U.S. Charges 3 Men for Data Breach of Epic Proportions
In an indictment unveiled Friday in the U.S. District Court for the Northern District of Georgia, the U.S. Department of Justice charged three men with reaping millions from one of the largest data breaches in the history of the Internet.
The indictment alleges that over a period of more than three years, from February 2009 to June 2012, a Vietnamese citizen named Viet Quoc Nguyen, 28, hacked into eight different e-mail service providers and stole "confidential information, including proprietary marketing data containing over one billion e-mail addresses."
We reached out to a spokesman for the U.S. Attorney's Office for the Northern District of Georgia, who told us that the office is not releasing the names of the affected e-mail service providers at this time.
Millions Generated from Spam
According to the indictment, Nguyen partnered with another Vietnamese citizen, Giang Hoang Vu, 25, to use the stolen addresses to send out tens of millions of spam e-mails to recipients around the world.
The e-mails contained links to Web sites promoted by an affiliate marketing program called MarketBay.com, which was owned and operated by a Canadian corporation called 21 Celsius Inc. Montreal resident David-Manuel Santos Da Silva, 33, was behind the company and the affiliate marketing program.
Nguyen and Vu signed up with MarketBay.com as affiliate marketers, which meant that they received commissions on any sales generated through their massive spam promotional efforts. The Justice Department estimates that between 2009 and 2011, the spam sent by Nguyen generated roughly $2 million in sales on the MarketBay.com Web site.
Dutch investigators arrested Vu in 2012 and he was extradited to the United States in March 2014. He plead guilty to conspiracy to commit computer fraud on February 5. Da Silva was apprehended at the Ft. Lauderdale International Airport on February 12 and arraigned in Atlanta on Friday. Nguyen remains at large and is being actively sought by U.S. and international authorities.
Visitors to the MarketBay.com site now see a simple Web page with the notice: "We have taken the important and unfortunate business decision to shut down our services and discontinue all related products and affiliate program on MarketBay. We are unable to continue offering the level of service that our customers are expecting and it has become impossible to verify all the links and promises posted by our affiliate traffic sites." Affiliates were told that all promotion and subscription services would cease as July 31, 2012.
Worldwide, Multi-Agency Investigation
Reflecting the nature of contemporary criminal activity, the investigation leading to Friday's arraignment involved a number of U.S. agencies and nations around the world.
“Our success in this case and other similar investigations is a result of our close work with our law enforcement partners,” said Special Agent in Charge Reginald Moore. “The Secret Service worked closely with the Department of Justice and the FBI to share information and resources that ultimately brought these cybercriminals to justice. This case demonstrates there is no such thing as anonymity for those engaging in data theft and fraudulent schemes.”
John Horn, acting U.S. Attorney for the Northern District of Georgia, underscored the challenges posed by cybercriminals, both for investigators and the victims of the crime.
“This case reflects the cutting-edge problems posed by today’s cybercrime cases, where the hackers didn’t target just a single company; they infiltrated most of the country’s e-mail distribution firms,” Horn said. “And the scope of the intrusion is unnerving, in that the hackers didn’t stop after stealing the companies’ proprietary data -- they then hijacked the companies’ own distribution platforms to send out bulk e-mails and reaped the profits from e-mail traffic directed to specific Web sites.”