The self-proclaimed spam king of the Internet, Sam “Spamford” Wallace, was ordered to pay Facebook $711 million in civil damages for slinging spam on the social networking site. Wallace allegedly accessed Facebook accounts without obtaining permission, and used them to make bogus wall posts and spam the account holders’ friends. Those actions run afoul of the CAN-SPAM Act of 2003, which sets guidelines for commercial e-mails, which are enforced by the Federal Trade Commission (FTC) [PC World]. The judge also referred Wallace to the U.S. Attorney’s Office with a request that he be prosecuted for criminal contempt, which means he could actually face jail time if convicted.
If you’ve ever received an unsolicited email (and who hasn’t), chances are good that it came from Wallace’s company, Cyber Promotions, which was once the largest source of spam. So not surprisingly, this isn’t the first time Spamford has run afoul of the law. In May, 2008, MySpace won a $230 million judgment against Wallace for sending junk messages. Wallace was also fined $4 million by the Federal Trade Commission in 2006 for his excessive pop-up ads [CNN]. Officials at Facebook said they don’t expect to see much of the $711 million, seeing as how Wallace is bankrupt and may soon have to send out his spam as hand written letters from behind bars.
Related Content:
80beats: Happy 40th Birthday, Internet! (Um, Again.)
80beats: Twitter Security Breach Reveals Confidential Company Documents
80beats: Attack That Took Down Twitter May’ve Been Aimed at Just One Blogger
Image: flickr / benstein
The 28-year-old hacker Albert Gonzalez who stole credit and debit card numbers from millions of people pleaded guilty on Friday to 19 counts of conspiracy, fraud, and aggravated identity theft. Gonzalez, also known by his handles “Soupnazi” and “Segvec,” reached a deal with the federal government on charges brought against him in Massachusetts and New York, where he and his co-conspirators stole more than 40 million card numbers from retailers like T.J. Maxx and Barnes & Noble. Gonzalez and his co-conspirators sold the numbers to others for fraudulent use and engaged in ATM fraud by encoding the data on the magnetic stripes of blank cards and withdrawing tens of thousands of dollars at a time from ATMs [PC World], according to the Department of Justice.
Gonzalez faces a prison sentence of 15 to 25 years in Massachusetts and a maximum sentence of 20 years in New York, but based on the terms of his plea agreements the sentences will be served concurrently. Gonzalez also agreed to pay restitution for the loss suffered by his victims, and to forfeit more than $2.7 million, plus real estate, a 2006 BMW, a Tiffany diamond ring and Rolex watches, the DOJ said. Included in the forfeited currency is more than $1 million in cash, which Gonzalez had buried in a container in his backyard [PC World]. He’ll be sentenced in December for the Massachusetts and New York cases, but that’s far from the end of his legal troubles.
(more…)
A 28-year-old hacker has been charged in what federal prosecutors are calling the largest case of identity theft ever seen. The man, Albert Gonzalez, worked with two unnamed Russian conspirators to run wild through the computer networks of a handful of prominent corporations, including 7-Eleven, the supermarket chain Hannaford Brothers, and the payment processor Heartland Payment Center. The size of the heist—130 million credit and debit card numbers, according to prosecutors—have many people wondering: How exactly is such a massive theft carried out?
The Justice Department’s indictment (pdf) describes how Gonzales (a.k.a. “segvec” and “soupnazi,” among other aliases) and his co-conspirators pulled it off. They began the job by scanning lists of Fortune 500 companies for likely targets, and then visited retail outlets to scope out the payment systems used at checkout counters and to look for vulnerabilities. Then they would write specific codes to corrupt their data systems and launch a virus from computers in the United States and Europe to pull hundreds and thousands of credit card numbers, and sort through them using a “sniffer,” which is basically a data analysis system that decodes big chunks of information [The Atlantic].
(more…)
The cyber-attack that temporarily disabled Twitter and compromised Facebook and LiveJournal was politically motivated and was directed at a pro-Georgian blogger called Cyxymu, says a representative from Facebook.
The attack, which paralyzed Twitter for two hours and “degraded” service on Facebook, was one known as a distributed denial of service attack. This technique uses a network of tens of thousands of compromised computers, known as a “botnet”, to flood a website’s servers with page view requests, leaving legitimate traffic unable to get through. This huge amount of connection requests can quickly overwhelm a server and, in some cases, cause an entire website to crash [Telegraph]. It seems Twitter, a relatively new service with a U.S.-based infrastructure, couldn’t handle the surge in traffic, while Facebook and Google, which have many key services located internationally, were better-prepared for it.
It has not been confirmed who perpetrated the attack, but the blogger says he believes it could have been an attempt by the Russian government to squelch his criticism of over Russia’s conduct in the war over the disputed South Ossetia region, which began a year ago today. “Maybe it was carried out by ordinary hackers but I’m certain the order came from the Russian government” [Guardian], the blogger said. Such a widespread attack, some believe, would only be possible if the coordinator of the attack had access to significant resources.
