It turns out that a spammer makes a full-scale database release due to a backup mistake, has more than 1.3 billion email addresses, sends hundreds of millions of spams a day, and makes a rough profit



The

spammer (spammer) inadvertently published the database. More than 1.3 billion email addresses and user information including names have been found in the database, and 1 billion spam emails are sent daily, revealing the actual state of spammer's wrongdoing.

Spammergate: The Fall of an Empire --Blog --MacKeeper
https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire

Spammers expose their entire operation through bad backups | CSO Online
http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-through-bad-backups.html

The spammer who inadvertently released the database is a marketing company called ' River City Media (RCM) '. Although ostensibly its main business is to support corporate marketing, it is actually one of the largest spammers in the world.

MacKeeper, a security company focused on Mac OS, and a team of collaborators Chris Vickery noticed that the RCM database was released in January 2017. According to Vickery, RCM was left in a state where it was possible to access the database for nearly a month without password lock due to making a mistake in the backup work by Rsync. Upon finding this, Vickery found Hipchat logs, domain registration records, detailed accounting information, business plans, scripts, business partner information, and 1.34 billion email addresses and names from the RCM database. Succeeded in obtaining personal information including.

In addition, from the log of the chat application Hipchat, RCM Alvin Slocombe noticed the incident in early February 2017 and told 12 members who suspected that the company was hacked `` It is possible that information was saved in the past. I know I was sending the message 'Please change all passwords.' After that, I noticed that the backup was released instead of being hacked, but it was a later festival.

The personal information of more than 1.3 billion users found in the RCM database included information such as real email addresses, names, IP addresses, addresses, and site domains visited. Mr. Vickery is proceeding with the analysis of the truth of the information, but the work has not been completed too much. However, since it was determined from some information that the data held by RCM was related to some criminal activity, the information was communicated to companies such as Microsoft and Yahoo.com that are considered to be affected by the stored data, and law enforcement agencies. Reported to. Of course, Vickery says he has no direct contact with RCM.



It is also known that RCM was heavily rewarded for sending spam from stored documents. The following document states that a spam attack targeting 18 million Gmail users and 15 million AOL users earned about $ 36,000 a day. It has been revealed that RCM was making a lot of money with spam.



In addition, it is known that RCM sent billions of spam emails a day, but how to send an unusually large amount of emails from logs and screenshots etc. I already know. Normally, if you try to send a large number of emails at once, you will be locked out from the receiving side. Therefore, RCM used the technology to try as many connections as possible with the mail server in order to distribute and send mail as much as possible. Furthermore, in the case of Gmail, for example, we make full use of methods aimed at holes in the system, such as suddenly sending as much email as possible aiming at the point where the Gmail server that detected spam is ready to abandon the connection. It is clear that



In addition, RCM created a dummy account called a warm-up account in Gmail, AOL, Hotmail, Yahoo mail, etc., and first sent spam to this warm-up account to receive it. We also know that this warm-up account did not report spam, so we were avoiding being spammed by having our email service provider identify the spammer RCM as a 'good sender'.

Mr. Vickery has already reported to law enforcement agencies allegations of illegal activity by RCM, and it is possible that the full picture of RCM's activities will be elucidated in the future. It is interesting to see if RCM, which is considered to be one of the world's leading spammers who used 1.3 billion user data to send spam, will stop its service, reducing the amount of spam mail worldwide.

in Software,   Web Service,   Security, Posted by darkhorse_log