David-Manuel Santos Da Silva, Viet Quoc Nguyen, and Giang Hoang Vu have been charged with offenses relating to what Assistant Attorney General Leslie R Caldwell described as “the largest data breach of names and e-mail addresses in the history of the Internet”.
Nguyen and Vu, “both citizens of Vietnam, who resided for a period in the Netherlands”, provided the technical side of the operation, while Da Silva, a citizen of Canada, laundered the proceeds of the hacking offences through his website, Marketbay.com. The trio garnered some $2 million in revenue.
More than a billion email addresses stolen
Nguyen allegedly hacked into at least eight email service providers (ESPs) in the US using various methods, including phishing campaigns that installed malware, allowing him to steal information that included over a billion email addresses. Then, in conjunction with Vu, he launched spam attacks on tens of millions of email addresses.
Assistant Attorney General Caldwell explained: “This case again demonstrates the resolve of the Department of Justice to bring accused cyber hackers from overseas to face justice in the United States.”
The threat of phishing
Spreading malware via phishing emails is one of the most common means of attack used by cyber criminals. CYREN’s recently released 2015 Cyberthreat Yearbook found that there was a 233% rise in the number of phishing emails from 2013 to 2014.
Organizations should ensure that their staff are properly trained to recognize phishing scams, and exercise caution when clicking links in unsolicited messages.
IT Governance’s Employee Phishing Vulnerability Assessment will identify potential vulnerabilities among your employees and provide recommendations to improve your security, giving you a broad understanding of how you are at risk and what you need to do to address these risks.