1.4bn Emails Exposed As Huge Spam Operation Fails To Password Protect Documents

A database of 1.4 billion email accounts has seemingly been exposed on the web and its contents have also appeared to suggest a marketing agency deliberately exploited vulnerable email services, including Gmail, to send up to one billion items of spam a day.

MacKeeper Security researcher Chris Vickery came across a “suspicious” but exposed collection of files that were not password protected, and  discovered it belonged to an organisation called River City Media (RCM).

The documents not only revealed the vast number of email accounts but also IP addresses and even physical addresses.

Spammergate

“Chances are that you, or at least someone you know, is affected,” noted Vickery, who said RCM posed as a legitimate marketing agency led by “known spammers” Alvin Slocombe and Matt Ferris.

Upon inspection of the chat logs, Vickery saw the perpetators admitted to targeting vulnerable servers using a type of ‘slowloris’ attack.

This involved the spammers configuring their own systems to send packets at a slow rate while requesting more connections before sending through a large quantity of emails before the receiving server blocked the sender.

Spamhaus has now blocked the entire of the RCM infrastructure, potentially bringing down a huge spam network, while Microsoft, Apple and others have been informed of other methods used by RCM.

As for how the database was collected, Vickery speculates it was partly compiled by users ticking ‘I agree’ boxes on web forms that give permission for a company “and its affiliates” to send marketing emails. In this case, one of the affiliates was RCM.

Implications

“The natural response is to question whether the data set is real,” added Vickery. “That was my initial reaction. I’m still struggling with the best software solution to handle such a voluminous collection, but I have looked up several people that I know and the entries are accurate.

“The only saving grace is that some are outdated by a few years and the subject no longer lives at the same location.

“Details of the even more abusive scripts and techniques have been forwarded on to Microsoft, Apple, and others. Law enforcement have also been notified and, while we are prohibited from saying too much, they are indeed interested in the matter.”

Other security industry figures have speculated the attack could be the result of a misconfigured MongoDB, given Vickery’s expertise on unsecured databases.

“Open source continues to be a critical source of innovation to many organisations,” suggested Paul Calatayud, CTO FireMon. “In this case, being used for motivations not so noble, the lesson to be learned here is that Mongo DB continues to be an easy exploit.”

Other said the discovery is a “rare window” into how mass spam campaigns operate.

“RCM’s apparent admission that they ran denial of service attacks against Gmail servers to trick them into accepting spam is very serious,” added Chris Doman, a security researcher at AlienVault. “They are talking about risking the stability of some of the internet’s core mail servers for profit. It’s bizarre these admissions are coming from chat logs that RCM themselves accidentally leaked.”

Quiz: Cybersecurity in 2016

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago