U.S. charges three in ring that stole one billion email addresses

Two Vietnamese citizens and a Canadian have been charged with running a massive cyberfraud ring that stole 1 billion email addresses, then sent spam offering knockoff software products, the U.S. Department of Justice said on Friday.

The Justice Department described the hacking spree as "one of the largest" data breaches uncovered in U.S. history. It declined to name the email companies that were victimized, though it appeared that the breaches included a massive 2011 attack on email marketing firm Epsilon.

Security blogger Brian Krebs reported that Epsilon, a unit of Alliance Data Systems Corp, was among the victims. That high-profile 2011 attack was followed by a wave of customer notifications from Epsilon clients, including Citigroup Inc and JPMorgan Chase & Co. (reut.rs/1En1udF)

Krebs noted that the government's press release said the data breach "was the subject of a congressional inquiry and testimony before a U.S House of Representatives subcommittee on June 2, 2011." The House Energy and Commerce Committee held a hearing on that data about breaches at Sony Corp <6758.T) and Epsilon, according to Krebs.

Epsilon representatives could not be reached.

Viet Quoc Nguyen, 28, is charged with hacking at least eight email service providers between February 2009 and June 2012.

The government alleges that Nguyen and Giang Hoang Vu, 25, both Vietnamese citizens, used the stolen email addresses to identify tens of millions of people who they targeted in a spam campaign. The spam emails directed recipients to websites selling software that was falsely branded as Adobe Systems Inc's.

Both men resided in the Netherlands. Vu, who was extradited to the United States in March of last year, pleaded guilty on Thursday to conspiracy to commit computer fraud.

Nguyen remains at large.

The other defendant, Canadian David-Manuel Santos Da Silva, 33, was charged with conspiracy to commit money laundering. He is the co-owner of a company called 21 Celsius Inc, which struck up a marketing arrangement with Nguyen and Vu to generate revenue and launder the proceeds, according to the indictment.

Court documents alleged that Da Silva and Nguyen received about $2 million in commissions from the sale of the software, which they marketed as Adobe Reader 10 for $65 a copy.

Da Silva was arrested at a Florida airport last month and was set to be arraigned on Friday in Atlanta federal court, according to the Justice Department.

Tags

cyberfraud ring, Hacking, Epsilon, spam, United States, Conspiracy, 21 Celsius Inc, Adobe Reader 10

Copyright Thomson Reuters. All rights reserved.