A spammer made full backup of the database with a backup mistake, found out the fact that it has more than 1.3 billion e-mail addresses and sends hundreds of millions of spam a day



spamThe spammer (spammer) sending inadvertently released the database. From the database, user information including more than 1.3 billion e-mail addresses and names was found, and 1 billion billions of spam e-mails are being sent a day, revealing the actual condition of spammers bad behavior.

Spammergate: The Fall of an Empire - Blog - MacKeeper
https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire

Spammers expose their entire operation through bad backups | CSO Online
http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-through-bad-backups.html

Spammers who inadvertently released databases are "River City Media (RCM)"Marketing company called. Oppositely, it is the main task of corporate marketing support, but the actual situation is the world's largest spammer.

The team of MacKeeper and collaborator Chris Vickery, a security company focusing on Mac OS, found that the database of RCM was published in January 2017. According to Mr. Vickery, RCM was left unattended with Rsync's mistake during backup work, with the password locked down and was left unattended for nearly a month. Mr. Vickery found this from the database of RCM, Hipchat log, domain registration record, detailed accounting information, business plan, script, business partner information, and 1.34 billion email addresses and names We succeeded in obtaining personal information including.

In addition, from the log of the chat application Hipchat, RCM Alvin Slocombe noticed strange in early February 2017, and 12 members suspected that the company is being hacked "may possibly have saved information in the past I am sending a message saying "I want to change all passwords". After that, I noticed that the hack was done, but I noticed that the backup was made public, but it was a late festival.

Personal information of more than 1.3 billion users found from RCM's database contained information such as actual mail address, name, IP address, address, site domain that was accessed. Mr. Vickery is progressing the analysis on the truth of information, but the situation is that work has not been completed in too much quantity. However, since some information has determined that RCM owned data is related to some kind of criminal acts, information is conveyed to companies such as Microsoft and Yahoo.com that are expected to be affected by stored data, and information on law enforcement agencies He said that he reported to. Of course, he does not have direct contact with RCM, he says.


Also, the fact that RCM got a lot of reward by sending spam from saved document has been found out. Described in the following documents that the spam attack targeting 18 million Gmail users and 15 million AOL users had earned about 36,000 dollars a day (about 4,100,000 yen) a day. It has been revealed the fact that RCM was spiraling.


Although it is known that RCM was sending billions of spam mails a day at the same time, how to send massive amounts of e-mails that are not ordinary, such as from logs, screen shots, etc. I already know. Normally, if you try to send a large amount of mail at once, it will be shut out from the receiving side. Therefore, RCM was using technology to attempt as many connections as possible with the mail server in order to distribute and send mail as much as possible. Furthermore, for example, in the case of Gmail, using a method aimed at a hole in the system, such as sending suddenly as much mail as possible aiming for the Gmail server detecting the spamming just before the connection is ready to abandon the connection It is clear that it is.


In addition, RCM created a dummy account called warm-up account in Gmail, AOL, Hotmail, Yahoo mail, etc., and first sent spam to this warm-up account and received it. Since this warm-up account does not conduct spam reporting etc., I also know that by having the mail service provider certify spammer RCM as "good sender", we avoided receiving spammer judgment.

Mr. Vickery already reported suspicion of illegal conduct by RCM to the law enforcement agency, and there is a possibility that the fullness of the act of RCM will be elucidated from now on. It is interesting to see how RCM, considered one of the world's leading spammers sending spam using 1.3 billion user data, will stop serving, thereby reducing the amount of spam e-mail globally.

in Software,   Web Service,   Security, Posted by darkhorse_log