Security News: Spammers Plead Guilty, Company Forfeits $4.9 Million

Source: United States Department of Justice News

Assistant U. S. Attorneys Sabrina L. Fève (619) 546-6786 and Melanie Pierson 546-7976

NEWS RELEASE SUMMARY – June 10, 2022

SAN DIEGO – Three employees of the affiliate marketing platform Amobee pleaded guilty in federal court today to hijacking Internet Protocol (IP) addresses to send unsolicited commercial email messages, commonly known as “spam.”

The three employees, Jacob Bychak, Mark Manoogian, and Abdul Mohammed Qayyum, joined Daniel Dye and Vincent Tarney in pleading guilty to violating the federal CAN-SPAM statute for their involvement in misusing the stolen IP addresses to send spam.

The defendants’ employer, formerly known as both Adconion Direct Inc. and Frontline Direct (hereafter, “Adconion”), previously agreed to forfeit $4,939,526 as the fraudulent proceeds of a wire fraud conspiracy in which its employees hijacked more than 500,000 IP addresses to send over 10 billion commercial emails to people in the United States and elsewhere.

IP addresses are the beginning and ending points for sending data via the internet. A discrete bundle of IP addresses in numeric order is known as a range or block. In this case, the defendants pleaded guilty to using fraudulent Letters of Authorization (“LOAs”) to take control of large blocks of IP addresses registered to eleven different entities without the registrants’ knowledge or consent. As part of the fraudulent scheme, the defendants used email accounts set up to impersonate the IP blocks’ true registrants. In particular, the defendants used and created email addresses with the true registrants’ domain name (e.g., ect.net) to impersonate real and fictitious employees. They then emailed the fraudulent LOAs, which were written on fake letterheads and included forged signatures, from these imposter email accounts to various Internet hosting companies to falsely represent to the hosting companies that the true registrants authorized them to use the IP addresses.

All the IP blocks hijacked by the defendants were IPv4 addresses. Demand for a finite number of IPv4 addresses available has driven up their value over time. Between December 2010 and September 2014, when the defendants’ conduct occurred, a block of 65,534 IP addresses, referred to as a Class B block, was worth approximately $650,000. Today, it is worth as much as $3.3 million. Internet Service Providers like Yahoo and Google routinely employ filters to block spam from reaching a recipient’s inbox. Once an IP address is associated with spam, the filters typically block messages sent from that IP address. Spammers need a constant supply of fresh unblocked IP addresses to deliver the unwanted commercial email.

The defendants’ jobs with Adconion were to acquire fresh IP addresses and employ other measures to circumvent the spam filters. To conceal Adconion’s ties to the stolen IP addresses and the spam sent from these IP addresses, the defendants used a host of DBAs, virtual addresses, and fake names provided by the company. While defendants touted ties to well-known name brands, the email marketing campaigns associated with the hijacked IP addresses included advertisements such as “BigBeautifulWomen,” “iPhone4S Promos,” and “LatinLove[Cost-per-Click].”

Today’s guilty pleas arise from an October 2018 indictment for which trial began on May 23, 2022. Following opening statements, the trial was interrupted by the recent COVID surge and had yet to resume. In exchange for misdemeanor pleas, the defendants have each agreed to admit their involvement in the scheme, to undertake 100 hours of community service, and to pay a maximum $100,000 fine.

This case was investigated by the Federal Bureau of Investigation with assistance provided by the Internal Revenue Service and the Department of Justice’s Computer Crime and Intellectual Property Section.

“The defendants generated millions of dollars for their company by high-jacking hundreds of thousands of IP addresses, enabling them to illegally inundate consumers with over 10 billion email ads,” said U.S. Attorney Randy Grossman. ““This case was the first in the nation to charge violations of the CAN-SPAM Act’s provision against using hijacked IP addresses to send spam. We are committed to using all the tools at our disposal to protect the internet and everyone who depends on it.” Grossman thanked the prosecution team as well as the investigating agencies, the American Registry of Internet Numbers, Yahoo, The Spamhaus Project, and The National Cyber-Forensics and Training Alliance.

“These defendants spent years illegally sending billions of spam emails nationwide which made millions of dollars,” said FBI Special Agent in Charge Stacey Moy. “The FBI remains committed to pursuing these criminal conspiracies, no matter how long it takes, and holding them accountable in a court of law. I want to thank the United States Attorney’s Office for their ongoing support and partnership in bringing this case to an end.”

The defendants are scheduled to be sentenced on October 3, 2022, at 10:30 a.m. before U.S. District Judge Gonzalo P. Curiel.

DEFENDANTS                                             Case Number 18cr4683-GPC                                       

Jacob Bychak                          Age: 36                                   Carlsbad, CA

Mark Manoogian                    Age: 39                                   Carlsbad, CA

Abdul Mohammed Qayyum   Age: 40                                   Oceanside, CA

SUMMARY OF CHARGES

CAN-SPAM – Title 18, U.S.C., Section 1037(a)(5) and (b)(3)

Maximum penalty: One year in custody and $100,000 fine

AGENCIES

Federal Bureau of Investigation

Internal Revenue Service