(more…)
A French hacker broke into the email accounts of Twitter executives and employees, and now the cyber snoop is leaking business and personal info about company leaders to TechCrunch, an American blog, and Korben, a French blog. The hacker reportedly guessed passwords and gained access to several Gmail accounts, as well as accounts with Google Docs, PayPal, and other services.
TechCrunch received a compressed zip file of 310 confidential documents, including a complete Twitter employee list and salary information; food preferences of Twitter employees; confidential contracts with companies such as Nokia, Samsung, Dell, AOL, Microsoft, and others; a contact list of notable Web and entertainment personalities; meeting reports; [and] applicant resumes [PC World]. Now it’s up to the site to decide what information to publish. Thus far, TechCrunch has decided not to release anything that is personally embarrassing. Still, under the philosophy “News is what somebody somewhere wants to suppress; all the rest is advertising,” the site will release documents it considers relevant to the company. These include notes from executive meetings, the original pitch for a Twitter TV show, and certain company financial information.
(more…)
A bold and sophisticated cyber attack that began last weekend took down government Web sites in both the United States and South Korea, and South Korean officials have blamed their neighbors to the north for the onslaught. South Korea’s National Intelligence Service, the nation’s main spy agency, told a group of South Korean lawmakers Wednesday it believes that North Korea or North Korean sympathizers in the South “were behind” the attacks [AP].
The attack, which began on July 4, brought down the Web sites of U.S. agencies like the Treasury Department, the Secret Service, and the Federal Trade Commission, with some of the problems lasting for days. In South Korea, an attack that began Tuesday crashed sites belonging to the presidential Blue House and the Defense Ministry, among others. In both countries, the cyber strike also targeted a few large commercial Web sites. “This is not a simple attack by an individual hacker, but appears to be thoroughly planned and executed by a specific organization or on a state level,” the National Intelligence Service said in a statement [The New York Times].
(more…)
Were you born after 1988 in a small state? If so, researchers would have a particularly good chance of figuring out your Social Security number. In a new study, researchers used publicly available data, including an individual’s place and date of birth, to guess the Social Security number that would have been assigned to that person. And the study’s authors say that cyber-crooks could use similar techniques for identity theft. “We live in a precarious time, where knowledge of a Social Security number, along with other information about one’s name and date of birth, is sometimes sufficient to impersonate another individual,” said Alessandro Acquisti, the study’s lead author [Bloomberg].
Acquisti’s team shared their results with the federal government, but the Social Security office is downplaying the findings; spokesman Mark Lassiter said there is still no “foolproof” method for predicting Social Security numbers. “The suggestion that Mr. Acquisti has cracked a code for predicting an SSN is a dramatic exaggeration,” Lassiter said via e-mail. However, he added: “For reasons unrelated to this report, the agency has been developing a system to randomly assign SSNs. This system will be in place next year” [AP].
(more…)
Cyber spies have hacked into computers containing information about the U.S. Defense Department’s most expensive weapons program ever: the $300 billion Joint Strike Fighter, a fighter jet also known as F35 Lightning II. The intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft. The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together [The Wall Street Journal].
U.S. officials reportedly traced the hackers back to China, but experts note that it’s extremely difficult to determine the real origin of an online attack, as paths can be disguised and identities masked. Meanwhile, the Chinese Embassy said in a statement that China “opposes and forbids all forms of cyber crimes.” It called the Pentagon’s report “a product of the Cold War mentality” and said the allegations of cyber espionage are “intentionally fabricated to fan up China threat sensations” [The Wall Street Journal].
(more…)
The computer worm known as Conficker that has infected millions of PCs around the world stirred yesterday and raised new fears that the hackers behind the worm are gearing up to cause mischief, but experts say their intentions are still mysterious. The worm went active on April 1, but it didn’t seek to disrupt networks and didn’t harness infected computers to send out waves of spam. The lack of a clear business model for Conficker … had confounded researchers and analysts. In fact, it was one of the reasons why there was so much attention paid to the worm’s new communications scheme activation date: Everyone wondered what it would do on April 1 to monetize the effort spent collecting a massive botnet [Computerworld].
Over the past two days infected machines have begun to download additional software, but so far the results still haven’t been as dire as many experts originally predicted. According to varying reports, some computers are just preparing to run a small-scale scam on their users, while others have adopted an existing email worm that can steal passwords and send spam. The latter function may be more troublesome, some experts say. The consensus within the computer security industry is that although there are now some indications that Conficker’s authors are intent on building a giant spam system, there is no hard evidence. “This is just Step 5 in a thousand-step chess match,” [The New York Times], said security expert Vincent Weafer.
