Two Vietnamese men and a Canadian have been indicted in what prosecutors say is one of the largest email hacking schemes ever. One of the Vietnamese defendants has already pleaded guilty.
“These men — operating from Vietnam, the Netherlands, and Canada — are accused of carrying out the largest data breach of names and email addresses in the history of the Internet,” said Assistant U.S. Attorney General Leslie R. Caldwell. “The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers."
According to allegations in the indictments, between February 2009 and June 2012, Viet Quoc Nguyen, 28, hacked into at least eight email service providers (ESPs) throughout the United States and stole confidential information, including proprietary marketing data containing over one billion email addresses.
Nguyen, along with Giang Hoang Vu, 25, then allegedly used the data to send “spam” to tens of millions of email recipients.
The data breach was the largest in U.S. history and was the subject of a Congressional inquiry in June 2011.
David-Manuel Santos Da Silva, 33, of Montreal, Canada, was also indicted by a federal grand jury for conspiracy to commit money laundering for helping Nguyen and Vu to generate revenue from the “spam” and launder the proceeds.
According to allegations in the indictments, Da Silva, the co-owner, president and a director of 21 Celsius Inc., a Canadian corporation that ran Marketbay.com, entered into an affiliate marketing arrangement with Nguyen that allowed the defendants to generate revenue from the computer intrusions and data thefts.
As an affiliate marketer, Nguyen allegedly received a commission on sales generated from Internet traffic that he directed to websites promoting specific products.
Nguyen allegedly used the information stolen from the ESPs to send “spam” emails to tens of millions of customers and provided hyperlinks to allow the purchase of the products. These products were marketed by Da Silva’s Marketbay.com.
Between approximately May 2009 and October 2011, Nguyen and Da Silva received approximately $2 million for the sale of products derived from Nguyen’s affiliate marketing activities.
“This case reflects the cutting-edge problems posed by today’s cybercrime cases, where the hackers didn’t target just a single company; they infiltrated most of the country’s email distribution firms,” said Acting U.S. Attorney John A. Horn of the Northern District of Georgia. “And the scope of the intrusion is unnerving, in that the hackers didn’t stop after stealing the companies’ proprietary data — they then hijacked the companies’ own distribution platforms to send out bulk emails and reaped the profits from email traffic directed to specific websites.”