systems to a server that he controlled in the Netherlands, but was also able to utilize the ESPs’ computer systems to launch spam attacks on tens of millions of stolen e-mail addresses.
A federal grand jury returned a 29-count sealed indictment against Nguyen, 28, and Vu, 25, on October 3, 2012. The indictment was unsealed in its entirety for the first time on Friday.
Vu was arrested by Dutch law enforcement in Deventer, Netherlands, in 2012 and extradited to the United States in March 2014. On February 5, 2015, Vu pleaded guilty to conspiracy to commit computer fraud. He is scheduled to be sentenced on April 21, 2015, at 10:00 a.m.
Viet Quoc Nguyen is not in custody and remains a fugitive.
On Wednesday March 4, 2015, David-Manuel Santos Da Silva, 33, of Montreal, Canada, was indicted by a federal grand jury for conspiracy to commit money laundering with Nguyen and others. Da Silva was arrested by criminal complaint at Ft. Lauderdale International Airport, in Florida, on February 12, 2015, and was arraigned Thursday at 3:00 p.m..
How they made $2 million from stolen emails?
It is alleged that Da Silva, the co-owner, President and a Director of 21 Celsius, Inc., a Canadian corporation that ran Marketbay.com, entered into an affiliate marketing arrangement with Nguyen that allowed him to generate revenue from his computer hacks.
As an affiliate marketer, Nguyen allegedly received a commission on sales generated from Internet traffic that he directed to websites promoting specific products.
Nguyen allegedly used his computer hacks into the ESPs to direct “spam” attacks to tens of millions of stolen e-mail addresses.
The unsolicited e-mails received through Nguyen’s and Vu’s spam attacks enticed the recipients by promoting specific products and providing hyperlinks for the recipients to purchase the products. The hyperlinks directed the recipients to one of Nguyen’s affiliate marketing websites associated with Marketbay.com.
Da Silva allegedly knew that Nguyen was spamming to stolen e-mail addresses in order to direct high volumes of Internet traffic to his affiliate marketing websites with Marketbay.com. Da Silva allegedly conspired with Nguyen and others to promote Nguyen’s hacking and spamming activities by providing him with a platform, through Marketbay.com, to generate sales commission from his computer hacks into the ESPs.
Between approximately May 2009 and October 2011, Nguyen and Da Silva received approximately $2 million for the sale of products derived from Nguyen’s affiliate marketing activities.
The case is being investigated by the Federal Bureau of Investigation with the valuable assistance of the United States Secret Service and Internal Revenue Service Criminal Investigation. Law enforcement in the Netherlands also provided valuable assistance.
Đăng ký: VietNam News