Two Arrested After ‘Largest Ever’ Data Breach

Three men have been charged with what is being described by authorities as “one of the largest reported data breaches in US history.”

The men are said to have made “millions of dollars” after they reportedly hacked in systems belonging to email providers in the US and stole one billion addresses.

Data Breach

Two of the three men are Vietnamese citizens living in Holland, whilst the third is a Canadian. According to the Department of Justice, the mean hacked into email service providers throughout the United States.

One of the defendants has already pleaded guilty.

The Canadian has been charged for conspiring to launder the proceeds obtained as a result of the massive data breach.

“These men operating from Vietnam, the Netherlands, and Canada are accused of carrying out the largest data breach of names and email addresses in the history of the Internet,” said Assistant Attorney General Caldwell. “The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers.”

“This case reflects the cutting-edge problems posed by today’s cybercrime cases, where the hackers didn’t target just a single company; they infiltrated most of the country’s email distribution firms,” said Acting US Attorney Horn.

“And the scope of the intrusion is unnerving, in that the hackers didn’t stop after stealing the companies’ proprietary data they then hijacked the companies’ own distribution platforms to send out bulk emails and reaped the profits from email traffic directed to specific websites,” Horn added.

Spam Service

It is alleged that between February 2009 and June 2012, 28 year old Viet Quoc Nguyen, hacked into at least eight email service providers (ESPs) throughout the United States and stole confidential information, including proprietary marketing data containing over one billion email addresses. Nguyen, along with Giang Hoang Vu, 25, then allegedly used the data to send “spam” to tens of millions of email recipients.

Meanwhile David-Manuel Santos Da Silva, 33, of Montreal, Canada, has been charged for conspiracy to commit money laundering for helping Nguyen and Vu to generate revenue from the “spam” and launder the proceeds. Da Silv co-owns a comapny that ran Marketbay.com, and which apparently entered into an affiliate marketing arrangement with Nguyen that allowed the defendants to generate revenue from the computer intrusions and data thefts.

As an affiliate marketer, Nguyen allegedly received a commission on sales generated from Internet traffic that he directed to websites promoting specific products. Nguyen allegedly used the information stolen from the ESPs to send “spam” emails to tens of millions of customers and provided hyperlinks to allow the purchase of the products. These products were marketed by Da Silva’s Marketbay.com.

According to the US authorities, Nguyen and Da Silva received approximately $2m (£1.34m) for the sale of products derived from Nguyen’s affiliate marketing activities.

Vu had been arrested by Dutch police in 2012 and extradited to the United States in March last year. He pleaded guilty to conspiracy to commit computer fraud last month. Da Silva was arrested at Ft. Lauderdale International Airport last month.

The chief culprit, Nguyen, however remains at large.

“As with many cases of cyber theft, the initial breach was not identified in this case, and this allowed further access to systems (the company’s own distribution platforms),” said Matt White, Senior Manager in KPMG’s Technology practice.

“Putting in place basic precautions can help reduce the extent of harm caused by cyber-attacks, however, time and time again we see companies struggling to control access to their own systems,” White added. “In many cases, there tends to be an overreliance on one person, process or piece of technology to defend vast amounts of data or assets.”

How much do you know about hacking? Take our quiz to find out!