(more…)
Spies have hacked into the U.S. electrical grid and left behind software programs that could allow outside agents to seize control of the grid and disrupt the flow of electricity across the nation, according to a report in The Wall Street Journal.
The spies came from China, Russia and other countries, [national security] officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war. “The Chinese have attempted to map our infrastructure, such as the electrical grid,” said a senior intelligence official. “So have the Russians” [The Wall Street Journal]. While officials say they traced the intrusions back to China, Russia, and other countries, experts say it’s nearly impossible to prove that the hacks were government-sponsored. The Chinese and Russian governments have denied any wrongdoing.
(more…)
The computer worm known as Conficker woke up as expected this morning when calendars flipped to April 1, but fears that millions of infected computers would launch an attack on the world’s cyber-infrastructure have so far proved to be unfounded. Computer security experts have been warning the public for weeks that the Conficker worm was set to try to download commands from a server at an unknown Internet location on [April 1]. There was no certainty about the intent of the program, which could be used to send e-mail spam, distribute malicious software or generate a potentially devastating “denial of service” attack on Web sites or networks [The New York Times].
The worm is thought to have infected 12 million computers worldwide, with the most infections occurring in Asia. But computer experts monitoring the progress of the worm say that while infected computers do appear to be trying to link to control servers, the mysterious hackers behind the virus have yet to give those computers any specific instructions. However, security experts warned that there was no room for complacency…. “We believe the software is geared towards making money. The characteristic of this type of worm is to keep it slow and low, keep it under the radar to slowly maximise profits over the long term” [BBC News], says Vincent Weafer, of the anti-virus firm Symantec.
(more…)
Trees continue to fall due to illegal logging operations in the the Amazon rainforest, and Brazil’s environmental officials have discovered that those logging companies hired not just lumberjacks to get the job done, but also hackers. The hackers went to work in the Brazilian state of Pará, where the local government has launched an online system for issuing permits to logging companies. The system tracks their total output and simply refuses to issues more permits, which are checked when the wood is hauled out in trucks [Ars Technica].
But instead of abiding by the limits on the amount of timber they could haul out of the rainforest, more than 107 companies allegedly hired hackers to access the government records and increase their timber allocations. Andre Muggiati, a Greenpeace official in Brazil, said that “by hacking into the permit system, these companies have made their timber shipments appear legal and compliant with the forest management plans” [Wired News]. The Brazilian government has already arrested more than 30 people involved in the scandal.
(more…)
Sophisticated computer hackers are as big a threat to the United States as weapons of mass destruction and global jihad, argues a new report on cybersecurity. The report, which was produced by the Center for Strategic and International Studies, a Washington think tank, contains recommendations for the incoming Obama administration, and issues a dire assessment of the government’s current efforts to prevent cyberattacks. “America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration that will take office in January 2009,” the report states. Cyber safety is “a battle fought mainly in the shadows. It is a battle we are losing” [DailyTech].
The federal government has been embarrassed in recent years by intrusions into the computer networks of many different agencies, including the Defense, State, Homeland Security, and Commerce departments, the National Aeronautics and Space Administration (NASA), and the National Defense University. An investigation last year by The Washington Post showed that multiple compromises of unclassified computer systems for the Transportation Security Administration and DHS headquarters went unnoticed for months in 2006 because the agency failed to effectively monitor its own networks [Washington Post]. In some cases the breaches have been linked to Chinese computer servers, indicating a possible convergence between hacking and espionage.
(more…)
A pesky computer virus that has popped up on computers around the world has now made the leap into space. NASA announced yesterday that several laptops on board the International Space Station were infected with the virus in July, and also admitted that such infections have happened before.
“This is not the first time we have had a worm or a virus,” NASA spokesman Kelly Humphries said. “It’s not a frequent occurrence, but this isn’t the first time.” … NASA downplayed the news, calling the virus mainly a “nuisance” that was on non-critical space station laptops used for things like e-mail and nutritional experiments [Wired News].
(more…)
Computer experts are investigating the cyberattack that brought down Georgian Web sites during Russia’s invasion of Georgia, and say the assault may mark the first large-scale attempt at “cyber warfare.” As Russian tanks began to roll into Georgia on Friday, millions of extraneous requests — a so-called Distributed Denial of Service (DDoS) attack — took down Georgia’s banking and government sites. [Security expert Graham Cluley says:] “In modern warfare, it’s not unusual to see opposing forces take over TV stations, radios and newspapers. In our century, taking over Internet sites is now part of the same kind of strategy” [Venture Beat].
The attack is similar to an incident in May 2007 when Estonian government Web sites were brought down in response to the government’s plans to move a Russian-installed monument; a 20-year-old Russian hacker was later convicted of organizing that attack. As for who’s responsible for the current online strike against Georgia, the theories range from “some kids who got overexcited” [CNET] to a criminal network directed by the Russian government.
(more…)
