APNIC community folks may also be interested in this news, as a warning about serious consequences for IP address hijacking, at least in the USA.
All the best, Paul. ________________________________________________________________________ Paul Wilson, Director-General, APNIC [email protected] http://www.apnic.net @apnicdg Forwarded message: > Begin forwarded message: > > Spammers Plead Guilty, Company Forfeits $4.9 Million > > NEWS RELEASE SUMMARYgg – June 10, 2022 > SAN DIEGO – Three employees of the affiliate marketing platform Amobee > pleaded guilty in federal court today to hijacking Internet Protocol (IP) > addresses to send unsolicited commercial email messages, commonly known as > “spam.” > > The three employees, Jacob Bychak, Mark Manoogian, and Abdul Mohammed Qayyum, > joined Daniel Dye and Vincent Tarney in pleading guilty to violating the > federal CAN-SPAM statute for their involvement in misusing the stolen IP > addresses to send spam. > > The defendants’ employer, formerly known as both Adconion Direct Inc. and > Frontline Direct (hereafter, “Adconion”), previously agreed to forfeit > $4,939,526 as the fraudulent proceeds of a wire fraud conspiracy in which its > employees hijacked more than 500,000 IP addresses to send over 10 billion > commercial emails to people in the United States and elsewhere. > > IP addresses are the beginning and ending points for sending data via the > internet. A discrete bundle of IP addresses in numeric order is known as a > range or block. In this case, the defendants pleaded guilty to using > fraudulent Letters of Authorization (“LOAs”) to take control of large blocks > of IP addresses registered to eleven different entities without the > registrants’ knowledge or consent. As part of the fraudulent scheme, the > defendants used email accounts set up to impersonate the IP blocks’ true > registrants. In particular, the defendants used and created email addresses > with the true registrants’ domain name (e.g., ect.net) to impersonate real > and fictitious employees. They then emailed the fraudulent LOAs, which were > written on fake letterheads and included forged signatures, from these > imposter email accounts to various Internet hosting companies to falsely > represent to the hosting companies that the true registrants authorized them > to use the IP addresses. > > All the IP blocks hijacked by the defendants were IPv4 addresses. Demand for > a finite number of IPv4 addresses available has driven up their value over > time. Between December 2010 and September 2014, when the defendants’ conduct > occurred, a block of 65,534 IP addresses, referred to as a Class B block, was > worth approximately $650,000. Today, it is worth as much as $3.3 million. > Internet Service Providers like Yahoo and Google routinely employ filters to > block spam from reaching a recipient’s inbox. Once an IP address is > associated with spam, the filters typically block messages sent from that IP > address. Spammers need a constant supply of fresh unblocked IP addresses to > deliver the unwanted commercial email. > > The defendants’ jobs with Adconion were to acquire fresh IP addresses and > employ other measures to circumvent the spam filters. To conceal Adconion’s > ties to the stolen IP addresses and the spam sent from these IP addresses, > the defendants used a host of DBAs, virtual addresses, and fake names > provided by the company. While defendants touted ties to well-known name > brands, the email marketing campaigns associated with the hijacked IP > addresses included advertisements such as “BigBeautifulWomen,” “iPhone4S > Promos,” and “LatinLove[Cost-per-Click].” > > Today’s guilty pleas arise from an October 2018 indictment for which trial > began on May 23, 2022. Following opening statements, the trial was > interrupted by the recent COVID surge and had yet to resume. In exchange for > misdemeanor pleas, the defendants have each agreed to admit their involvement > in the scheme, to undertake 100 hours of community service, and to pay a > maximum $100,000 fine. > > This case was investigated by the Federal Bureau of Investigation with > assistance provided by the Internal Revenue Service and the Department of > Justice’s Computer Crime and Intellectual Property Section. > > “The defendants generated millions of dollars for their company by > high-jacking hundreds of thousands of IP addresses, enabling them to > illegally inundate consumers with over 10 billion email ads,” said U.S. > Attorney Randy Grossman. ““This case was the first in the nation to charge > violations of the CAN-SPAM Act’s provision against using hijacked IP > addresses to send spam. We are committed to using all the tools at our > disposal to protect the internet and everyone who depends on it.” Grossman > thanked the prosecution team as well as the investigating agencies, the > American Registry of Internet Numbers, Yahoo, The Spamhaus Project, and The > National Cyber-Forensics and Training Alliance. > > “These defendants spent years illegally sending billions of spam emails > nationwide which made millions of dollars,” said FBI Special Agent in Charge > Stacey Moy. “The FBI remains committed to pursuing these criminal > conspiracies, no matter how long it takes, and holding them accountable in a > court of law. I want to thank the United States Attorney’s Office for their > ongoing support and partnership in bringing this case to an end.” > > The defendants are scheduled to be sentenced on October 3, 2022, at 10:30 > a.m. before U.S. District Judge Gonzalo P. Curiel. > > DEFENDANTS Case Number > 18cr4683-GPC > Jacob Bychak Age: 36 > Carlsbad, CA > Mark Manoogian Age: 39 > Carlsbad, CA > Abdul Mohammed Qayyum Age: 40 Oceanside, > CA > > SUMMARY OF CHARGES > > CAN-SPAM – Title 18, U.S.C., Section 1037(a)(5) and (b)(3) > Maximum penalty: One year in custody and $100,000 fine > > AGENCIES > > Federal Bureau of Investigation > Internal Revenue Service > > > Kelly Thornton > Director of Media Relations > U.S. Attorney’s Office > Southern District of California > 619.546.9726 > Follow us on Twitter @SDCAnews > _______________________________________________ > ARIN-PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List ([email protected]). > Unsubscribe or manage your mailing list subscription at: > https://lists.arin.net/mailman/listinfo/arin-ppml > Please contact [email protected] if you experience any issues.
smime.p7s
Description: S/MIME digital signature
_______________________________________________ sig-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
