Hackers stole 1 billion email addresses in spam scheme: US

Federal authorities have called this one of the largest reported data breaches in US history

Computer hackers stole 1 billion email addresses from US marketing companies in what federal authorities have called one of the largest reported data breaches in US history.

Yesterday, three people were indicted on federal charges after they allegedly netted $2 million in commissions from millions of spam emails that routed recipients to websites selling software and other products.

That means the defendants would have averaged just a fraction of a penny for each of the stolen email addresses. Still, authorities said the case is significant because of the scale of the information stolen.

John Horn, the acting US attorney based in Atlanta, said hackers targeted marketing companies that send bulk emails to customers of their commercial clients. They gained access to the firms' computer systems by sending emails with hidden malware to the marketing companies' employees. The hackers not only stole hundreds of millions of email addresses, Horn said, but they also succeeded in using the marketing firms' own systems to send the hackers' spam messages.

One of the defendants, 25-year-old Vietnamese citizen Giang Hoang Vu, pleaded guilty to a single count of conspiracy to commit computer fraud before a federal judge last month. He has not been sentenced.

A second Vietnamese citizen, 28-year-old Viet Quoc Nguyen, has been indicted on 29 counts including charges of wire fraud and computer fraud. David-Manuel Santos Da Silva, 33, of Montreal, Canada, is charged with taking part in a money-laundering conspiracy.

Prosecutors say he entered into a marketing agreement with the others that enabled them to profit from sales generated by the spam emails.

Officials said Da Silva was arrested in Florida last month. Nguyen remains a fugitive.

US District Court records yesterday did not have a defense attorney listed for Da Silva.

The case is being prosecuted in Georgia because that's where computer servers were located for two of the marketing firms that got hacked. Nguyen and Vu were indicted in October 2012, but those charges were sealed from public view until after the case against Da Silva was filed Wednesday.