The world’s biggest spam operation has been exposed including a gigantic database of email addresses. Over 1.37 billion email addresses, names, addresses, and IP addresses were included in the database, which was exposed due to an error made during a backup completion. The company responsible for the operation is the email marketing firm River City Media – a legitimate email marketing company that employs some decidedly inappropriate email marketing practices.
According to MacKeeper security experts, the company responsible for the huge spamming campaigns were sending up to one billion spam email messages every day. However, following the leak, life is likely to get a lot more difficult for the email marketing firm. Its whole infrastructure has now been included on the spamming blacklist maintained by Spamhaus: The world leader in giving up to date threat intelligence on email spam and related spamming activity.
The company did not set up their Rsync backups correctly, resulting in those backups being available online without any requirement for a password. The database was found by MacKeeper security researcher Chris Vickery.
The discovery of such a large database is ground breaking news. it has even provoked a reaction from the Indian government, which felt it necessary to explain that it was not the source of the leak. The Indian government’s federal ID system is one of a very small number of databases that included that number of records.
The amount of records in the database is so massive that almost everyone that uses email would either be on the list or be familiar with someone that is.
According to Vickery, there are a number of methods used, although he said “credit checks, education opportunities, and sweepstakes,” are usually used to obtain the email addresses, as are legitimate marketing campaigns from large brands. Users divulge their email addresses during these campaigns in order to be sent a free gift, special offer, or an online service. Hidden away in the terms and conditions, which few people consider, is confirmation that the information collected will be sent to marketing partners. Those marketing partners then send addresses to their partners, and their partners’ partners, and so on. Soon, the email addresses will be made available to a great deal of hackers.
When hackers use those addresses, there is a good chance that the domains used for sending the marketing messages will be blocked. To get around this, firms such as RCM use warm up accounts to share out their campaigns.
New campaigns will be shared to the warm up accounts, and as long as they do not generate complaints, the sender of the emails will be marked as a good sender. With a good reputation, the hackers will be able to scale up their operation and send out billions of messages. If at any time the messages begin to be rejected or complaints start to be received, the domain is dropped and the process begins again. By using this tactic, RCM is able to bypass spam filtering controls and continue to send messages.
