On 5th March, unsealed against two Vietnamese citizens who resided in the Netherlands, for their roles in hacking email service providers throughout the United States.The guilty plea of one of the defendants was also unsealed at the same time. In addition, a federal grand jury returned an indictment this week against a Canadian citizen for conspiring to launder the proceeds obtained as a result of the massive data breach
According to US Department of Justice, Viet Quoc Nguyen and Giang Hoang Vu hacked into eight separate email providers in the US between 2009 and 2012. The DoJ said they used this access to steal more than one billion email addresses in what it said was the "largest" data breach in US history.
“These men — operating from Vietnam, the Netherlands, and Canada — are accused of carrying out the largest data breach of names and email addresses in the history of the Internet,” said Assistant Attorney General Caldwell.
“The defendants allegedly made millions of dollars by stealing over a billion email addresses from email service providers. This case again demonstrates the resolve of the Department of Justice to bring accused cyber hackers from overseas to face justice in the United States.”
The DoJ also alleges that the pair used their access to the internal systems of the email providers to help them despatch junk messages to tens of millions of people. The trade earned them millions of dollars from spam and from websites that paid to have traffic directed to them via junk mail, said the DoJ.
Some of the spam sent sought to make people pay for software they could get free elsewhere.
Vu was extradited to the US from Holland in 2014 and has pleaded guilty to committing computer fraud. He is due to be sentenced next month. Nguyen remains a fugitive, said the DoJ.
According to allegations in the indictments, between February 2009 and June 2012, Viet Quoc Nguyen, 28, a citizen of Vietnam, allegedly hacked into at least eight email service providers (ESPs) throughout the United States and stole confidential information, including proprietary marketing data containing over one billion email addresses.
Nguyen, along with Giang Hoang Vu, 25, also a citizen of Vietnam, then allegedly used the data to send “spam” to tens of millions of email recipients. The data breach was the largest in U.S. history and was the subject of a Congressional inquiry in June 2011.
David-Manuel Santos Da Silva, 33, of Montreal, Canada, was also indicted by a federal grand jury on March 4, 2015, for conspiracy to commit money laundering for helping Nguyen and Vu to generate revenue from the “spam” and launder the proceeds.
According to allegations in the indictments, Da Silva, the co-owner, president and a director of 21 Celsius Inc., a Canadian corporation that ran Marketbay.com, entered into an affiliate marketing arrangement with Nguyen that allowed the defendants to generate revenue from the computer intrusions and data thefts.
As an affiliate marketer, Nguyen allegedly received a commission on sales generated from Internet traffic that he directed to websites promoting specific products. Nguyen allegedly used the information stolen from the ESPs to send “spam” emails to tens of millions of customers and provided hyperlinks to allow the purchase of the products. These products were marketed by Da Silva’s Marketbay.com.
Between approximately May 2009 and October 2011, Nguyen and Da Silva received approximately $2 million for the sale of products derived from Nguyen’s affiliate marketing activities.
Vu was arrested by Dutch law enforcement in Deventer, Netherlands, in 2012 and extradited to the United States in March 2014. On Feb. 5, 2015, Vu pleaded guilty to conspiracy to commit computer fraud. He is scheduled to be sentenced on April 21, 2015, before U.S. District Judge Timothy C. Batten Sr. of the Northern District of Georgia. Nguyen is a fugitive.
Da Silva was arrested based upon charges set forth in a criminal complaint at Ft. Lauderdale International Airport on Feb. 12, 2015, and is scheduled to be arraigned today in Atlanta before Magistrate Judge E. Clayton Scofield III.
The charges contained in an indictment are merely accusations, and defendants are presumed innocent unless and until proven guilty.
This case is being investigated by the FBI with the assistance of the USSS and IRS-CI. Law enforcement in the Netherlands and the Criminal Division’s Office of International Affairs also provided valuable assistance. This case is being prosecuted by Trial Attorney Peter Roman of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Steven D. Grimberg of the Northern District of Georgia.
