Facebook ‘Spam King’ Wallace Pleads Guilty To Criminal Charges

One of the world’s worst spammers has pleaded guilty to illicitly accessing about 500,000 Facebook accounts in order to send 27 million spam messages disguised as messages from friends.

According to prosecutors, Sanford Wallace, of Las Vegas, who has in the past proclaimed himself the “Spam King”, used phishing emails to trick Facebook users into revealing their passwords. He then logged into the accounts and posted spam messages on the profiles of friends of the victims between November 2008 and February 2009.

First criminal charges

He faces three years in prison and a $250,000 (£159,000) fine for charges including email fraud, intentional damage to a computer and criminal contempt when he is sentenced on 7 December in a San Jose federal court.

Wallace’s spamming career predates the Internet, beginning with junk fax campaigns before email was widely used, and he has previously been ordered to pay millions as a result of his online activities, including fines amounting to more than $5m as a result of a spyware extortion scheme for which the US’ Federal Trade Commission (FTC) sued him and co-defendants in 2006, a $230m fine for MySpace spaming activities ordered in 2008 and $711m in damages to be paid to Facebook ordered in October 2009.

The Facebook damages have, however, never been paid due to Wallace’s bankruptcy, declared in 2009, and Wallace has never been convicted of criminal charges until now.

FBI investigation

The current criminal contempt charges were recommended by the presiding judge in the 2009 Facebook case, and led to a 2011 indictment by the US Attorney’s office and a two-year FBI investigation.

That investigation found Wallace had logged into Facebook in April 2009, during a Virgin Airways flight from Las Vegas to New York, one month after being issued with a restraining order making it illegal for him to do so. Wallace maintained a Facebook profile under the name “David Sinful-Saturdays Fredericks” from January to February 2011, according to the FBI.

Aside from his marketing activities, Wallace’s career reportedly includes 2003 appearances as a DJ in New Hampshire nightclubs, under the name DJ MasterWeb, and operating a New Hampshire nightclub called Plum Crazy, which filed for bankruptcy in 2004.

A report earlier this month found that spam levels were declining, but attackers relied increasingly on malicious attachments to infect computers.

Are you a security pro? Try our quiz!