1.4bn Emails Exposed As Huge Spam Operation Fails To Password Protect Documents

A database of 1.4 billion email accounts has seemingly been exposed on the web and its contents have also appeared to suggest a marketing agency deliberately exploited vulnerable email services, including Gmail, to send up to one billion items of spam a day.

MacKeeper Security researcher Chris Vickery came across a “suspicious” but exposed collection of files that were not password protected, and  discovered it belonged to an organisation called River City Media (RCM).

The documents not only revealed the vast number of email accounts but also IP addresses and even physical addresses.

Spammergate

“Chances are that you, or at least someone you know, is affected,” noted Vickery, who said RCM posed as a legitimate marketing agency led by “known spammers” Alvin Slocombe and Matt Ferris.

Upon inspection of the chat logs, Vickery saw the perpetators admitted to targeting vulnerable servers using a type of ‘slowloris’ attack.

This involved the spammers configuring their own systems to send packets at a slow rate while requesting more connections before sending through a large quantity of emails before the receiving server blocked the sender.

Spamhaus has now blocked the entire of the RCM infrastructure, potentially bringing down a huge spam network, while Microsoft, Apple and others have been informed of other methods used by RCM.

As for how the database was collected, Vickery speculates it was partly compiled by users ticking ‘I agree’ boxes on web forms that give permission for a company “and its affiliates” to send marketing emails. In this case, one of the affiliates was RCM.

Implications

“The natural response is to question whether the data set is real,” added Vickery. “That was my initial reaction. I’m still struggling with the best software solution to handle such a voluminous collection, but I have looked up several people that I know and the entries are accurate.

“The only saving grace is that some are outdated by a few years and the subject no longer lives at the same location.

“Details of the even more abusive scripts and techniques have been forwarded on to Microsoft, Apple, and others. Law enforcement have also been notified and, while we are prohibited from saying too much, they are indeed interested in the matter.”

Other security industry figures have speculated the attack could be the result of a misconfigured MongoDB, given Vickery’s expertise on unsecured databases.

“Open source continues to be a critical source of innovation to many organisations,” suggested Paul Calatayud, CTO FireMon. “In this case, being used for motivations not so noble, the lesson to be learned here is that Mongo DB continues to be an easy exploit.”

Other said the discovery is a “rare window” into how mass spam campaigns operate.

“RCM’s apparent admission that they ran denial of service attacks against Gmail servers to trick them into accepting spam is very serious,” added Chris Doman, a security researcher at AlienVault. “They are talking about risking the stability of some of the internet’s core mail servers for profit. It’s bizarre these admissions are coming from chat logs that RCM themselves accidentally leaked.”

Quiz: Cybersecurity in 2016

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

6 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

9 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

10 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

11 hours ago