1.4bn Emails Exposed As Huge Spam Operation Fails To Password Protect Documents

A database of 1.4 billion email accounts has seemingly been exposed on the web and its contents have also appeared to suggest a marketing agency deliberately exploited vulnerable email services, including Gmail, to send up to one billion items of spam a day.

MacKeeper Security researcher Chris Vickery came across a “suspicious” but exposed collection of files that were not password protected, and  discovered it belonged to an organisation called River City Media (RCM).

The documents not only revealed the vast number of email accounts but also IP addresses and even physical addresses.

Spammergate

“Chances are that you, or at least someone you know, is affected,” noted Vickery, who said RCM posed as a legitimate marketing agency led by “known spammers” Alvin Slocombe and Matt Ferris.

Upon inspection of the chat logs, Vickery saw the perpetators admitted to targeting vulnerable servers using a type of ‘slowloris’ attack.

This involved the spammers configuring their own systems to send packets at a slow rate while requesting more connections before sending through a large quantity of emails before the receiving server blocked the sender.

Spamhaus has now blocked the entire of the RCM infrastructure, potentially bringing down a huge spam network, while Microsoft, Apple and others have been informed of other methods used by RCM.

As for how the database was collected, Vickery speculates it was partly compiled by users ticking ‘I agree’ boxes on web forms that give permission for a company “and its affiliates” to send marketing emails. In this case, one of the affiliates was RCM.

Implications

“The natural response is to question whether the data set is real,” added Vickery. “That was my initial reaction. I’m still struggling with the best software solution to handle such a voluminous collection, but I have looked up several people that I know and the entries are accurate.

“The only saving grace is that some are outdated by a few years and the subject no longer lives at the same location.

“Details of the even more abusive scripts and techniques have been forwarded on to Microsoft, Apple, and others. Law enforcement have also been notified and, while we are prohibited from saying too much, they are indeed interested in the matter.”

Other security industry figures have speculated the attack could be the result of a misconfigured MongoDB, given Vickery’s expertise on unsecured databases.

“Open source continues to be a critical source of innovation to many organisations,” suggested Paul Calatayud, CTO FireMon. “In this case, being used for motivations not so noble, the lesson to be learned here is that Mongo DB continues to be an easy exploit.”

Other said the discovery is a “rare window” into how mass spam campaigns operate.

“RCM’s apparent admission that they ran denial of service attacks against Gmail servers to trick them into accepting spam is very serious,” added Chris Doman, a security researcher at AlienVault. “They are talking about risking the stability of some of the internet’s core mail servers for profit. It’s bizarre these admissions are coming from chat logs that RCM themselves accidentally leaked.”

Quiz: Cybersecurity in 2016

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Microsoft Executive Indicates Departmental Hiring Slowdown

Amid concern at the state of the global economy, a senior Microsoft executive tells staff…

1 day ago

Shareholders Sue Twitter, Elon Musk For Stock ‘Manipulation’

Disgruntled shareholders are now suing both Twitter and Elon Musk, over volatile share price swings…

1 day ago

Google Faces Second UK Probe Over Ad Practices

UK's competition watchdog launches second investigation of Google's ad tech practices, and whether it may…

1 day ago

Elon Musk Raises His Contribution To Twitter Acquisition

But one of Elon Musk's biggest backers on the Twitter board has tendered his resignation…

2 days ago

Broadcom Confirms VMware Acquisition For $61 Billion

Entry into cloud infrastructure software for US chip firm Broadcom after it confirms reports it…

2 days ago